问题描述
我已经用自己的
{% load comments i18n %}
<form action="{% comment_form_target %}" method="post">{% csrf_token %}
<div><input type="hidden" name="next" value="{{ request.get_full_path }}" /></div>
{% for field in form %}
{% if field.is_hidden %}
<div>{{ field }}</div>
{% else %}
{% if field.name != "name" and field.name != "url" and field.name != "email" %}
{% if field.errors %}{{ field.errors }}{% endif %}
<p
{% if field.errors %} class="error"{% endif %}
{% ifequal field.name "honeypot" %} style="display:none;"{% endifequal %}
>
{{ field.label_tag }}<br />
{{ field }}
</p>
{% endif %}
{% endif %}
{% endfor %}
<p class="submit">
<input type="submit" name="post" class="submit-post" value="{% trans "Post" %}" />
</p>
</form>
它几乎只会渲染所需的隐藏字段(用于安全)和注释字段。所有 comment.user
被自动设置为当前登录的用户 request.user
。以下是呈现的HTML:
It pretty much only renders the needed hidden fields (for security) and the comments field. All comment.user
is automatically set as the current logged in user request.user
. Here is the rendered HTML:
<form action="/comments/post/" method="post"><div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='bd05094c2e3ba80e1fbec8a4237b132c' /></div>
<div><input type="hidden" name="next" value="/doors/orders/1/" /></div>
<div><input type="hidden" name="content_type" value="doors.order" id="id_content_type" /></div>
<div><input type="hidden" name="object_pk" value="1" id="id_object_pk" /></div>
<div><input type="hidden" name="timestamp" value="1333125894" id="id_timestamp" /></div>
<div><input type="hidden" name="security_hash" value="c6791aafdd682cd8db5595681073c9a21c5fe7dd" id="id_security_hash" /></div>
<p>
<label for="id_comment">Comment</label><br />
<textarea id="id_comment" rows="10" cols="40" name="comment"></textarea>
</p>
<p style="display:none;" >
<label for="id_honeypot">If you enter anything in this field your comment will be treated as spam</label><br />
<input type="text" name="honeypot" id="id_honeypot" />
</p>
<p class="submit">
<input type="submit" name="post" class="submit-post" value="Post" />
</p>
</form>
问题是我注意到,如果登录的用户没有电子邮件,那么评论去 preview.html
(我没有覆盖)。以下是截图:
The problem is I noticed that if the logged in user doesn't have an email, then the comments goes to preview.html
(which I haven't overridden). Here is the screenshot:
这是一个安全问题,因为它允许有人在发布之前更改其名称而不是使用登录的用户名(当我列出注释时,我使用 comment.user.get_full_name
而不是 comment.name
,所以这不是一个问题,但仍然可能会混淆,比如管理页面)。
This is a security issue since it allows someone to change their name instead of using the logged in user's name before posting (when I list the comments, I use comment.user.get_full_name
instead of comment.name
so it's not an issue there, but it could still be confusing in, say, the admin page).
所以我的问题是:
- 如何让没有电子邮件的用户发表评论? / li>
- 如何不允许表单转到
preview.html
? - 我的代码和设计是否真的很好?
- How do I allow users with no email to comment?
- How do I not allow the form to go to
preview.html
? - Is my code and design so far good?
推荐答案
可以使用文档来创建一个可以处理的自定义应用程序评论框架的意见。您应该在设置文件中设置 COMMENTS_APP ='my_comment_app'
,并在应用程序的$ $中指定一个 get_form()
c $ c> __ init __。py 它应该返回你的自定义窗体。
Well, you can use the customization documentation to create a custom app that handles comments from comments framework. You should set COMMENTS_APP = 'my_comment_app'
in your settings file and specify a get_form()
method in your app's __init__.py
which should return your custom form.
自定义表单应该基于 contrib.comments.forms.CommentForm
,应该是这样的: / p>
The custom form should be based on contrib.comments.forms.CommentForm
and should look something like that:
class CustomForm(comment_forms.CommentForm):
def __init__(*args, **kwargs):
super(CustomFors, self).__init__(*args, **kwargs)
self.fields["email"].required = False
preview.html
因为表单包含错误(emai是必需的,但用户没有它,所以不是填充)。如果没有错误 - 预览将不会显示。
preview.html
is rendered because the form contains errors (emai is required, but user doesn't have it and so it's not populated). If there are no errors - preview won't be shown.
这篇关于没有电子邮件的用户不能使用Django的评论框架发表评论的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!