diff options
| -rwxr-xr-x | src/site.clj | 28 | ||||
| -rw-r--r-- | template/single_message.st | 43 |
2 files changed, 70 insertions, 1 deletions
diff --git a/src/site.clj b/src/site.clj index f76531d..9ecff8d 100755 --- a/src/site.clj +++ b/src/site.clj @@ -220,6 +220,15 @@ LIMIT ? OFFSET ?")] (do-select [query nick *dumps-per-page* offset])))) +(defn fetch-public-message-by-id [id] + (let [query (str "SELECT m.content, m.created_on, m.user_id, u.nick, u.avatar + FROM messages m, users u, rooms r + WHERE m.user_id = u.user_id + AND r.room_id = m.room_id + AND r.admin_only = false + AND m.message_id = ?")] + (first (do-select [query (maybe-parse-int id -1)])))) + (defn build-room-map-from-db [room-db] {:admin_only (room-db :admin_only) :room_id (room-db :room_id) @@ -451,7 +460,23 @@ (if (zero? (count @*directory-listing*)) (.setAttribute st "notloaded" true)) (.toString st))) - + +;; Single posts + +(defn single-message [session nick-from-url id-from-url] + (if-let [user-info (fetch-nick nick-from-url)] + (if-let [message (fetch-public-message-by-id id-from-url)] + ; error if nick in url doesn't match the nick who posted the message from the id in url + ; this prevents people from scraping all the content by incrementing the id in the url + (if (= (user-info :user_id) (message :user_id)) + (let [st (fetch-template "single_message" session)] + (.setAttribute st "message" (process-message-for-output message)) + (.toString st)) + (resp-error "NO_MESSAGE")) + (resp-error "NO_MESSAGE")) + (resp-error "NO_USER"))) + + ;; Topics (defn valid-topic? [topic] @@ -772,6 +797,7 @@ (GET "/u/:nick/:offset" (profile session (params :nick) (params :offset))) + (GET "/p/:nick/:postid" (single-message session (params :nick) (params :postid))) (GET "/login" (login session params cookies)) (GET "/logout" (logout session)) (GET "/register" (serve-static "static" "register.html")) diff --git a/template/single_message.st b/template/single_message.st new file mode 100644 index 0000000..e75ddd5 --- /dev/null +++ b/template/single_message.st @@ -0,0 +1,43 @@ +<html> + <head> + + <title>dump.fm</title> + $head()$ + <link rel="stylesheet" type="text/css" href="/static/directory.css"> + <script> + jQuery(document).ready(initDirectory); + </script> + + + </head> + <body> + $banner()$ + <div id="chatrap"> + <div id="log"> + <div id="loghead"></div> + <br> + <div id="posts"> + <br> + <div class="logged-dump"> + <a href="/u/$message.nick$"> + <b>$message.nick$</b> + $if(message.avatar)$ + <div style="border-image:url($message.avatar$)"> + <div id="logavatar"> + <img height="50" width="50" src="$message.avatar$"></img> + </div> + $endif$ + </a> + <span class="linkify">$message.content$</span> + <hr /> + </div> + <!--<a href="http://www.facebook.com/share.php?u=$u.content$&t=via dump.fm" target="_blank"><img src="/static/fbbutton.png"></a> + <a href="http://twitter.com/home?status=via dump.fm $u.content$" target="_blank"><img src="/static/twittericon.png"></a> + <a href="http://delicious.com/save?url=$u.content$¬es=via dump.fm&title=$u.content$" target="_blank"><img src="/static/delishicon.png"></a>--> + </div> + <!--<div id="footer"> + $footer()$ + </div>--> + </div> + </body> +</html> |