Customizing Django.contrib.comments honeypot - django

I'm using Django's standard comment system and I would like to extend its anti-spam honeypot capability.
I thought of changing the default "name" and "id" of the field to something more alluring for spam-bots such as "website". I checked the html and this looks like this:
<p style="display:none;">
<label for="id_honeypot">Never send a human to do a machine's job</label>
<input type="text" name="honeypot" id="id_honeypot" />
</p>
Am I correct in thinking that changing the defaults of this element would boost its anti-spam capabilities? I tried modifying it in the django/contrib/comments/forms.py like this:
class CommentForm(CommentDetailsForm):
#use to be honeypot = forms.CharField(...
website = forms.CharField(required=False,
label=_('Never send a human to do a machines job')
def clean_honeypot(self):
"""Check that nothing's been entered into the honeypot."""
value = self.cleaned_data["website"]
if value:
raise forms.ValidationError(self.fields["website"].label)
return value
And this successfully changes the name and id in the html generated by django BUT then the whole mechanism stops working - I tried populating this invisible field, submitted and the comment was added.
I have a few other ideas as well, but first I'd really like to get this working - is it possible to modify the default honeypot name and id AND have it working like it should?
P.S I believe a more elegent way of doing this would be to extend django.contrib.comments and code the modification there instead of working on actual django code - what would be the best way of accomplishing this?

Given a bit more time to tinker around I found the answer to both of my questions:
In order to modify the standard honeypot or to create your own, you have to extend the CommentForm class by adding a clean_NAME_OF_HONEYPOT function as well as a NAME_OF_HONEYPOT variable both of which look similar to the standard ones and you also have to override the security_errors function to include the name of your new/modified honeypot in the dictionary.
The best way to do this is to create your custom comments app as described here: https://docs.djangoproject.com/en/dev/ref/contrib/comments/custom/ .
I hope this answer helps anyone else in my situation.

Related

Django: a custom template tag to convert links inside of a TextField and change the hyperlink text

The scenario is that there are some dynamic texts on some templates, that will contain hyperlinks.
For this, I have a SiteDataKeyValue model, in which the dynamic texts for different parts of the template are inputted. This is the model:
class SiteDataKeyValue(models.Model):
key = models.CharField(
max_length=200, verbose_name="نام متن مورد نظر", unique=True
)
value = models.TextField(verbose_name="متن")
def __str__(self):
return self.key
A solution that I've found already, is Django urlize template tag. As mentioned in the docs, this tag converts texts like https://www.google.com to www.google.com, which is nice but not what I'd like to achieve. I want to be able to change the hyperlink text, so the output would be something like: Click Here!.
I searched for a bit, came across modules like bleach, which is a fine module, but I couldn't find the answer I was looking for (I skimmed through the docs and there was nothing about the hyperlink text).
Also I saw a comment somewhere telling that this could be achieved by writing a custom Django template tag, but although I tried to do this regarding the custom template filters docs, I didn't have a clue to how to achieve this.
I'm not asking for the code, although it would be really appreciated if you provide instructions for writing this custom template tag, or better, if you could point me to something like this that is already out there.
First of all you can extend urlize tag like the answer in this
or you can change the main code which you can find it in django.utils.html and override its url variable to change it.
But I think the best method is extending the urlize tag
like this:
{% text | urlize | change_a_text_filter:{{ dome_new_a_text }} %}
then you can scrape the text and use regex to find >sample-text</a> then you can change it to the argument that defines in your tag
from django import template
register = template.Library()
#register.simple_tag
def change_a_text_filter(format_string, arg):
# find the url that made in urlize with regex
# change it with arg
# return the result
I was on a completely wrong road to solve this problem. I was trying to urlize a link from TextField, but didn't consider the fact that I only needed to implement html code as Visit link.com! in the TextField, and then use safe template tag to render html directly as below:
{{ text.value|safe }}
So in this solution, there is no need to urlize, and of course there is no need to extend this tag neither.
NOTE: As commented by #rahimz (link to comment) I understand that there are safety concerns regarding safe tag, So I should emphasize that only me and a company-trusted admin will have access to admin panel and there is no worries that this admin will send malicious code through this TextField.

Django Grappelli Rearrange Inlines id override

According to the docs:
http://django-grappelli.readthedocs.org/en/latest/customization.html#rearrange-inlines
The two classes for the placeholder are important. First, you need a class placeholder. The second class has to match the id of the inline–group.
All's well and good, I was able to set up my inlines fine, my issue is now - where does grappelli get the "id of the inline group" I can't find any reference, and pouring through the source code is offering me no solace.
Simply, I want to change the element-id that grappelli is using. Currently, it looks to me that it is taking the object name itself and converting to a lowercase name and appending set to the end. Do we have access to override the "id of the inline-group"?
Also, I am not 100% sure exactly how (or where) grappelli is doing this, it is definitely not documented... at all in fact.
Any help would be much appreciated.
It is the id of the inline element on HTML page. You can check the id of the default HTML inline element.
<div id="[related_name of ForeignKey]-group">
For example:
If in model "MyModel2", you have a ForeignKey like this:
my_model_1 = models.ForeignKey(MyModel1, related_name='my_model_2')
Then the id should be "my_model_2-group".
The id of the inline group is set in grappelli/templates/admin/edit_inline, in stacked.html line 5, or tabular.html line 6 (depending on which type of inline you're usng):
id="{{ inline_admin_formset.formset.prefix }}-group" >
You can override this by copying the file (stacked.html or tabular.html) into your template directory and setting the variable "template" to the file's new location e.g.:
# admin.py
class MyModelInline(admin.StackedInline):
template = 'path/to/stacked.html'
...
Then edit whatever you want in e.g. stacked.html.
I don't know if this is the best-practices way of doing this, but it's similar to what's done in the django tutorial.

