jemsgit
diff --git a/‎EPAM.MyBlog.DAL.DB/DAL.cs
Lines changed: 1 addition & 0 deletions b/‎EPAM.MyBlog.DAL.DB/DAL.cs
Lines changed: 1 addition & 0 deletions
diff --git a/‎EPAM.MyBlog.DAL.DB/bin/Debug/EPAM.MyBlog.DAL.DB.dll
0 Bytes b/‎EPAM.MyBlog.DAL.DB/bin/Debug/EPAM.MyBlog.DAL.DB.dll
0 Bytes
diff --git a/‎EPAM.MyBlog.DAL.DB/bin/Debug/EPAM.MyBlog.DAL.DB.pdb
0 Bytes b/‎EPAM.MyBlog.DAL.DB/bin/Debug/EPAM.MyBlog.DAL.DB.pdb
0 Bytes
diff --git a/‎EPAM.MyBlog.DAL.DB/obj/Debug/EPAM.MyBlog.DAL.DB.dll
0 Bytes b/‎EPAM.MyBlog.DAL.DB/obj/Debug/EPAM.MyBlog.DAL.DB.dll
0 Bytes
diff --git a/‎EPAM.MyBlog.DAL.DB/obj/Debug/EPAM.MyBlog.DAL.DB.pdb
0 Bytes b/‎EPAM.MyBlog.DAL.DB/obj/Debug/EPAM.MyBlog.DAL.DB.pdb
0 Bytes
diff --git a/‎EPAM.MyBlog.UI.Web/Content/css/style.css
Lines changed: 4 additions & 0 deletions b/‎EPAM.MyBlog.UI.Web/Content/css/style.css
Lines changed: 4 additions & 0 deletions
diff --git a/‎EPAM.MyBlog.UI.Web/Content/img/403.jpg
9.31 KB b/‎EPAM.MyBlog.UI.Web/Content/img/403.jpg
9.31 KB
diff --git a/‎EPAM.MyBlog.UI.Web/Content/img/404.jpg
32.8 KB b/‎EPAM.MyBlog.UI.Web/Content/img/404.jpg
32.8 KB
diff --git a/‎EPAM.MyBlog.UI.Web/Controllers/AccountController.cs
Lines changed: 27 additions & 19 deletions b/‎EPAM.MyBlog.UI.Web/Controllers/AccountController.cs
Lines changed: 27 additions & 19 deletions
diff --git a/‎EPAM.MyBlog.UI.Web/Controllers/AdminController.cs
Lines changed: 14 additions & 3 deletions b/‎EPAM.MyBlog.UI.Web/Controllers/AdminController.cs
Lines changed: 14 additions & 3 deletions
diff --git a/‎EPAM.MyBlog.UI.Web/Controllers/CommentController.cs
Lines changed: 1 addition & 0 deletions b/‎EPAM.MyBlog.UI.Web/Controllers/CommentController.cs
Lines changed: 1 addition & 0 deletions
diff --git a/‎EPAM.MyBlog.UI.Web/Controllers/FilesController.cs
Lines changed: 1 addition & 0 deletions b/‎EPAM.MyBlog.UI.Web/Controllers/FilesController.cs
Lines changed: 1 addition & 0 deletions
diff --git a/‎EPAM.MyBlog.UI.Web/Controllers/HomeController.cs
Lines changed: 27 additions & 0 deletions b/‎EPAM.MyBlog.UI.Web/Controllers/HomeController.cs
Lines changed: 27 additions & 0 deletions
diff --git a/‎EPAM.MyBlog.UI.Web/Controllers/PostController.cs
Lines changed: 22 additions & 0 deletions b/‎EPAM.MyBlog.UI.Web/Controllers/PostController.cs
Lines changed: 22 additions & 0 deletions
@@ -150,6 +150,7 @@ public void SaveReason(string reason)
                 SqlCommand command = new SqlCommand("INSERT INTO dbo.Reasons VALUES (@Reason)", con);
                 command.Parameters.Add(new SqlParameter("@Reason", reason));
                 con.Open();
+                command.ExecuteNonQuery();
             }
         }
 
