From 85546481742799257c39402085b39d471c93e91f Mon Sep 17 00:00:00 2001
From: Uncled1023 <admin@teknik.io>
Date: Fri, 11 Aug 2017 15:27:02 -0700
Subject: [PATCH] Added HTML support for blog post articles

---
 .../Areas/Blog/Controllers/BlogController.cs  | 30 +++++++++----------
 .../Blog/ViewModels/CreatePostViewModel.cs    | 19 ++++++++++++
 .../Blog/ViewModels/EditPostViewModel.cs      | 19 ++++++++++++
 Teknik/Areas/Blog/Views/Blog/EditPost.cshtml  |  6 ++--
 Teknik/Areas/Blog/Views/Blog/NewPost.cshtml   |  6 ++--
 Teknik/Teknik.csproj                          |  2 ++
 Utilities/Utilities/MarkdownHelper.cs         |  1 +
 7 files changed, 62 insertions(+), 21 deletions(-)
 create mode 100644 Teknik/Areas/Blog/ViewModels/CreatePostViewModel.cs
 create mode 100644 Teknik/Areas/Blog/ViewModels/EditPostViewModel.cs

diff --git a/Teknik/Areas/Blog/Controllers/BlogController.cs b/Teknik/Areas/Blog/Controllers/BlogController.cs
index eed1e3e..ec59d8f 100644
--- a/Teknik/Areas/Blog/Controllers/BlogController.cs
+++ b/Teknik/Areas/Blog/Controllers/BlogController.cs
@@ -207,45 +207,45 @@ namespace Teknik.Areas.Blog.Controllers
         }
 
         [HttpPost]
-        public ActionResult CreatePost(int blogID, string title, string article)
+        public ActionResult CreatePost(CreatePostViewModel data)
         {
             BlogViewModel model = new BlogViewModel();
             if (ModelState.IsValid)
             {
                 bool isAuth = User.IsInRole("Admin");
-                var blog = db.Blogs.Where(p => (p.BlogId == blogID) && (p.User.Username == User.Identity.Name || isAuth)).FirstOrDefault();
+                var blog = db.Blogs.Where(p => (p.BlogId == data.BlogId) && (p.User.Username == User.Identity.Name || isAuth)).FirstOrDefault();
                 if (blog != null)
                 {
                     if (User.IsInRole("Admin") || db.Blogs.Where(b => b.User.Username == User.Identity.Name).FirstOrDefault() != null)
                     {
                         // Validate the fields
-                        if (string.IsNullOrEmpty(title))
+                        if (string.IsNullOrEmpty(data.Title))
                         {
                             model.Error = true;
                             model.ErrorMessage = "You must write something for the title";
                             return View("~/Areas/Blog/Views/Blog/NewPost.cshtml", model);
                         }
 
-                        if (string.IsNullOrEmpty(article))
+                        if (string.IsNullOrEmpty(data.Article))
                         {
                             model.Error = true;
                             model.ErrorMessage = "You must write something for the article";
                             return View("~/Areas/Blog/Views/Blog/NewPost.cshtml", model);
                         }
 
-                        bool system = (blogID == Config.BlogConfig.ServerBlogId);
+                        bool system = (data.BlogId == Config.BlogConfig.ServerBlogId);
                         if (system)
                         {
                             var user = db.Blogs.Where(b => b.User.Username == User.Identity.Name);
                             if (user != null)
                             {
-                                blogID = user.First().BlogId;
+                                data.BlogId = user.First().BlogId;
                             }
                         }
                         BlogPost post = db.BlogPosts.Create();
-                        post.BlogId = blogID;
-                        post.Title = title;
-                        post.Article = article;
+                        post.BlogId = data.BlogId;
+                        post.Title = data.Title;
+                        post.Article = data.Article;
                         post.System = system;
                         post.DatePosted = DateTime.Now;
                         post.DatePublished = DateTime.Now;
@@ -269,34 +269,34 @@ namespace Teknik.Areas.Blog.Controllers
         }
 
