[ckan-changes] commit/ckan: dread: [controllers]: #1187 Stop spam users. No revisions for users.

Bitbucket commits-noreply at bitbucket.org
Wed Jun 15 13:10:41 UTC 2011 

1 new changeset in ckan:

http://bitbucket.org/okfn/ckan/changeset/795ccd6405ba/
changeset:   795ccd6405ba
branch:      release-v1.4.1
user:        dread
date:        2011-06-15 15:10:30
summary:     [controllers]: #1187 Stop spam users. No revisions for users.
affected #:  2 files (1.5 KB)

--- a/ckan/controllers/user.py	Wed Jun 15 13:10:21 2011 +0100
+++ b/ckan/controllers/user.py	Wed Jun 15 14:10:30 2011 +0100
@@ -141,10 +141,15 @@
             c.user_email = request.params.getone('email')
         elif 'save' in request.params:
             try:
-                rev = model.repo.new_revision()
-                rev.author = c.author
-                rev.message = _(u'Changed user details')
-                user.about = request.params.getone('about')
+                about = request.params.getone('about')
+                if 'http://' in about or 'https://' in about:
+                    msg = _('Edit not allowed as it looks like spam. Please avoid links in your description.')
+                    h.flash_error(msg)
+                    c.user_about = about
+                    c.user_fullname = request.params.getone('fullname')
+                    c.user_email = request.params.getone('email')
+                    return render('user/edit.html')
+                user.about = about
                 user.fullname = request.params.getone('fullname')
                 user.email = request.params.getone('email')
                 try:


--- a/ckan/tests/functional/test_user.py	Wed Jun 15 13:10:21 2011 +0100
+++ b/ckan/tests/functional/test_user.py	Wed Jun 15 14:10:30 2011 +0100
@@ -216,6 +216,32 @@
         main_res = self.main_div(res)
         assert new_about in main_res, main_res
 
+    def test_edit_spammer(self):
+        # create user
+        username = 'testeditspam'
+        about = u'Test About <a href="http://spamsite.net">spamsite</a>'
+        user = model.User.by_name(unicode(username))
+        if not user:
+            model.Session.add(model.User(name=unicode(username), about=about,
+                                         password='letmein'))
+            model.repo.commit_and_remove()
+            user = model.User.by_name(unicode(username))
+
+        # edit
+        offset = url_for(controller='user', action='edit', id=user.id)
+        res = self.app.get(offset, status=200, extra_environ={'REMOTE_USER':username})
+        main_res = self.main_div(res)
+        assert 'Edit User: ' in main_res, main_res
+        assert 'Test About <a href="http://spamsite.net">spamsite</a>' in main_res, main_res
+        fv = res.forms['user-edit']
+        res = fv.submit('preview', extra_environ={'REMOTE_USER':username})
+        # commit
+        res = fv.submit('save', extra_environ={'REMOTE_USER':username})      
+        assert res.status == 200, res.status
+        main_res = self.main_div(res)
+        assert 'looks like spam' in main_res, main_res
+        assert 'Edit User: ' in main_res, main_res
+
 
     ############
     # Disabled

Repository URL: https://bitbucket.org/okfn/ckan/

--

This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.

More information about the ckan-changes mailing list