 
@@ -196,4 +196,8 @@ p {
 .editor-field-comment textarea {
     width : 450px;
     height : 100px;
+}
+
+.comment{
+    padding:10px;
 }
@@ -26,14 +26,8 @@ public ActionResult Index()
         //
         // GET: /Account/
         [AllowAnonymous]
-        public ActionResult Login(string ReturnUrl)
+        public ActionResult Login()
         {
-
-            if (string.IsNullOrWhiteSpace(ReturnUrl))
-            {
-                ReturnUrl = "";
-            }
-            ViewData.Add("ReturnUrl", ReturnUrl);
             if (Request.IsAjaxRequest())
                 return PartialView("Login");
             return View();
@@ -42,7 +36,7 @@ public ActionResult Login(string ReturnUrl)
         [AllowAnonymous]
         [ValidateAntiForgeryToken]
         [HttpPost]
-        public ActionResult Login(LoginModel model, string ReturnUrl)
+        public ActionResult Login(LoginModel model)
         {
             var checkbox = Request.Form["remember1"];
             if (checkbox == "on")
@@ -58,14 +52,8 @@ public ActionResult Login(LoginModel model, string ReturnUrl)
                 string Result;
                 if (model.Login(out Result))
                 {
-                    if (!string.IsNullOrWhiteSpace(ReturnUrl))
-                    {
-                        return Redirect(ReturnUrl);
-                    }
-                    else
-                    {
-                        return RedirectToAction("Index", "Home");
-                    }
+
+                   return RedirectToAction("Index", "Home");
                 }
                 else
                 {
@@ -138,6 +126,7 @@ public ActionResult LogOut(ConfirmModel model)
                 {
                     LoginModel.LogOut();
                     logger.Info("Пользователь вышел из системы: " + User.Identity.Name);
+                    return RedirectToAction("Index", "Home");
 
                 }
                 return RedirectToAction("Index", "Home");
@@ -148,22 +137,28 @@ public ActionResult LogOut(ConfirmModel model)
         }
 
         [AllowAnonymous]
-        [ChildActionOnly]
+
         public ActionResult State()
         {
+            if (Request.IsAjaxRequest())
+                return PartialView("State");
             return PartialView();
         }
+
+
         [AllowAnonymous]
-        [ChildActionOnly]
+        //[ChildActionOnly]
         public ActionResult MenuState()
         {
+            if (Request.IsAjaxRequest())
+                return PartialView("MenuState");
             return PartialView();
         }
 
 
 
         [AllowAnonymous]
-        [ChildActionOnly]
+
         public ActionResult TitleState()
         {
             return PartialView();
@@ -188,6 +183,7 @@ public ActionResult DeleteAc(ConfirmModel model)
                     LoginModel.SaveReason(model.Reason);
                     LoginModel.DeleteUser(User.Identity.Name);
                     logger.Info("Пользователь удалил свой аккаунт с логином: " + User.Identity.Name);
+                    return RedirectToAction("Index", "Home");
                 }
                 else
                 {
@@ -296,12 +292,16 @@ public ActionResult EditDate(UserAboutModel model)
                 else
                 {
                     logger.Error("Ошибка при изменении даты рождения пользователя: " + User.Identity.Name);
+                    if (Request.IsAjaxRequest())
+                        return PartialView("EditDate");
                     return View(model);
                 }
             }
             else
             {
                 logger.Debug("Невалидная модель при изменении даты рождения пользователе: " + User.Identity.Name);
+                if (Request.IsAjaxRequest())
+                    return PartialView("EditDate");
                 return View(model);
             }
         }
@@ -334,12 +334,16 @@ public ActionResult EditName(UserAboutModel model)
                 else
                 {
                     logger.Error("Ошибка при изменении имени пользователя: " + User.Identity.Name);
+                    if (Request.IsAjaxRequest())
+                        return PartialView("EditName");
                     return View(model);
                 }
             }
             else
             {
                 logger.Debug("Невалидная модель при изменении имени пользователя: " + User.Identity.Name);
+                if (Request.IsAjaxRequest())
+                    return PartialView("EditName");
                 return View(model);
             }
         }
@@ -373,12 +377,16 @@ public ActionResult EditAbout(UserAboutModel model)
                 else
                 {
                     logger.Error("Ошибка при изменении информации о себе пользователя: " + User.Identity.Name);
+                    if (Request.IsAjaxRequest())
+                        return PartialView("EditAbout");
                     return View(model);
                 }
             }
             else
             {
                 logger.Debug("Невалидная модель при изменении информации о себе пользователя: " + User.Identity.Name);
+                if (Request.IsAjaxRequest())
+                    return PartialView("EditAbout");
                 return View(model);
             }
         }
 
