Browse code

correction player name check

devnewton authored on 20/02/2012 22:07:21
Showing 2 changed files
... ...
@@ -1,5 +1,6 @@
1 1
 from django.db import models
2 2
 from django.conf import settings
3
+from django.utils.encoding import smart_str    
3 4
 
4 5
 class Game(models.Model):
5 6
     slug = models.SlugField(max_length=80, unique=True)
... ...
@@ -9,7 +10,7 @@ class Game(models.Model):
9 10
         return self.name
10 11
     @models.permalink
11 12
     def get_absolute_url(self):
12
-        return ('scorekeeper.views.game_detail', [str(self.slug)])
13
+        return ('scorekeeper.views.game_detail', [smart_str(self.slug)])
13 14
     
14 15
 class Level(models.Model):
15 16
     slug = models.SlugField(max_length=80, unique=True)
... ...
@@ -19,7 +20,7 @@ class Level(models.Model):
19 20
         return self.name
20 21
     @models.permalink
21 22
     def get_absolute_url(self):
22
-        return ('scorekeeper.views.level_detail', [str(self.slug)])
23
+        return ('scorekeeper.views.level_detail', [smart_str(self.slug)])
23 24
     def sorted_scores(self):
24 25
         return self.score_set.all().order_by('-score')
25 26
     def cleanup(self):
... ...
@@ -33,7 +34,7 @@ class Player(models.Model):
33 34
     registered = models.BooleanField(default=False)
34 35
     @models.permalink
35 36
     def get_absolute_url(self):
36
-        return ('scorekeeper.views.player_detail', [str(self.slug)])
37
+        return ('scorekeeper.views.player_detail', [smart_str(self.slug)])
37 38
     def __unicode__(self):
38 39
         return self.slug
39 40
     def sorted_scores(self):
... ...
@@ -48,4 +49,4 @@ class Score(models.Model):
48 49
     level = models.ForeignKey(Level)
49 50
     score = models.IntegerField()
50 51
     def __unicode__(self):
51
-        return self.level.name + ': ' + self.player.slug + ' = ' + str(self.score )    
52
+        return self.level.name + ': ' + self.player.slug + ' = ' + smart_str(self.score )    
... ...
@@ -2,6 +2,7 @@ from django.http import HttpResponse
2 2
 from django.template import RequestContext, loader
3 3
 from django.views.generic import list_detail
4 4
 from scorekeeper.models import Game, Level, Player, Score
5
+import re
5 6
 
6 7
 def index(request):
7 8
     games = Game.objects.all().order_by('-name')
... ...
@@ -20,10 +21,18 @@ def level_detail(request, level_slug):
20 21
 def player_detail(request, player_slug):
21 22
     return list_detail.object_detail( request, queryset= Player.objects.all(), slug=player_slug, slug_field='slug', template_name='scorekeeper/templates/player_detail.html'  )
22 23
 
24
+check_slug_re = re.compile(r'^[-\w]+$')
25
+def checkSlug(s):
26
+    return check_slug_re.search(s)
27
+
23 28
 def score(request):
24 29
     #create or update score
25 30
     level = Level.objects.get(slug=request.REQUEST['level'])
26
-    player, isNewPlayer = Player.objects.get_or_create(slug=request.REQUEST['player'], defaults={'secret':request.REQUEST['secret']})
31
+    playerName = request.REQUEST['player']
32
+    if not checkSlug(playerName):
33
+        return HttpResponse("player name must contain only letters, numbers, underscores or hyphens")
34
+        
35
+    player, isNewPlayer = Player.objects.get_or_create(slug=playerName, defaults={'secret':request.REQUEST['secret']})
27 36
     if not isNewPlayer and player.secret != request.REQUEST['secret']:
28 37
         return HttpResponse("invalid player secret")
29 38
     score, isNewScore = Score.objects.get_or_create( level = level, player = player, defaults={'score':request.REQUEST['score']} )