Django发送消息问题

时间:2013-06-25 12:53:34

标签: django

我有一个名为Message的模型,它有一个名为in_response_to的字段。我使用此字段通过在每个相关消息中存储原始消息的主键来识别哪些消息彼此相关,并列出所有消息

如果我收到您的新消息,我想回复。我会在我的文本框下创建一个hidden_​​field并存储新的消息primary id并使用它来创建一条消息,方法是将主键存储在in_response_to中,这样我就知道这条消息与该消息有关,并且该方法会重复,所以每条消息都会有原始主键。

所以它就像

(1) =  message primary key
(s) =  store message primary key inside in_response_to

John(1) send mail to Peter(s)
Peter(1) send mail to John(s)
John(1) send mail to Peter(s)

现在的问题是,如果我发给你一条消息。 in_response_to为空,因为它是一条新消息。如果您回复了该消息,则会将我的主键存储在in_response_to中,但是当我尝试再次回复时。我最终把它发给自己。我不知道为什么。有人可以帮帮我吗 。我在圈子里跑

问题出在这里

        if messages.in_response_to:
            if messages.user !=   request.user:
                primary = messages.in_response_to 
                Message.objects.create(user=request.user,recipient=messages.user,body=body,in_response_to=primary)
                return HttpResponseRedirect(reverse('world:message'))
            if messages.user ==  request.user:
                Message.objects.create(user=request.user,recipient=messages.recipient.user,body=body,in_response_to=primary)

        Message.objects.create(user=request.user,recipient=messages.user,body=body,in_response_to=messages)
        return HttpResponseRedirect(reverse('world:message'))

模型

class Message(models.Model):
    user = models.ForeignKey(User, related_name='sender')
    recipient = models.ForeignKey(User, related_name='recipient')
    created = models.DateTimeField(auto_now_add=True)
    subject = models.CharField(max_length=100, blank=True)
    body = models.CharField(max_length=1000)
    read = models.BooleanField(default=False)
    trash = models.BooleanField(default=False)
    sentmessage = models.BooleanField(default=False)
    in_response_to = models.ForeignKey('self', null=True, blank=True)


    def __unicode__(self):
        return self.body

views.py

 @login_required
 def read(request,id):
     try:
         messages = Message.objects.get(pk=id,recipient=request.user.id) 
     except Message.DoesNotExist:
         return HttpResponseRedirect(reverse('world:Display'))
     if request.method =='POST':
         form = NewMessageForm(request.POST)
         if form.is_valid():
             id = request.POST.get('hidden_field', False)
             try:
                 messages = Message.objects.get(pk=id)
             except Message.DoesNotExist:
                 return HttpResponseRedirect(reverse('world:LoginRequest'))


             body = form.cleaned_data['body']
             if messages.in_response_to:
                 if messages.user !=   request.user:
                     primary = messages.in_response_to 
                     Message.objects.create(user=request.user,recipient=messages.user,body=body,in_response_to=primary)
                     return HttpResponseRedirect(reverse('world:message'))
                 if messages.user ==  request.user:
                     Message.objects.create(user=request.user,recipient=messages.recipient.user,body=body,in_response_to=primary)

             Message.objects.create(user=request.user,recipient=messages.user,body=body,in_response_to=messages)
             return HttpResponseRedirect(reverse('world:message'))

     if messages.in_response_to:
         m = messages.in_response_to.id
         message = Message.objects.filter(in_response_to=messages.in_response_to ).filter(created__lte=messages.created)

        initial = {}
         initial.update({'hidden_field': m})
         form = NewMessageForm(initial=initial)
         return render(request,'read.html',{'message':message,'form':form,'m':m})

     initial = {}
     initial.update({'hidden_field': messages.id})
     form = NewMessageForm(initial=initial)

     return render(request,'read.html',{'messages':messages,'form':form})

 @login_required
 def message(request):
     form = CheckBoxForm()

     messages = Message.objects.filter(recipient=request.user.id).order_by("-created")
     return render(request,'messages.html',{'messages':messages,'form':form})

模板

{%csrf_token%}

{{form.body}}{{form.hidden_field}}
   <input type = "submit" value= "add" class="sen"/>

</form>

形式

class NewMessageForm(forms.Form):
    body = forms.CharField(widget=forms.Textarea,required=False,max_length=22000)
    hidden_field = forms.CharField(widget=forms.HiddenInput())       
    class Meta:
        model = Message

1 个答案:

答案 0 :(得分:-1)

嗯,你应该明白你可能是受害者黑客。如果他们可以从in_response_to更改hidden input,则会破坏邮件链。