@@ -112,8 +112,8 @@ public ActionResult UserComments(string name)
         public ActionResult DeletePost(Guid Id, string name)
         {
             var post = PostModel.GetPostById(Id);
-            ViewData["Title"] = post.Title;
             ViewData["name"] = name;
+            ViewData["ptitle"] = post.Title;
             if (Request.IsAjaxRequest())
                 return PartialView("DeletePost");
             return View();
@@ -133,12 +133,16 @@ public ActionResult DeletePost(Guid id, ConfirmModel model, string name)
                 else
                 {
                     logger.Error("Ошибка удаления поста " + id);
+                    if (Request.IsAjaxRequest())
+                        return PartialView("DeletePost");
                     return View();
                 }
             }
             else
             {
                 logger.Debug("Невалидная модель удаления поста " + id);
+                if (Request.IsAjaxRequest())
+                    return PartialView("DeletePost");
                 return View();
             }
         }
@@ -168,15 +172,22 @@ public ActionResult DeleteComment(Guid id, ConfirmModel model, string name)
                 if (CommentModel.Delete(id))
                 {
                     logger.Info("Удаление комментария " + id);
-                    return RedirectToAction("UserComments", "Admin", new {name = name});
+                    return RedirectToAction("UserComments", "Admin", new { name = name });
                 }
                 else
                 {
                     logger.Error("Ошибка удаления комментария " + id);
+                    if (Request.IsAjaxRequest())
+                        return PartialView("DeleteComment");
                     return View();
                 }
             }
-            return View();
+            else
+            {
+                if (Request.IsAjaxRequest())
+                    return PartialView("DeleteComment");
+                return View();
+            }
         }
 
 
 
@@ -8,6 +8,7 @@
 
 namespace EPAM.MyBlog.UI.Web.Controllers
 {
+    
     public class CommentController : Controller
     {
         private static ILog logger = LogManager.GetLogger(typeof(CommentController));
 
@@ -8,6 +8,7 @@
 
 namespace EPAM.MyBlog.UI.Web.Controllers
 {
+    [Authorize(Roles = "User")]
     public class FilesController : Controller
     {
 
 
@@ -25,5 +25,32 @@ public ActionResult Help()
             return View();
         }
 
+        public ActionResult HttpError()
+        {
+            if (Request.IsAjaxRequest())
+                return PartialView("HttpError");
+            return View();
+        }
+
+        public ActionResult HttpError404()
+        {
+            if (Request.IsAjaxRequest())
+                return PartialView("HttpError404");
+            return View();
+        }
+
+        public ActionResult HttpError500()
+        {
+            if (Request.IsAjaxRequest())
+                return PartialView("HttpError500");
+            return View();
+        }
+
+        public ActionResult HttpError403()
+        {
+            if (Request.IsAjaxRequest())
+                return PartialView("HttpError403");
+            return View();
+        }
     }
 }
@@ -37,12 +37,18 @@ public ActionResult NewPost()
         }
 
