| 539 | |
| 540 | @xhr |
| 541 | def edit(self, environ, request, id): |
| 542 | try: |
| 543 | rv = self.isso.unsign(request.cookies.get(str(id), "")) |
| 544 | except (SignatureExpired, BadSignature): |
| 545 | raise Forbidden |
| 546 | |
| 547 | if rv[0] != id: |
| 548 | raise Forbidden |
| 549 | |
| 550 | # verify checksum, mallory might skip cookie deletion when he deletes a comment |
| 551 | if rv[1] != sha1(self.comments.get(id)["text"]): |
| 552 | raise Forbidden |
| 553 | |
| 554 | data = request.json |
| 555 | |
| 556 | for key in set(data.keys()) - set(["text", "author", "website"]): |
| 557 | data.pop(key) |
| 558 | |
| 559 | valid, reason = API.verify(data) |
| 560 | if not valid: |
| 561 | return BadRequest(reason) |
| 562 | |
| 563 | for field in ("author",): |
| 564 | if data.get(field) is not None: |
| 565 | data[field] = escape(data[field], quote=False) |
| 566 | |
| 567 | if data.get("website") is not None: |
| 568 | data["website"] = escape(data["website"], quote=True) |
| 569 | |
| 570 | data["modified"] = time.time() |
| 571 | |
| 572 | with self.isso.lock: |
| 573 | rv = self.comments.update(id, data) |
| 574 | |
| 575 | for key in set(rv.keys()) - API.FIELDS: |
| 576 | rv.pop(key) |
| 577 | |
| 578 | self.signal("comments.edit", rv) |
| 579 | |
| 580 | cookie = self.create_cookie(value=self.isso.sign([rv["id"], sha1(rv["text"])]), max_age=self.conf.getint("max-age")) |
| 581 | |
| 582 | rv["text"] = self.isso.render(rv["text"]) |
| 583 | |
| 584 | resp = JSON(rv, 200) |
| 585 | resp.headers.add("Set-Cookie", cookie(str(rv["id"]))) |
| 586 | resp.headers.add("X-Set-Cookie", cookie("isso-%i" % rv["id"])) |
| 587 | return resp |
| 588 | |
| 589 | """ |
| 590 | @api {delete} /id/:id delete |