Added Feature to recommend Users from profile page #2948
Conversation
🔍 Existing Issues For ReviewYour pull request is modifying functions with the following pre-existing issues: 📄 File: website/views/user.py
Did you find this useful? React with a 👍 or 👎 |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
This looks good can you please also add a text area where the user can add a recommendation blurb and if there is a blurb then show it on the profile on the bottom of the page otherwise, having the number count is good. |
| # Remove any potential template tags or code that might have been entered | ||
| if blurb: | ||
| # Remove any HTML or template tags | ||
| blurb = re.sub(r"<[^>]+>", "", blurb) |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
There was a problem hiding this comment.
getting a security alert for these
| if blurb: | ||
| # Remove any HTML or template tags | ||
| blurb = re.sub(r"<[^>]+>", "", blurb) | ||
| blurb = re.sub(r"{%.*?%}", "", blurb) |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
| # Remove any HTML or template tags | ||
| blurb = re.sub(r"<[^>]+>", "", blurb) | ||
| blurb = re.sub(r"{%.*?%}", "", blurb) | ||
| blurb = re.sub(r"{{.*?}}", "", blurb) |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
|
|
||
|
|
||
| # Add new view for AJAX blurb recommendations | ||
| @require_POST |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
|
|
||
|
|
||
| @login_required | ||
| def ajax_recommend_user(request, username): |
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
|
@DonnieBLT Added a recommendation blurb which can be added to a User's Profile from Edit Profile Page. Screen.Recording.2024-11-23.at.4.53.53.PM.mov |
| - id: fix-encoding-pragma | ||
| args: | ||
| - --remove | ||
| language_version: python3.11 |
There was a problem hiding this comment.
I don't think we need all of these
There was a problem hiding this comment.
sure, i'll remove them
| @@ -625,6 +628,9 @@ | |||
| path("time-logs/", TimeLogListView, name="time_logs"), | |||
| path("sizzle-daily-log/", sizzle_daily_log, name="sizzle_daily_log"), | |||
| path("blog/", include("blog.urls")), | |||
| path("recommend/<int:user_id>/", recommend_user, name="recommend_user"), | |||
There was a problem hiding this comment.
can you be consistent and use either user id or username - and do we need 3 more urls? Can we do this all with one more?
There was a problem hiding this comment.
each of the 3 urls determine, recommend users manually(using the dedicated recommendation feature on user profile) , recommend directly from the button under the recommendation blurb and another is ajax recommendation(this was optional and can be removed)
| # Remove any potential template tags or code that might have been entered | ||
| if blurb: | ||
| # Remove any HTML or template tags | ||
| blurb = re.sub(r"<[^>]+>", "", blurb) |
There was a problem hiding this comment.
getting a security alert for these
There was a problem hiding this comment.
this is missing imports
There was a problem hiding this comment.
umm, can you please tell me which imports are missing from this file? I apologise if I missed any
There was a problem hiding this comment.
you can check the original here it has the missing import - https://github.com/OWASP-BLT/BLT/pull/2656/files - did you test this code? This would have thrown an error.
|
code was originally from here #2656 |
I did ask him but he never replied |
|
You also copied our badge to a new project without retaining the license? |
Actually, I created this project solely to develop a badge for BLT repository which can be used in the README.md file(#2940) and never intended on using it anywhere else. I was going to archive the repository and delete the badge as soon as the corresponding PR for the issue was merged, I waited so just in case the badge I created could come in-use. |
Users can recommend other uses directly from their profile page. I've also added a badge which shows the recommended users.
#2632
Screen.Recording.2024-11-19.at.2.08.44.AM.mov