         [HttpPost]
+        [ValidateInput(true)]
         public ActionResult NewPost(PostModel model)
         {
             model.Id = Guid.NewGuid();
             model.Time = DateTime.Now;
             if (ModelState.IsValid)
             {
+                if (model.Text.ToLower().IndexOf("<script>") != -1 || model.Text.ToLower().IndexOf("style") != -1)
+                {
+                    if (Request.IsAjaxRequest())
+                        return PartialView("NewPost");
+                }
                 //string Result;
                 if (model.AddPost(User.Identity.Name.ToString()))
                 {
@@ -51,9 +57,13 @@ public ActionResult NewPost(PostModel model)
                 }
                 else
                 {
+                    if (Request.IsAjaxRequest())
+                        return PartialView("NewPost");
                     return View();
                 }
             }
+            if (Request.IsAjaxRequest())
+                return PartialView("NewPost");
             return View();
         }
 
@@ -65,6 +75,7 @@ public ActionResult MyPosts()
             return View(PresentPostModel.GetAllPostsTitle(User.Identity.Name));
         }
 
+        [AllowAnonymous]
         public ActionResult Posts(Guid Id)
         {
             ViewData["Check"] = PostModel.CheckFavorite(User.Identity.Name, Id).ToString();
@@ -103,6 +114,11 @@ public ActionResult Edit(PostModel post)
             post.Time = DateTime.Now;
             if (ModelState.IsValid)
             {
+                if (post.Text.ToLower().IndexOf("<script>") != -1 || post.Text.ToLower().IndexOf("style") != -1)
+                {
+                    if (Request.IsAjaxRequest())
+                        return PartialView("Edit");
+                }
                 if (post.EditPost())
                 {
                     logger.Info("Изменен пост id: " + post.Id + "у пользователя: " + User.Identity.Name);
@@ -139,6 +155,7 @@ public ActionResult Delete(Guid id, ConfirmModel model)
             {
                 if (model.Confirm)
                 {
+
                     if (PostModel.Delete(id))
                     {
                         logger.Info("Удален пост id: " + id + "у пользователя: " + User.Identity.Name);
@@ -186,6 +203,8 @@ public ActionResult DeleteFavorite(Guid id, ConfirmModel model)
                     else
                     {
                         logger.Error("Ошибка при удалении поста id: " + id + "из Избранного у пользователя: " + User.Identity.Name);
+                        if (Request.IsAjaxRequest())
+                            return PartialView("DeleteFavorite", new { Id = id });
                         return View();
                     }
                 }
@@ -194,9 +213,12 @@ public ActionResult DeleteFavorite(Guid id, ConfirmModel model)
                     return RedirectToAction("Favorite", "Post");
                 }
             }
+            if (Request.IsAjaxRequest())
+                return PartialView("DeleteFavorite");
             return View();
         }
 
