Store 'safe_mode' attribute on news model

This lets us identify old news items that need to allow HTML through the markdown parser. For all new news items, we will disallow raw HTML. Signed-off-by: Dan McGee <dan@archlinux.org>
author: Dan McGee <dan@archlinux.org> 2012-10-31 00:56:52 -0500
committer: Dan McGee <dan@archlinux.org> 2012-10-31 00:58:21 -0500
commit: 4122e97f7aa5ebb919c2afc88a3e548a2ab1e2aa (patch)
tree: 1d853cdcc373f767e398c2509d2571a19e229a8a
parent: ce5b0b2c5c10a3c840fd8aaa696ec2b8f403dc5b (diff)
download: archweb-4122e97f7aa5ebb919c2afc88a3e548a2ab1e2aa.tar.gz
archweb-4122e97f7aa5ebb919c2afc88a3e548a2ab1e2aa.zip
3 files changed, 143 insertions, 1 deletions
diff --git a/news/migrations/0011_auto__add_field_news_safe_mode.py b/news/migrations/0011_auto__add_field_news_safe_mode.py
new file mode 100644
index 00000000..565c7adb
--- /dev/null
+++ b/news/migrations/0011_auto__add_field_news_safe_mode.py
@@ -0,0 +1,68 @@
+# -*- coding: utf-8 -*-
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+    def forwards(self, orm):
+        db.add_column('news', 'safe_mode',
+                      self.gf('django.db.models.fields.BooleanField')(default=True),
+                      keep_default=True)
+
+    def backwards(self, orm):
+        db.delete_column('news', 'safe_mode')
+
+    models = {
+        'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        'auth.permission': {
+            'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        'auth.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        },
+        'news.news': {
+            'Meta': {'ordering': "('-postdate',)", 'object_name': 'News', 'db_table': "'news'"},
+            'author': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'news_author'", 'on_delete': 'models.PROTECT', 'to': "orm['auth.User']"}),
+            'content': ('django.db.models.fields.TextField', [], {}),
+            'guid': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'last_modified': ('django.db.models.fields.DateTimeField', [], {'db_index': 'True'}),
+            'postdate': ('django.db.models.fields.DateTimeField', [], {'db_index': 'True'}),
+            'safe_mode': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'slug': ('django.db.models.fields.SlugField', [], {'unique': 'True', 'max_length': '255'}),
+            'title': ('django.db.models.fields.CharField', [], {'max_length': '255'})
+        }
+    }
+
+    complete_apps = ['news']
diff --git a/news/migrations/0012_mark_old_news_safe_exempt.py b/news/migrations/0012_mark_old_news_safe_exempt.py
new file mode 100644
index 00000000..b2661cd8
--- /dev/null
+++ b/news/migrations/0012_mark_old_news_safe_exempt.py
@@ -0,0 +1,73 @@
+# -*- coding: utf-8 -*-
+import markdown
+
+from south.db import db
+from south.v2 import DataMigration
+from django.db import models
+
+class Migration(DataMigration):
+
+    def forwards(self, orm):
+        md = markdown.Markdown(safe_mode=True, enable_attributes=False)
+        magic = md.html_replacement_text
+        items = orm.News.objects.all()
+        has_html = [item.pk for item in items if magic in md.convert(item.content)]
+        for pk in has_html:
+            orm.News.objects.filter(pk=pk).update(safe_mode=False)
+
+    def backwards(self, orm):
+        orm.News.objects.all().update(safe_mode=True)
+
+    models = {
+        'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        'auth.permission': {
+            'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        'auth.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        },
+        'news.news': {
+            'Meta': {'ordering': "('-postdate',)", 'object_name': 'News', 'db_table': "'news'"},
+            'author': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'news_author'", 'on_delete': 'models.PROTECT', 'to': "orm['auth.User']"}),
+            'content': ('django.db.models.fields.TextField', [], {}),
+            'guid': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
+            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'last_modified': ('django.db.models.fields.DateTimeField', [], {'db_index': 'True'}),
+            'postdate': ('django.db.models.fields.DateTimeField', [], {'db_index': 'True'}),
+            'safe_mode': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'slug': ('django.db.models.fields.SlugField', [], {'unique': 'True', 'max_length': '255'}),
+            'title': ('django.db.models.fields.CharField', [], {'max_length': '255'})
+        }
+    }
+
+    complete_apps = ['news']
+    symmetrical = True
diff --git a/news/models.py b/news/models.py
index 55d36318..42adc199 100644
--- a/news/models.py
+++ b/news/models.py
@@ -16,13 +16,14 @@ class News(models.Model):
     title = models.CharField(max_length=255)
     guid = models.CharField(max_length=255, editable=False)
     content = models.TextField()
+    safe_mode = models.BooleanField(default=True, editable=False)
 
     def get_absolute_url(self):
         return '/news/%s/' % self.slug
 
     def html(self):
         return mark_safe(markdown.markdown(
-            self.content, safe_mode=False, enable_attributes=False))
+            self.content, safe_mode=self.safe_mode, enable_attributes=False))
 
     def __unicode__(self):
         return self.title
author	Dan McGee <dan@archlinux.org>	2012-10-31 00:56:52 -0500
committer	Dan McGee <dan@archlinux.org>	2012-10-31 00:58:21 -0500
commit	4122e97f7aa5ebb919c2afc88a3e548a2ab1e2aa (patch)
tree	1d853cdcc373f767e398c2509d2571a19e229a8a
parent	ce5b0b2c5c10a3c840fd8aaa696ec2b8f403dc5b (diff)
download	archweb-4122e97f7aa5ebb919c2afc88a3e548a2ab1e2aa.tar.gz archweb-4122e97f7aa5ebb919c2afc88a3e548a2ab1e2aa.zip