From a1863458539fab45a19f723e3b2db88aa39e2b92 Mon Sep 17 00:00:00 2001 From: JisanAR03 Date: Sat, 21 Oct 2023 17:29:13 +0600 Subject: [PATCH 1/5] Adding post coments deletion feature at issue2 page --- blt/urls.py | 2 ++ website/templates/comments2.html | 46 ++++++++++++++++++++++++++++---- website/views.py | 18 +++++++++++++ 3 files changed, 61 insertions(+), 5 deletions(-) diff --git a/blt/urls.py b/blt/urls.py index 63b794cf8..e9e40ef3f 100644 --- a/blt/urls.py +++ b/blt/urls.py @@ -312,6 +312,8 @@ path("issue//comment/", website.views.comment_on_issue, name="comment_on_issue"), # UPDATE COMMENT path("issue//comment/update//", website.views.update_comment, name="update_comment"), + # delete_comment + path("issue2/comment/delete/", website.views.delete_comment, name="delete_comment"), re_path(r"^issue/(?P\w+)/$", IssueView.as_view(), name="issue_view"), re_path(r"^issue2/(?P\w+)/$", IssueView2.as_view(), name="issue_view2"), re_path(r"^follow/(?P[^/]+)/", website.views.follow_user, name="follow_user"), diff --git a/website/templates/comments2.html b/website/templates/comments2.html index 27a6eafc4..c43f0aaab 100644 --- a/website/templates/comments2.html +++ b/website/templates/comments2.html @@ -80,8 +80,7 @@

Comments ({{ all_commen Edit
  • - Delete + Delete
  • Comments ({{ all_commen Edit
  • - Delete + Delete
  • Comments ({{ all_commen xhr.setRequestHeader("X-CSRFToken", csrftoken); // Set the CSRF token in the request header }, success: function (data) { - $('#comment_root').html(data); + $('#comment_root').replaceWith(data); document.querySelectorAll("[data-dropdown-toggle]").forEach((toggle) => { toggle.addEventListener("click", () => { const { dropdownToggle } = toggle.dataset; @@ -300,6 +298,44 @@

    Comments ({{ all_commen // Bind a new click event for the update_comment_btn $('#update_comment_btn').off('click').on('click', (e) => update_comment(e, comment_id)); }); + $('body').off('click', '.del_comment_issue2').on('click', '.del_comment_issue2', function (e) { + e.preventDefault(); + + // Store a reference to the clicked element + var clickedElement = $(this); + if (confirm("Delete this comment?") == true) { + var csrftoken = $("[name=csrfmiddlewaretoken]").val(); + + $.ajax({ + type: 'POST', + url: "/issue2/comment/delete/", + data: { + "comment_pk": clickedElement.attr('data-name'), + "issue_pk": '{{ object.pk|safe }}', + }, + beforeSend: function (xhr, settings) { + xhr.setRequestHeader("X-CSRFToken", csrftoken); // Set the CSRF token in the request header + }, + success: function (data) { + // Replace the content of #comment_root with the new data + $('#comment_root').replaceWith(data); + + document.querySelectorAll("[data-dropdown-toggle]").forEach((toggle) => { + toggle.addEventListener("click", () => { + const { dropdownToggle } = toggle.dataset; + const dropdown = document.getElementById(dropdownToggle); + dropdown.classList.toggle("hidden"); + dropdown.classList.toggle("block"); + dropdown.style.position = "absolute"; + dropdown.style.top = toggle.offsetTop + toggle.offsetHeight + "px"; + dropdown.style.left = toggle.offsetLeft - 50 + "px"; + + }); + }); + }, + }); + } + }); // refresh comments after x interval // function get_comments(){ // let issue_pk = '{{ object.pk|safe }}'; diff --git a/website/views.py b/website/views.py index 4e1676c7f..2aef79ae6 100644 --- a/website/views.py +++ b/website/views.py @@ -2047,6 +2047,24 @@ def update_comment(request, issue_pk, comment_pk): } return render(request, "comments2.html",context) +def delete_comment(request): + int_issue_pk = int(request.POST['issue_pk']) + issue = Issue.objects.get(pk=int_issue_pk) + if request.method == "POST": + all_comment = Comment.objects.filter(issue=issue) + comment = Comment.objects.get(pk=int(request.POST['comment_pk'])) + if request.user.username != comment.author: + return HttpResponse("You are not authorized to delete this comment") + try: + show = comment.parent.pk + except: + show = -1 + comment.delete() + context = { + "all_comment": Comment.objects.filter(issue__id=int_issue_pk).order_by("-created_date"), + "object": issue, + } + return render(request, "comments2.html", context) class CustomObtainAuthToken(ObtainAuthToken): def post(self, request, *args, **kwargs): response = super(CustomObtainAuthToken, self).post(request, *args, **kwargs) From 6df0a220ec8193b71ba20d7cf03c030d5519d319 Mon Sep 17 00:00:00 2001 From: JisanAR03 Date: Sun, 22 Oct 2023 14:08:24 +0600 Subject: [PATCH 2/5] security issue 9 fixed --- website/templates/issue2.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/templates/issue2.html b/website/templates/issue2.html index b47f6a010..606a20136 100644 --- a/website/templates/issue2.html +++ b/website/templates/issue2.html @@ -4,7 +4,7 @@ {% load custom_tags %} {% block head %} - + {% endblock %} {% block natural_content %} From eb361facf86ff9fdb0033bf84a48642ef6f1645e Mon Sep 17 00:00:00 2001 From: JisanAR03 Date: Sun, 22 Oct 2023 15:37:04 +0600 Subject: [PATCH 3/5] remove extra --- blt/urls.py | 2 -- website/templates/comments2.html | 46 ++++---------------------------- website/views.py | 18 ------------- 3 files changed, 5 insertions(+), 61 deletions(-) diff --git a/blt/urls.py b/blt/urls.py index e9e40ef3f..63b794cf8 100644 --- a/blt/urls.py +++ b/blt/urls.py @@ -312,8 +312,6 @@ path("issue//comment/", website.views.comment_on_issue, name="comment_on_issue"), # UPDATE COMMENT path("issue//comment/update//", website.views.update_comment, name="update_comment"), - # delete_comment - path("issue2/comment/delete/", website.views.delete_comment, name="delete_comment"), re_path(r"^issue/(?P\w+)/$", IssueView.as_view(), name="issue_view"), re_path(r"^issue2/(?P\w+)/$", IssueView2.as_view(), name="issue_view2"), re_path(r"^follow/(?P[^/]+)/", website.views.follow_user, name="follow_user"), diff --git a/website/templates/comments2.html b/website/templates/comments2.html index c43f0aaab..27a6eafc4 100644 --- a/website/templates/comments2.html +++ b/website/templates/comments2.html @@ -80,7 +80,8 @@