+        [AllowAnonymous]
         public ActionResult Comments(Guid id)
         {
             return View();
Original file line number	Diff line number	Diff line change
`@@ -150,6 +150,7 @@ public void SaveReason(string reason)`
`150`	`150`	`SqlCommand command = new SqlCommand("INSERT INTO dbo.Reasons VALUES (@Reason)", con);`
`151`	`151`	`command.Parameters.Add(new SqlParameter("@Reason", reason));`
`152`	`152`	`con.Open();`
	`153`	`+ command.ExecuteNonQuery();`
`153`	`154`	`}`
`154`	`155`	`}`
`155`	`156`
Original file line number	Diff line number	Diff line change
`@@ -196,4 +196,8 @@ p {`
`196`	`196`	`.editor-field-comment textarea {`
`197`	`197`	`width : 450px;`
`198`	`198`	`height : 100px;`
	`199`	`+}`
	`200`	`+`
	`201`	`+.comment{`
	`202`	`+ padding:10px;`
`199`	`203`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,14 +26,8 @@ public ActionResult Index()`
`26`	`26`	`//`
`27`	`27`	`// GET: /Account/`
`28`	`28`	`[AllowAnonymous]`
`29`		`- public ActionResult Login(string ReturnUrl)`
	`29`	`+ public ActionResult Login()`
`30`	`30`	`{`
`31`		`-`
`32`		`- if (string.IsNullOrWhiteSpace(ReturnUrl))`
`33`		`- {`
`34`		`- ReturnUrl = "";`
`35`		`- }`
`36`		`- ViewData.Add("ReturnUrl", ReturnUrl);`
`37`	`31`	`if (Request.IsAjaxRequest())`
`38`	`32`	`return PartialView("Login");`
`39`	`33`	`return View();`
`@@ -42,7 +36,7 @@ public ActionResult Login(string ReturnUrl)`
`42`	`36`	`[AllowAnonymous]`
`43`	`37`	`[ValidateAntiForgeryToken]`
`44`	`38`	`[HttpPost]`
`45`		`- public ActionResult Login(LoginModel model, string ReturnUrl)`
	`39`	`+ public ActionResult Login(LoginModel model)`
`46`	`40`	`{`
`47`	`41`	`var checkbox = Request.Form["remember1"];`
`48`	`42`	`if (checkbox == "on")`
`@@ -58,14 +52,8 @@ public ActionResult Login(LoginModel model, string ReturnUrl)`
`58`	`52`	`string Result;`
`59`	`53`	`if (model.Login(out Result))`
`60`	`54`	`{`
`61`		`- if (!string.IsNullOrWhiteSpace(ReturnUrl))`
`62`		`- {`
`63`		`- return Redirect(ReturnUrl);`
`64`		`- }`
`65`		`- else`
`66`		`- {`
`67`		`- return RedirectToAction("Index", "Home");`
`68`		`- }`
	`55`	`+`
	`56`	`+ return RedirectToAction("Index", "Home");`
`69`	`57`	`}`
`70`	`58`	`else`
`71`	`59`	`{`
`@@ -138,6 +126,7 @@ public ActionResult LogOut(ConfirmModel model)`
`138`	`126`	`{`
`139`	`127`	`LoginModel.LogOut();`
`140`	`128`	`logger.Info("Пользователь вышел из системы: " + User.Identity.Name);`
	`129`	`+ return RedirectToAction("Index", "Home");`
`141`	`130`
`142`	`131`	`}`
`143`	`132`	`return RedirectToAction("Index", "Home");`
`@@ -148,22 +137,28 @@ public ActionResult LogOut(ConfirmModel model)`
`148`	`137`	`}`
`149`	`138`
`150`	`139`	`[AllowAnonymous]`
`151`		`- [ChildActionOnly]`
	`140`	`+`
`152`	`141`	`public ActionResult State()`
`153`	`142`	`{`
	`143`	`+ if (Request.IsAjaxRequest())`
	`144`	`+ return PartialView("State");`
`154`	`145`	`return PartialView();`
`155`	`146`	`}`
	`147`	`+`
	`148`	`+`
`156`	`149`	`[AllowAnonymous]`
`157`		`- [ChildActionOnly]`
	`150`	`+ //[ChildActionOnly]`
`158`	`151`	`public ActionResult MenuState()`
`159`	`152`	`{`
	`153`	`+ if (Request.IsAjaxRequest())`
	`154`	`+ return PartialView("MenuState");`
`160`	`155`	`return PartialView();`
`161`	`156`	`}`
`162`	`157`
`163`	`158`
