From 23df89cf319f05cbad4cb769c05c5699fe9d3f4a Mon Sep 17 00:00:00 2001
From: Sam Wenham <sam@wenhams.co.uk>
Date: Sun, 14 Apr 2019 22:45:31 +0100
Subject: [PATCH] Fix CSRF issues in svx form Set date formats Add DataIssue
model and add errors to it to allow us to give people a list of stuff to fix
---
core/admin.py | 1 +
core/models.py | 8 ++++++++
core/views_logbooks.py | 2 +-
core/views_survex.py | 4 +++-
parsers/caves.py | 21 +++++++++++++--------
parsers/logbooks.py | 6 ++++++
templates/logbookentry.html | 8 ++++----
templates/svxfile.html | 2 +-
8 files changed, 37 insertions(+), 15 deletions(-)
diff --git a/core/admin.py b/core/admin.py
index 59c93f2..71bbd61 100644
--- a/core/admin.py
+++ b/core/admin.py
@@ -139,6 +139,7 @@ admin.site.register(SurvexStation)
admin.site.register(SurvexScansFolder)
admin.site.register(SurvexScanSingle)
+admin.site.register(DataIssue)
def export_as_json(modeladmin, request, queryset):
response = HttpResponse(content_type="text/json")
diff --git a/core/models.py b/core/models.py
index d978eaa..195d38f 100644
--- a/core/models.py
+++ b/core/models.py
@@ -870,3 +870,11 @@ class Survey(TroggleModel):
def elevations(self):
return self.scannedimage_set.filter(contents='elevation')
+
+class DataIssue(TroggleModel):
+ date = models.DateTimeField(auto_now_add=True, blank=True)
+ parser = models.CharField(max_length=50, blank=True, null=True)
+ message = models.CharField(max_length=400, blank=True, null=True)
+
+ def __unicode__(self):
+ return u"%s - %s" % (self.parser, self.message)
diff --git a/core/views_logbooks.py b/core/views_logbooks.py
index b8069da..1bc709c 100644
--- a/core/views_logbooks.py
+++ b/core/views_logbooks.py
@@ -54,7 +54,7 @@ def personindex(request):
if person.bisnotable():
notablepersons.append(person)
- return render(request,'personindex.html', {'persons': persons, 'personss':personss, 'notablepersons':notablepersons, })
+ return render(request,'personindex.html', {'persons': persons, 'personss':personss, 'notablepersons':notablepersons})
def expedition(request, expeditionname):
diff --git a/core/views_survex.py b/core/views_survex.py
index a0f4637..1e6c1bf 100644
--- a/core/views_survex.py
+++ b/core/views_survex.py
@@ -1,6 +1,7 @@
from django import forms
from django.http import HttpResponseRedirect, HttpResponse
-from django.shortcuts import render_to_response
+from django.shortcuts import render_to_response, render
+from django.core.context_processors import csrf
from django.http import HttpResponse, Http404
import re
import os
@@ -172,6 +173,7 @@ def svx(request, survex_file):
'difflist': difflist,
'logmessage':logmessage,
'form':form}
+ vmap.update(csrf(request))
if outputtype == "ajax":
return render_to_response('svxfiledifflistonly.html', vmap)
return render_to_response('svxfile.html', vmap)
diff --git a/parsers/caves.py b/parsers/caves.py
index ba1c358..2c28365 100644
--- a/parsers/caves.py
+++ b/parsers/caves.py
@@ -6,10 +6,10 @@ import re
def readcaves():
- newArea = models.Area(short_name = "1623", parent = None)
- newArea.save()
- newArea = models.Area(short_name = "1626", parent = None)
- newArea.save()
+ area_1623 = models.Area(short_name = "1623", parent = None)
+ area_1623.save()
+ area_1626 = models.Area(short_name = "1626", parent = None)
+ area_1626.save()
print("Reading Entrances")
#print "list of <Slug> <Filename>"
for filename in os.walk(settings.ENTRANCEDESCRIPTIONS).next()[2]: #Should be a better way of getting a list of files
@@ -171,11 +171,16 @@ def readcave(filename):
def getXML(text, itemname, minItems = 1, maxItems = None, printwarnings = True, context = ""):
items = re.findall("<%(itemname)s>(.*?)</%(itemname)s>" % {"itemname": itemname}, text, re.S)
if len(items) < minItems and printwarnings:
- print("%(count)i %(itemname)s found, at least %(min)i expected" % {"count": len(items),
+ message = "%(count)i %(itemname)s found, at least %(min)i expected" % {"count": len(items),
"itemname": itemname,