    Comments ({{ all_commen Edit

  • - Delete + Delete
  • Comments ({{ all_commen Edit
  • - Delete + Delete
  • Comments ({{ all_commen xhr.setRequestHeader("X-CSRFToken", csrftoken); // Set the CSRF token in the request header }, success: function (data) { - $('#comment_root').replaceWith(data); + $('#comment_root').html(data); document.querySelectorAll("[data-dropdown-toggle]").forEach((toggle) => { toggle.addEventListener("click", () => { const { dropdownToggle } = toggle.dataset; @@ -298,44 +300,6 @@

    Comments ({{ all_commen // Bind a new click event for the update_comment_btn $('#update_comment_btn').off('click').on('click', (e) => update_comment(e, comment_id)); }); - $('body').off('click', '.del_comment_issue2').on('click', '.del_comment_issue2', function (e) { - e.preventDefault(); - - // Store a reference to the clicked element - var clickedElement = $(this); - if (confirm("Delete this comment?") == true) { - var csrftoken = $("[name=csrfmiddlewaretoken]").val(); - - $.ajax({ - type: 'POST', - url: "/issue2/comment/delete/", - data: { - "comment_pk": clickedElement.attr('data-name'), - "issue_pk": '{{ object.pk|safe }}', - }, - beforeSend: function (xhr, settings) { - xhr.setRequestHeader("X-CSRFToken", csrftoken); // Set the CSRF token in the request header - }, - success: function (data) { - // Replace the content of #comment_root with the new data - $('#comment_root').replaceWith(data); - - document.querySelectorAll("[data-dropdown-toggle]").forEach((toggle) => { - toggle.addEventListener("click", () => { - const { dropdownToggle } = toggle.dataset; - const dropdown = document.getElementById(dropdownToggle); - dropdown.classList.toggle("hidden"); - dropdown.classList.toggle("block"); - dropdown.style.position = "absolute"; - dropdown.style.top = toggle.offsetTop + toggle.offsetHeight + "px"; - dropdown.style.left = toggle.offsetLeft - 50 + "px"; - - }); - }); - }, - }); - } - }); // refresh comments after x interval // function get_comments(){ // let issue_pk = '{{ object.pk|safe }}'; diff --git a/website/views.py b/website/views.py index 2aef79ae6..4e1676c7f 100644 --- a/website/views.py +++ b/website/views.py @@ -2047,24 +2047,6 @@ def update_comment(request, issue_pk, comment_pk): } return render(request, "comments2.html",context) -def delete_comment(request): - int_issue_pk = int(request.POST['issue_pk']) - issue = Issue.objects.get(pk=int_issue_pk) - if request.method == "POST": - all_comment = Comment.objects.filter(issue=issue) - comment = Comment.objects.get(pk=int(request.POST['comment_pk'])) - if request.user.username != comment.author: - return HttpResponse("You are not authorized to delete this comment") - try: - show = comment.parent.pk - except: - show = -1 - comment.delete() - context = { - "all_comment": Comment.objects.filter(issue__id=int_issue_pk).order_by("-created_date"), - "object": issue, - } - return render(request, "comments2.html", context) class CustomObtainAuthToken(ObtainAuthToken): def post(self, request, *args, **kwargs): response = super(CustomObtainAuthToken, self).post(request, *args, **kwargs) From 3c4e9002922a5bed34da7d623aaf8d27f233c841 Mon Sep 17 00:00:00 2001 From: JisanAR03 Date: Sun, 22 Oct 2023 16:34:28 +0600 Subject: [PATCH 4/5] Fix code scanning alert issue #1359 --- website/templates/join.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/templates/join.html b/website/templates/join.html index 96207d945..6c406edb4 100644 --- a/website/templates/join.html +++ b/website/templates/join.html @@ -386,7 +386,7 @@ {% endblock %} {% block content %} - +
    From 2095c73722fcae613eab252eea5c84a97d718a41 Mon Sep 17 00:00:00 2001 From: JisanAR03 Date: Sun, 22 Oct 2023 16:37:24 +0600 Subject: [PATCH 5/5] Fix code scanning alert issue #1359 --- website/templates/issue2.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/templates/issue2.html b/website/templates/issue2.html index 606a20136..b47f6a010 100644 --- a/website/templates/issue2.html +++ b/website/templates/issue2.html @@ -4,7 +4,7 @@ {% load custom_tags %} {% block head %} - + {% endblock %} {% block natural_content %}