`164`	`159`
`165`	`160`	`[AllowAnonymous]`
`166`		`- [ChildActionOnly]`
	`161`	`+`
`167`	`162`	`public ActionResult TitleState()`
`168`	`163`	`{`
`169`	`164`	`return PartialView();`
`@@ -188,6 +183,7 @@ public ActionResult DeleteAc(ConfirmModel model)`
`188`	`183`	`LoginModel.SaveReason(model.Reason);`
`189`	`184`	`LoginModel.DeleteUser(User.Identity.Name);`
`190`	`185`	`logger.Info("Пользователь удалил свой аккаунт с логином: " + User.Identity.Name);`
	`186`	`+ return RedirectToAction("Index", "Home");`
`191`	`187`	`}`
`192`	`188`	`else`
`193`	`189`	`{`
`@@ -296,12 +292,16 @@ public ActionResult EditDate(UserAboutModel model)`
`296`	`292`	`else`
`297`	`293`	`{`
`298`	`294`	`logger.Error("Ошибка при изменении даты рождения пользователя: " + User.Identity.Name);`
	`295`	`+ if (Request.IsAjaxRequest())`
	`296`	`+ return PartialView("EditDate");`
`299`	`297`	`return View(model);`
`300`	`298`	`}`
`301`	`299`	`}`
`302`	`300`	`else`
`303`	`301`	`{`
`304`	`302`	`logger.Debug("Невалидная модель при изменении даты рождения пользователе: " + User.Identity.Name);`
	`303`	`+ if (Request.IsAjaxRequest())`
	`304`	`+ return PartialView("EditDate");`
`305`	`305`	`return View(model);`
`306`	`306`	`}`
`307`	`307`	`}`
`@@ -334,12 +334,16 @@ public ActionResult EditName(UserAboutModel model)`
`334`	`334`	`else`
`335`	`335`	`{`
`336`	`336`	`logger.Error("Ошибка при изменении имени пользователя: " + User.Identity.Name);`
	`337`	`+ if (Request.IsAjaxRequest())`
	`338`	`+ return PartialView("EditName");`
`337`	`339`	`return View(model);`
`338`	`340`	`}`
`339`	`341`	`}`
`340`	`342`	`else`
`341`	`343`	`{`
`342`	`344`	`logger.Debug("Невалидная модель при изменении имени пользователя: " + User.Identity.Name);`
	`345`	`+ if (Request.IsAjaxRequest())`
	`346`	`+ return PartialView("EditName");`
`343`	`347`	`return View(model);`
`344`	`348`	`}`
`345`	`349`	`}`
`@@ -373,12 +377,16 @@ public ActionResult EditAbout(UserAboutModel model)`
`373`	`377`	`else`
`374`	`378`	`{`
`375`	`379`	`logger.Error("Ошибка при изменении информации о себе пользователя: " + User.Identity.Name);`
	`380`	`+ if (Request.IsAjaxRequest())`
	`381`	`+ return PartialView("EditAbout");`
`376`	`382`	`return View(model);`
`377`	`383`	`}`
`378`	`384`	`}`
`379`	`385`	`else`
`380`	`386`	`{`
`381`	`387`	`logger.Debug("Невалидная модель при изменении информации о себе пользователя: " + User.Identity.Name);`
	`388`	`+ if (Request.IsAjaxRequest())`
	`389`	`+ return PartialView("EditAbout");`
`382`	`390`	`return View(model);`
`383`	`391`	`}`
`384`	`392`	`}`
Original file line number	Diff line number	Diff line change
`@@ -112,8 +112,8 @@ public ActionResult UserComments(string name)`
`112`	`112`	`public ActionResult DeletePost(Guid Id, string name)`
`113`	`113`	`{`
`114`	`114`	`var post = PostModel.GetPostById(Id);`
`115`		`- ViewData["Title"] = post.Title;`
`116`	`115`	`ViewData["name"] = name;`
	`116`	`+ ViewData["ptitle"] = post.Title;`
`117`	`117`	`if (Request.IsAjaxRequest())`
`118`	`118`	`return PartialView("DeletePost");`
`119`	`119`	`return View();`
`@@ -133,12 +133,16 @@ public ActionResult DeletePost(Guid id, ConfirmModel model, string name)`
`133`	`133`	`else`
`134`	`134`	`{`
`135`	`135`	`logger.Error("Ошибка удаления поста " + id);`