         [HttpPost]
-        public ActionResult EditPost(int postID, string title, string article)
+        public ActionResult EditPost(EditPostViewModel data)
         {
             PostViewModel model = new PostViewModel();
             if (ModelState.IsValid)
             {
-                BlogPost post = db.BlogPosts.Where(p => p.BlogPostId == postID).FirstOrDefault();
+                BlogPost post = db.BlogPosts.Where(p => p.BlogPostId == data.PostId).FirstOrDefault();
                 if (post != null)
                 {
                     model = new PostViewModel(post);
                     if (User.IsInRole("Admin") || post.Blog.User.Username == User.Identity.Name)
                     {
                         // Validate the fields
-                        if (string.IsNullOrEmpty(title))
+                        if (string.IsNullOrEmpty(data.Title))
                         {
                             model.Error = true;
                             model.ErrorMessage = "You must write something for the title";
                             return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model);
                         }
 
-                        if (string.IsNullOrEmpty(article))
+                        if (string.IsNullOrEmpty(data.Article))
                         {
                             model.Error = true;
                             model.ErrorMessage = "You must write something for the article";
                             return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model);
                         }
 
-                        post.Title = title;
-                        post.Article = article;
+                        post.Title = data.Title;
+                        post.Article = data.Article;
                         post.DateEdited = DateTime.Now;
                         db.Entry(post).State = EntityState.Modified;
                         db.SaveChanges();
diff --git a/Teknik/Areas/Blog/ViewModels/CreatePostViewModel.cs b/Teknik/Areas/Blog/ViewModels/CreatePostViewModel.cs
new file mode 100644
index 0000000..1194df4
--- /dev/null
+++ b/Teknik/Areas/Blog/ViewModels/CreatePostViewModel.cs
@@ -0,0 +1,19 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+using System.Web.Mvc;
+using Teknik.ViewModels;
+
+namespace Teknik.Areas.Blog.ViewModels
+{
+    public class CreatePostViewModel : ViewModelBase
+    {
+        public int BlogId { get; set; }
+
+        public string Title { get; set; }
+
+        [AllowHtml]
+        public string Article { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/Teknik/Areas/Blog/ViewModels/EditPostViewModel.cs b/Teknik/Areas/Blog/ViewModels/EditPostViewModel.cs
new file mode 100644
index 0000000..a65fe47
--- /dev/null
+++ b/Teknik/Areas/Blog/ViewModels/EditPostViewModel.cs
@@ -0,0 +1,19 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+using System.Web.Mvc;
+using Teknik.ViewModels;
+
+namespace Teknik.Areas.Blog.ViewModels
+{
+    public class EditPostViewModel : ViewModelBase
+    {
+        public int PostId { get; set; }
+
+        public string Title { get; set; }
+
+        [AllowHtml]
+        public string Article { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/Teknik/Areas/Blog/Views/Blog/EditPost.cshtml b/Teknik/Areas/Blog/Views/Blog/EditPost.cshtml
index a52774f..79924be 100644
--- a/Teknik/Areas/Blog/Views/Blog/EditPost.cshtml
+++ b/Teknik/Areas/Blog/Views/Blog/EditPost.cshtml
@@ -26,18 +26,18 @@
         </div>
     </div>
     <form class="form" action="@Url.SubRouteUrl("blog", "Blog.Action", new { action = "EditPost" })" method="post" id="newPost">
-        <input name="postID" id="postID" type="hidden" value="@Model.PostId" />
+        <input name="PostID" id="postID" type="hidden" value="@Model.PostId" />
         <div class="row">
             <div class="form-group col-sm-10 col-sm-offset-1">
                 <label for="title"><h4>Title</h4></label>
-                <input class="form-control" name="title" id="title" placeholder="generic click bait" title="enter a title for your post." type="text" value="@Model.Title" />
