From: Emily O'Leary <Emma.C.Echo@gmail.com>
Date: Tue, 6 Aug 2013 22:22:51 +0000 (-0400)
Subject: Changed how the comment was encoded/read.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=3bd62dc4ca4fb12c772729bbb9dd6a78c3c08e48;p=mediagoblin.git

Changed how the comment was encoded/read.
Fixed CSRF + Post with comment preview.
Merged with latest master
---

diff --git a/mediagoblin/static/js/comment_show.js b/mediagoblin/static/js/comment_show.js
index 35183beb..42a21817 100644
--- a/mediagoblin/static/js/comment_show.js
+++ b/mediagoblin/static/js/comment_show.js
@@ -18,21 +18,22 @@
 var content="";
 
 function previewComment(){
-	if ($('#comment_content').val() && (content != $('#comment_content').val())) {
-		content = $('#comment_content').val();
-		$.getJSON($('#previewURL').val(),JSON.stringify($('#comment_content').val()),
-		function(data){
-			$('#comment_preview').replaceWith("<div id=comment_preview><h3>{% trans -%}Comment Preview{%- endtrans %}</h3><br />" + decodeURIComponent(data) + 
-			"<hr style='border: 1px solid #333;' /></div>");
-		});
-	}
+    if ($('#comment_content').val() && (content != $('#comment_content').val())) {
+        content = $('#comment_content').val();
+        $.post($('#previewURL').val(),$('#form_comment').serialize(),
+        function(data){
+            preview = JSON.parse(data)
+            $('#comment_preview').replaceWith("<div id=comment_preview><h3>" + $('#previewText').val() +"</h3><br />" + preview.content + 
+            "<hr style='border: 1px solid #333;' /></div>");
+        });
+    }
 }
 $(document).ready(function(){
   $('#form_comment').hide();
   $('#button_addcomment').click(function(){
     $(this).fadeOut('fast');
     $('#form_comment').slideDown(function(){
-	setInterval("previewComment()",500);
+    setInterval("previewComment()",500);
         $('#comment_content').focus();
     });
   });
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html
index 39a5eec5..3acd8356 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@@ -108,6 +108,7 @@
               {{ csrf_token }}
           </div>
           <input type="hidden" value="{{ request.urlgen('mediagoblin.user_pages.media_preview_comment') }}" id="previewURL" />
+          <input type="hidden" value="{% trans %}Comment Preview{% endtrans %}" id="previewText"/>
         </form>
 	<div id="comment_preview"></div>
       {% endif %}
diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py
index 2bc56fd5..2e613697 100644
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@@ -17,7 +17,6 @@
 import logging
 import datetime
 import json
-import urllib
 
 from mediagoblin import messages, mg_globals
 from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
@@ -199,15 +198,11 @@ def media_post_comment(request, media):
 
 
 def media_preview_comment(request):
+    """Runs a comment through markdown so it can be previewed."""
+    comment = unicode(request.form['comment_content'])
+    cleancomment = { "content":cleaned_markdown_conversion(comment)}
 
-    comment = unicode(urllib.unquote(request.query_string).decode('string_escape'))
-    if comment.startswith('"') and comment.endswith('"'):
-        comment = comment[1:-1]
-    print comment
-    #decoderRing = json.JSONDecoder()
-   #comment = decoderRing.decode(request.query_string)
-
-    return Response(json.dumps(cleaned_markdown_conversion(comment)))
+    return Response(json.dumps(cleancomment))
 
 @get_media_entry_by_id
 @require_active_login