- "min": minItems} + context)
+ "min": minItems} + context
+ models.DataIssue.objects.create(parser='caves', message=message)
+ print(message)
+
if maxItems is not None and len(items) > maxItems and printwarnings:
- print("%(count)i %(itemname)s found, no more than %(max)i expected" % {"count": len(items),
+ message = "%(count)i %(itemname)s found, no more than %(max)i expected" % {"count": len(items),
"itemname": itemname,
- "max": maxItems} + context)
+ "max": maxItems} + context
+ models.DataIssue.objects.create(parser='caves', message=message)
+ print(message)
return items
diff --git a/parsers/logbooks.py b/parsers/logbooks.py
index 2d1875a..bf6081f 100644
--- a/parsers/logbooks.py
+++ b/parsers/logbooks.py
@@ -7,6 +7,8 @@ from parsers.people import GetPersonExpeditionNameLookup
from parsers.cavetab import GetCaveLookup
from django.template.defaultfilters import slugify
+from django.utils.timezone import get_current_timezone
+from django.utils.timezone import make_aware
import csv
import re
@@ -36,6 +38,8 @@ def GetTripPersons(trippeople, expedition, logtime_underground):
personyear = GetPersonExpeditionNameLookup(expedition).get(tripperson.lower())
if not personyear:
print(" - No name match for: '%s'" % tripperson)
+ message = "No name match for: '%s' in year '%s'" % (tripperson, expedition.year)
+ models.DataIssue.objects.create(parser='logbooks', message=message)
res.append((personyear, logtime_underground))
if mul:
author = personyear
@@ -79,6 +83,8 @@ def EnterLogIntoDbase(date, place, title, text, trippeople, expedition, logtime_
trippersons, author = GetTripPersons(trippeople, expedition, logtime_underground)
if not author:
print(" - Skipping logentry: " + title + " - no author for entry")
+ message = "Skipping logentry: %s - no author for entry in year '%s'" % (title, expedition.year)
+ models.DataIssue.objects.create(parser='logbooks', message=message)
return
#tripCave = GetTripCave(place)
diff --git a/templates/logbookentry.html b/templates/logbookentry.html
index 5c8c341..5691c4e 100644
--- a/templates/logbookentry.html
+++ b/templates/logbookentry.html
@@ -20,10 +20,10 @@
<p>
{% if logbookentry.get_previous_by_date %}
- <a href="{{ logbookentry.get_previous_by_date.get_absolute_url }}">{{logbookentry.get_previous_by_date.date}}</a>
+ <a href="{{ logbookentry.get_previous_by_date.get_absolute_url }}">{{logbookentry.get_previous_by_date.date|date:"D d M Y"}}</a>
{% endif %}
{% if logbookentry.get_next_by_date %}
- <a href="{{ logbookentry.get_next_by_date.get_absolute_url }}">{{logbookentry.get_next_by_date.date}}</a>
+ <a href="{{ logbookentry.get_next_by_date.get_absolute_url }}">{{logbookentry.get_next_by_date.date|date:"D d M Y"}}</a>
{% endif %}
</p>
@@ -47,12 +47,12 @@
<td>
{% if persontrip.persontrip_prev %}
- <a href="{{ persontrip.persontrip_prev.logbook_entry.get_absolute_url }}">{{persontrip.persontrip_prev.logbook_entry.date}}</a>
+ <a href="{{ persontrip.persontrip_prev.logbook_entry.get_absolute_url }}">{{persontrip.persontrip_prev.logbook_entry.date|date:"D d M Y"}}</a>
{% endif %}
</td>
<td>
{% if persontrip.persontrip_next %}
- <a href="{{ persontrip.persontrip_next.logbook_entry.get_absolute_url }}">{{persontrip.persontrip_next.logbook_entry.date}}</a>
+ <a href="{{ persontrip.persontrip_next.logbook_entry.get_absolute_url }}">{{persontrip.persontrip_next.logbook_entry.date|date:"D d M Y"}}</a>
{% endif %}
</td>
diff --git a/templates/svxfile.html b/templates/svxfile.html
index e1ed097..b92f067 100644
--- a/templates/svxfile.html
+++ b/templates/svxfile.html
@@ -46,7 +46,7 @@ $(document).ready(function()
</p>
{% endif %}
-<form id="codewikiform" action="" method="POST">
+<form id="codewikiform" action="" method="POST">{% csrf_token %}
<div class="codeframebit">{{form.code}}</div>
<div style="display:none">{{form.filename}} {{form.dirname}} {{form.datetime}} {{form.outputtype}}</div>
<input type="submit" name="diff" value="Diffy" />