escape user-provided strings used in regular expressions
[wolnelektury.git] / src / contact / forms.py
1 # -*- coding: utf-8 -*-
2 from django.contrib.sites.models import Site
3 from django.core.exceptions import ValidationError
4 from django.core.files.uploadedfile import UploadedFile
5 from django.core.mail import send_mail, mail_managers
6 from django.core.urlresolvers import reverse
7 from django.core.validators import validate_email
8 from django import forms
9 from django.template.loader import render_to_string
10 from django.template import RequestContext
11 from django.utils.translation import ugettext_lazy as _
12
13
14 contact_forms = {}
15 admin_list_width = 0
16
17
18 class ContactFormMeta(forms.Form.__class__):
19     def __new__(cls, name, bases, attrs):
20         global admin_list_width
21         model = super(ContactFormMeta, cls).__new__(cls, name, bases, attrs)
22         assert model.form_tag not in contact_forms, 'Duplicate form_tag.'
23         if model.admin_list:
24             admin_list_width = max(admin_list_width, len(model.admin_list))
25         contact_forms[model.form_tag] = model
26         return model
27
28
29 class ContactForm(forms.Form):
30     """Subclass and define some fields."""
31     __metaclass__ = ContactFormMeta
32
33     form_tag = None
34     form_title = _('Contact form')
35     submit_label = _('Submit')
36     admin_list = None
37     result_page = False
38
39     required_css_class = 'required'
40     # a subclass has to implement this field, but doing it here breaks the order
41     contact = NotImplemented
42
43     def save(self, request, formsets=None):
44         from .models import Attachment, Contact
45         body = {}
46         for name, value in self.cleaned_data.items():
47             if not isinstance(value, UploadedFile) and name != 'contact':
48                 body[name] = value
49
50         for formset in formsets or []:
51             for f in formset.forms:
52                 sub_body = {}
53                 for name, value in f.cleaned_data.items():
54                     if not isinstance(value, UploadedFile):
55                         sub_body[name] = value
56                 if sub_body:
57                     body.setdefault(f.form_tag, []).append(sub_body)
58
59         contact = Contact.objects.create(
60             body=body,
61             ip=request.META['REMOTE_ADDR'],
62             contact=self.cleaned_data['contact'],
63             form_tag=self.form_tag)
64         for name, value in self.cleaned_data.items():
65             if isinstance(value, UploadedFile):
66                 attachment = Attachment(contact=contact, tag=name)
67                 attachment.file.save(value.name, value)
68                 attachment.save()
69
70         site = Site.objects.get_current()
71         dictionary = {
72             'form_tag': self.form_tag,
73             'site_name': getattr(self, 'site_name', site.name),
74             'site_domain': getattr(self, 'site_domain', site.domain),
75             'contact': contact,
76         }
77         context = RequestContext(request)
78         mail_managers_subject = render_to_string([
79                 'contact/%s/mail_managers_subject.txt' % self.form_tag,
80                 'contact/mail_managers_subject.txt', 
81             ], dictionary, context).strip()
82         mail_managers_body = render_to_string([
83                 'contact/%s/mail_managers_body.txt' % self.form_tag,
84                 'contact/mail_managers_body.txt', 
85             ], dictionary, context)
86         mail_managers(mail_managers_subject, mail_managers_body, fail_silently=True)
87
88         try:
89             validate_email(contact.contact)
90         except ValidationError:
91             pass
92         else:
93             mail_subject = render_to_string([
94                     'contact/%s/mail_subject.txt' % self.form_tag,
95                     'contact/mail_subject.txt', 
96                 ], dictionary, context).strip()
97             if self.result_page:
98                 mail_body = render_to_string(
99                     'contact/%s/results_email.txt' % contact.form_tag,
100                     {
101                         'contact': contact,
102                         'results': self.results(contact),
103                     }, context)
104             else:
105                 mail_body = render_to_string([
106                         'contact/%s/mail_body.txt' % self.form_tag,
107                         'contact/mail_body.txt',
108                     ], dictionary, context)
109             send_mail(mail_subject, mail_body, 'no-reply@%s' % site.domain, [contact.contact], fail_silently=True)
110
111         return contact