better middleware

iTeam-org · Dec 4, 2014 · d266636 · d266636
1 parent 768429a
commit d266636
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 13 deletions.
diff --git a/iTeam/events/forms.py b/iTeam/events/forms.py
@@ -3,7 +3,7 @@
 # @Author: Adrien Chardon
 # @Date:   2014-08-21 18:54:29
 # @Last Modified by:   Adrien Chardon
-# @Last Modified time: 2014-11-02 12:10:43
+# @Last Modified time: 2014-12-04 19:41:49
 
 # This file is part of iTeam.org.
 # Copyright (C) 2014 Adrien Chardon (Nodraak).
@@ -109,4 +109,14 @@ def clean(self):
             if 'file' in cleaned_data:
                 del cleaned_data['file']
 
+        bad_word = False
+        title = cleaned_data.get('title')
+        for word in settings.FORBIDDEN_WORDS:
+                bad_word = bad_word or (word in title)
+
+        if bad_word:
+            msg = ('Erreur, un mot interdit a été utilisé. Regardez les sources ou contacter le dev.')
+            self._errors['title'] = self.error_class([msg])
+
+
         return cleaned_data
diff --git a/iTeam/middleware.py b/iTeam/middleware.py
@@ -3,7 +3,7 @@
 # @Author: Adrien Chardon
 # @Date:   2014-10-28 19:29:36
 # @Last Modified by:   Adrien Chardon
-# @Last Modified time: 2014-11-19 16:07:54
+# @Last Modified time: 2014-12-04 19:37:15
 
 # This file is part of iTeam.org.
 # Copyright (C) 2014 Adrien Chardon (Nodraak).
@@ -21,9 +21,10 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with iTeam.org. If not, see <http://www.gnu.org/licenses/>.
 
+from django.conf import settings
+from django.http import HttpResponse
 
 from iTeam.stats.models import Log
-from django.http import HttpResponse
 
 
 class Log_middleware(object):
@@ -34,15 +35,14 @@ def process_request(self, request):
 
         if head != 'a':
             l = Log().set_attr(request)
+            l.save()
 
             if 'bot' not in l.useragent.lower():
-                fucker = l.useragent.startswith('() { :;};') \
-                    or ('php' in head) or ('cgi' in head) or ('wp' in head) or ('admin' in head)
+                fucker = l.useragent.startswith('() { :;};')
+                for word in settings.FORBIDDEN_WORDS:
+                    fucker = fucker or (word in url)
 
                 if fucker:
                     l.useragent += ' -- Spotted'
-
-                l.save()
-
-                if fucker:
-                    return HttpResponse('GO FUCK YOURSELF ><', status=418)
+                    l.save()
+                    return HttpResponse('Il semblerait que vous soyez mal intentionné, merci de ne pas recommencer ><', status=418)
diff --git a/iTeam/publications/forms.py b/iTeam/publications/forms.py
@@ -3,7 +3,7 @@
 # @Author: Adrien Chardon
 # @Date:   2014-08-20 19:01:23
 # @Last Modified by:   Adrien Chardon
-# @Last Modified time: 2014-09-02 14:58:36
+# @Last Modified time: 2014-12-04 19:41:10
 
 # This file is part of iTeam.org.
 # Copyright (C) 2014 Adrien Chardon (Nodraak).
@@ -89,4 +89,13 @@ def clean(self):
             if 'image' in cleaned_data:
                 del cleaned_data['image']
 
+        bad_word = False
+        title = cleaned_data.get('title')
+        for word in settings.FORBIDDEN_WORDS:
+                bad_word = bad_word or (word in title)
+
+        if bad_word:
+            msg = ('Erreur, un mot interdit a été utilisé. Regardez les sources ou contacter le dev.')
+            self._errors['title'] = self.error_class([msg])
+
         return cleaned_data
diff --git a/iTeam/settings.py b/iTeam/settings.py
@@ -3,7 +3,7 @@
 # @Author: Adrien Chardon
 # @Date:   2014-09-02 12:01:06
 # @Last Modified by:   Adrien Chardon
-# @Last Modified time: 2014-11-05 09:39:31
+# @Last Modified time: 2014-12-04 19:33:47
 
 # This file is part of iTeam.org.
 # Copyright (C) 2014 Adrien Chardon (Nodraak).
@@ -255,6 +255,14 @@
 
 FORGOT_PASSWORD_TOKEN_EXPIRES = datetime.timedelta(hours=2)
 
+FORBIDDEN_WORDS = (
+    'php',
+    'cgi',
+    'admin',
+    'wp',
+    'trackback',
+)
+
 #############################################
 # LOGGING
 # http://docs.djangoproject.com/en/dev/topics/logging

diff --git a/templates/base.html b/templates/base.html
@@ -18,7 +18,7 @@
 
     <meta name="viewport" content="width=device-width, initial-scale=1" />
 
-    <meta name="description" content="L'iTeam est une association étudiante de l'ECE pour la promotion du logiciel libre et de l'open source. Nous organisons plusieurs formations durant l'année.">
+    <meta name="description" content="L'iTeam est l'association de promotion du logiciel libre et de l'open source à l'ECE Paris : elle propose des formations et monte des projets dans le domaine des réseaux et de la sécurité.">
     <meta name="keywords" content="iteam, association, étudiant, promotion, logiciel libre, open source, formations, conférences">
 
     <meta name="google-site-verification" content="-V-GkrrNB6_Exru2cDjfCtw4CljjaaIDWtHpRxZEmTU" />