Browse code

correction player name check

devnewton authored on 20/02/2012 at 22:07:21
Showing 2 changed files
... ...
@@ -1,5 +1,6 @@
1 1
 from django.db import models
2 2
 from django.conf import settings
3
+from django.utils.encoding import smart_str    
3 4
 
4 5
 class Game(models.Model):
5 6
     slug = models.SlugField(max_length=80, unique=True)
... ...
@@ -9,7 +10,7 @@ class Game(models.Model):
9 9
         return self.name
10 10
     @models.permalink
11 11
     def get_absolute_url(self):
12
-        return ('scorekeeper.views.game_detail', [str(self.slug)])
12
+        return ('scorekeeper.views.game_detail', [smart_str(self.slug)])
13 13
     
14 14
 class Level(models.Model):
15 15
     slug = models.SlugField(max_length=80, unique=True)
... ...
@@ -19,7 +20,7 @@ class Level(models.Model):
19 19
         return self.name
20 20
     @models.permalink
21 21
     def get_absolute_url(self):
22
-        return ('scorekeeper.views.level_detail', [str(self.slug)])
22
+        return ('scorekeeper.views.level_detail', [smart_str(self.slug)])
23 23
     def sorted_scores(self):
24 24
         return self.score_set.all().order_by('-score')
25 25
     def cleanup(self):
... ...
@@ -33,7 +34,7 @@ class Player(models.Model):
33 33
     registered = models.BooleanField(default=False)
34 34
     @models.permalink
35 35
     def get_absolute_url(self):
36
-        return ('scorekeeper.views.player_detail', [str(self.slug)])
36
+        return ('scorekeeper.views.player_detail', [smart_str(self.slug)])
37 37
     def __unicode__(self):
38 38
         return self.slug
39 39
     def sorted_scores(self):
... ...
@@ -48,4 +49,4 @@ class Score(models.Model):
48 48
     level = models.ForeignKey(Level)
49 49
     score = models.IntegerField()
50 50
     def __unicode__(self):
51
-        return self.level.name + ': ' + self.player.slug + ' = ' + str(self.score )    
51
+        return self.level.name + ': ' + self.player.slug + ' = ' + smart_str(self.score )    
... ...
@@ -2,6 +2,7 @@ from django.http import HttpResponse
2 2
 from django.template import RequestContext, loader
3 3
 from django.views.generic import list_detail
4 4
 from scorekeeper.models import Game, Level, Player, Score
5
+import re
5 6
 
6 7
 def index(request):
7 8
     games = Game.objects.all().order_by('-name')
... ...
@@ -20,10 +21,18 @@ def level_detail(request, level_slug):
20 20
 def player_detail(request, player_slug):
21 21
     return list_detail.object_detail( request, queryset= Player.objects.all(), slug=player_slug, slug_field='slug', template_name='scorekeeper/templates/player_detail.html'  )
22 22
 
23
+check_slug_re = re.compile(r'^[-\w]+$')
24
+def checkSlug(s):
25
+    return check_slug_re.search(s)
26
+
23 27
 def score(request):
24 28
     #create or update score
25 29
     level = Level.objects.get(slug=request.REQUEST['level'])
26
-    player, isNewPlayer = Player.objects.get_or_create(slug=request.REQUEST['player'], defaults={'secret':request.REQUEST['secret']})
30
+    playerName = request.REQUEST['player']
31
+    if not checkSlug(playerName):
32
+        return HttpResponse("player name must contain only letters, numbers, underscores or hyphens")
33
+        
34
+    player, isNewPlayer = Player.objects.get_or_create(slug=playerName, defaults={'secret':request.REQUEST['secret']})
27 35
     if not isNewPlayer and player.secret != request.REQUEST['secret']:
28 36
         return HttpResponse("invalid player secret")
29 37
     score, isNewScore = Score.objects.get_or_create( level = level, player = player, defaults={'score':request.REQUEST['score']} )