Merge pull request #553 from liangliangyy/dev

修复部分代码漏洞
liangliangyy · Feb 14, 2022 · 6512ab7 · 6512ab7
2 parents e371090 + f4d7f9e
commit 6512ab7
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 3 deletions.
diff --git a/accounts/views.py b/accounts/views.py
@@ -153,8 +153,8 @@ def account_result(request):
     if type and type in ['register', 'validation']:
         if type == 'register':
             content = '''
-    恭喜您注册成功，一封验证邮件已经发送到您 {email} 的邮箱，请验证您的邮箱后登录本站。
-    '''.format(email=user.email)
+    恭喜您注册成功，一封验证邮件已经发送到您的邮箱，请验证您的邮箱后登录本站。
+    '''
             title = '注册成功'
         else:
             c_sign = get_sha256(get_sha256(settings.SECRET_KEY + str(user.id)))

diff --git a/comments/urls.py b/comments/urls.py
@@ -4,7 +4,6 @@
 
 app_name = "comments"
 urlpatterns = [
-    # url(r'^po456stcomment/(?P<article_id>\d+)$', views.CommentPostView.as_view(), name='postcomment'),
     path(
         'article/<int:article_id>/postcomment',
         views.CommentPostView.as_view(),

diff --git a/comments/views.py b/comments/views.py
@@ -1,4 +1,5 @@
 # Create your views here.
+from django.core.exceptions import ValidationError
 from django.http import HttpResponseRedirect
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_protect
@@ -40,6 +41,8 @@ def form_valid(self, form):
         article_id = self.kwargs['article_id']
         article = Article.objects.get(pk=article_id)
 
+        if article.comment_status == 'c' or article.status == 'c':
+            raise ValidationError("该文章评论已关闭.")
         comment = form.save(False)
         comment.article = article