adding line breaks and headers in django's admin interface

EDIT: If you are going to give a downvote, at least explain why -.-
Also, read comments if my post is still unclear. I tried to explain it a bit more in the comments but if it is still unclear about what I'm saying, let me know and I will take printscreens and explain using images.
I have created a model like so
class Post(models.Model):
title_of_post = models.CharField(max_length=100)
actual_post = models.TextField()
and I put this model in the admin interface and enabled the admin interface. Now, when I go to 127.0.0.1/admin/ and sign in, I can add this model. The posts created in the Post model can be seen on the homepage (127.0.0.1) so say my "title_of_post" is "title" and my "actual_post" is "the actual post", if I go to 127.0.0.1 I can see both the title and actual post on the homepage. The problem is, when I am in the admin interface and in the actual_post text box / TextField section, suppose I write this.
Something.
else
It would not recognize that I pushed the enter key after the period. I tried
Something. <br>
else
but that also didn't work. It does not go on a new line after the period. Is there any way to go to the next line when inputting information from the text box / TextField in the django admin interface? Is there any way to put headers from the admin interface, not from the template? Essentially, I want to be able to create this html from the admin interface.
<h1>Something.</h1> <br>
else
in order to show html inside a property, you need to place like this in your template:
{{ post.actual_post|safe }}
the safe template filter its good for not escaping html tags inside your template.
And this will print as:
Something
else
intead of:
Something <br /> else

Putting links in list_detail.object_list to list_detail.object_detail

I've started using Django and am going right to generic views. Great architecture! Well, the documents are great, but for the absolute beginner it is a bit like unix docs, where they make the most sense when you already know what you're doing. I've looked about and cannot find this specifically, which is, how do you set up an object_list template so that you can click on an entry in the rendered screen and get the object_detail?
The following is working. The reason I'm asking is to see if I am taking a reasonable route or is there some better, more Djangoish way to do this?
I've got a model which has a unicode defined so that I can identify my database entries in a human readable form. I want to click on a link in the object_list generated page to get to the object_detail page. I understand that a good way to do this is to create a system where the url for the detail looks like http://www.example.com/xxx/5/ which would call up the detail page for row 5 in the database. So, I just came up with the following, and my question is am I on the right track?
I made a template page for the list view that contains the following:
<ul>
{% for aninpatient in object_list %}
<li><a href='/inpatient-detail/{{ aninpatient.id }}/'>{{ aninpatient }}</a></li>
{% endfor %}
</ul>
Here, object_list comes from the list_detail.object_list generic view. The for loop steps through the object list object_list. In each line I create an anchor in html that references the desired href, "/inpatient-detail/nn/", where nn is the id field of each of the rows in the database table. The displayed link is the unicode string which is therefore a clickable link. I've set up templates and this works just fine.
So, am I going in the right direction? It looks like it will be straightforward to extend this to be able to put edit and delete links in the template as well.
Is there a generic view that takes advantage of the model to create the detail page? I used ModelForm helper from django.forms to make the form object, which was great for creating the input form (with automatic validation! wow that was cool!), so is there something like that for creating the detail view page?
Steve
If you're on django < 1.3 then what you are doing is basically perfect. Those generic views are quite good for quickly creating pages. If you're on django 1.3 you'll want to use the class based generic views. Once you get a handle on those they are are crazy good.
Only note I have is that you should use {% url %} tags in your templates instead of hardcoding urls. In your urls.conf file(s) define named urls like:
url('inpatient-detail/(?P<inpatient_id>\d+)/$', 'your_view', name='inpatient_detail')
and in your template (for django < 1.3):
...
In 1.3 a new url tag is available that improves life even more.

Flickr albums in django admin

I want to do the following:
Having a model (p.e. a model which handles data about photographic reports) create a section which has a preview of an specific flickr album. The URL will be provided by an URLField (until the first save the preview will not be available).
After the first save, it'll show previews of all the images inside that album, and make them selectable (through jQuery for example). Then again, when the images are selected and the object is saved (I think I can use django signals for this) it will notify a specific user telling him a selection has been made.
Is there any plugins available, or any easy way to implement this in django-admin?
Update: 22 days and no anwers... does that mean it can't be done in django-admin?
I personally can't think of any easy way to implement this in the Django admin, simply because I doubt many people who've done it have thought to open source it. I can imagine that it would be very specific to a certain user's / programmer's needs.
In any case, if you wanted to solve this issue, I'd say that your best bet would be overriding the Django admin templates in your django/contrib/admin/templates/admin folder. I believe you'd be best off by editing change_form.html.
My basic approach would be this:
Check the name of the model using opts.verbose_name. For example, if you wanted to do this processing for a model whose verbose name is "Gallery", you would do
{% ifequal opts.verbose_name "Gallery" %}
<!-- neat gallery view -->
{% else %}
<!-- regular form -->
{% endifequal %}
Make a custom template tag that will display the gallery view / form given the object_id and the type of object. This way you can replace the <!-- neat gallery view --> with a {% show_gallery object_id %}. See the Django Docs for more info on creating custom template tags. It's pretty straightforward.
Add whatever Javascript or custom stuff in your template tag template. What you choose to do is up to you.
Sorry you haven't gotten many more answers to your question. Hope this helps!