+                <input class="form-control" name="Title" id="title" placeholder="generic click bait" title="enter a title for your post." type="text" value="@Model.Title" />
             </div>
         </div>
         <div class="row">
             <div class="form-group col-sm-10 col-sm-offset-1">
                 <label for="article"><h4>Article</h4></label>
                 <div class="mdd_toolbar"></div>
-                <textarea class="form-control mdd_editor" name="article" id="article" placeholder="I ate a burger today." title="enter any information you want to share with the world." data-provide="markdown" rows="10">@Model.Article</textarea>
+                <textarea class="form-control mdd_editor" name="Article" id="article" placeholder="I ate a burger today." title="enter any information you want to share with the world." data-provide="markdown" rows="10">@Model.Article</textarea>
             </div>
         </div>
         <div class="row">
diff --git a/Teknik/Areas/Blog/Views/Blog/NewPost.cshtml b/Teknik/Areas/Blog/Views/Blog/NewPost.cshtml
index 0eb9ae7..bcea3c5 100644
--- a/Teknik/Areas/Blog/Views/Blog/NewPost.cshtml
+++ b/Teknik/Areas/Blog/Views/Blog/NewPost.cshtml
@@ -26,18 +26,18 @@
         </div>
     </div>
     <form class="form" action="@Url.SubRouteUrl("blog", "Blog.Action", new { action = "CreatePost" })" method="post" id="newPost">
-        <input name="blogID" id="blogID" type="hidden" value="@Model.BlogId" />
+        <input name="BlogID" id="blogID" type="hidden" value="@Model.BlogId" />
         <div class="row">
             <div class="form-group col-sm-10 col-sm-offset-1">
                 <label for="title"><h4>Title</h4></label>
-                <input class="form-control" name="title" id="title" placeholder="generic click bait" title="enter a title for your post." type="text" />
+                <input class="form-control" name="Title" id="title" placeholder="generic click bait" title="enter a title for your post." type="text" />
             </div>
         </div>
         <div class="row">
             <div class="form-group col-sm-10 col-sm-offset-1">
                 <label for="article"><h4>Article</h4></label>
                 <div class="mdd_toolbar"></div>
-                <textarea class="form-control mdd_editor" name="article" id="article" placeholder="I ate a burger today." title="enter any information you want to share with the world." data-provide="markdown" rows="10"></textarea>
+                <textarea class="form-control mdd_editor" name="Article" id="article" placeholder="I ate a burger today." title="enter any information you want to share with the world." data-provide="markdown" rows="10"></textarea>
             </div>
         </div>
         <div class="row">
diff --git a/Teknik/Teknik.csproj b/Teknik/Teknik.csproj
index 55ff1ee..ee549f7 100644
--- a/Teknik/Teknik.csproj
+++ b/Teknik/Teknik.csproj
@@ -235,6 +235,8 @@
     <Compile Include="Areas\Blog\Models\BlogPostComment.cs" />
     <Compile Include="Areas\Blog\ViewModels\BlogViewModel.cs" />
     <Compile Include="Areas\Blog\ViewModels\CommentViewModel.cs" />
+    <Compile Include="Areas\Blog\ViewModels\CreatePostViewModel.cs" />
+    <Compile Include="Areas\Blog\ViewModels\EditPostViewModel.cs" />
     <Compile Include="Areas\Blog\ViewModels\PostViewModel.cs" />
     <Compile Include="Areas\Contact\ContactAreaRegistration.cs" />
     <Compile Include="Areas\Contact\Controllers\ContactController.cs" />
diff --git a/Utilities/Utilities/MarkdownHelper.cs b/Utilities/Utilities/MarkdownHelper.cs
index 34e357a..e3f5cba 100644
--- a/Utilities/Utilities/MarkdownHelper.cs
+++ b/Utilities/Utilities/MarkdownHelper.cs
@@ -19,6 +19,7 @@ namespace Teknik.Utilities
 			// Transform the supplied text (Markdown) into HTML.
 			var markdownTransformer = new Markdown();
 		    markdownTransformer.ExtraMode = true;
+		    markdownTransformer.SafeMode = true;
 			string html = markdownTransformer.Transform(text);
 
 			// Wrap the html in an MvcHtmlString otherwise it'll be HtmlEncoded and displayed to the user as HTML :(