	`136`	`+ if (Request.IsAjaxRequest())`
	`137`	`+ return PartialView("DeletePost");`
`136`	`138`	`return View();`
`137`	`139`	`}`
`138`	`140`	`}`
`139`	`141`	`else`
`140`	`142`	`{`
`141`	`143`	`logger.Debug("Невалидная модель удаления поста " + id);`
	`144`	`+ if (Request.IsAjaxRequest())`
	`145`	`+ return PartialView("DeletePost");`
`142`	`146`	`return View();`
`143`	`147`	`}`
`144`	`148`	`}`
`@@ -168,15 +172,22 @@ public ActionResult DeleteComment(Guid id, ConfirmModel model, string name)`
`168`	`172`	`if (CommentModel.Delete(id))`
`169`	`173`	`{`
`170`	`174`	`logger.Info("Удаление комментария " + id);`
`171`		`- return RedirectToAction("UserComments", "Admin", new {name = name});`
	`175`	`+ return RedirectToAction("UserComments", "Admin", new { name = name });`
`172`	`176`	`}`
`173`	`177`	`else`
`174`	`178`	`{`
`175`	`179`	`logger.Error("Ошибка удаления комментария " + id);`
	`180`	`+ if (Request.IsAjaxRequest())`
	`181`	`+ return PartialView("DeleteComment");`
`176`	`182`	`return View();`
`177`	`183`	`}`
`178`	`184`	`}`
`179`		`- return View();`
	`185`	`+ else`
	`186`	`+ {`
	`187`	`+ if (Request.IsAjaxRequest())`
	`188`	`+ return PartialView("DeleteComment");`
	`189`	`+ return View();`
	`190`	`+ }`
`180`	`191`	`}`
`181`	`192`
`182`	`193`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@`
`8`	`8`
`9`	`9`	`namespace EPAM.MyBlog.UI.Web.Controllers`
`10`	`10`	`{`
	`11`	`+`
`11`	`12`	`public class CommentController : Controller`
`12`	`13`	`{`
`13`	`14`	`private static ILog logger = LogManager.GetLogger(typeof(CommentController));`
Original file line number	Diff line number	Diff line change
`@@ -37,12 +37,18 @@ public ActionResult NewPost()`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`[HttpPost]`
	`40`	`+ [ValidateInput(true)]`
`40`	`41`	`public ActionResult NewPost(PostModel model)`
`41`	`42`	`{`
`42`	`43`	`model.Id = Guid.NewGuid();`
`43`	`44`	`model.Time = DateTime.Now;`
`44`	`45`	`if (ModelState.IsValid)`
`45`	`46`	`{`
	`47`	`+ if (model.Text.ToLower().IndexOf("<script>") != -1 \|\| model.Text.ToLower().IndexOf("style") != -1)`
	`48`	`+ {`
	`49`	`+ if (Request.IsAjaxRequest())`
	`50`	`+ return PartialView("NewPost");`
	`51`	`+ }`
`46`	`52`	`//string Result;`
`47`	`53`	`if (model.AddPost(User.Identity.Name.ToString()))`
`48`	`54`	`{`
`@@ -51,9 +57,13 @@ public ActionResult NewPost(PostModel model)`
`51`	`57`	`}`
`52`	`58`	`else`
`53`	`59`	`{`
	`60`	`+ if (Request.IsAjaxRequest())`
	`61`	`+ return PartialView("NewPost");`
`54`	`62`	`return View();`
`55`	`63`	`}`
`56`	`64`	`}`
	`65`	`+ if (Request.IsAjaxRequest())`
	`66`	`+ return PartialView("NewPost");`
`57`	`67`	`return View();`
`58`	`68`	`}`
`59`	`69`
`@@ -65,6 +75,7 @@ public ActionResult MyPosts()`
`65`	`75`	`return View(PresentPostModel.GetAllPostsTitle(User.Identity.Name));`
`66`	`76`	`}`
`67`	`77`
	`78`	`+ [AllowAnonymous]`
`68`	`79`	`public ActionResult Posts(Guid Id)`
`69`	`80`	`{`
`70`	`81`	`ViewData["Check"] = PostModel.CheckFavorite(User.Identity.Name, Id).ToString();`
`@@ -103,6 +114,11 @@ public ActionResult Edit(PostModel post)`
`103`	`114`	`post.Time = DateTime.Now;`
`104`	`115`	`if (ModelState.IsValid)`
`105`	`116`	`{`
	`117`	`+ if (post.Text.ToLower().IndexOf("<script>") != -1 \|\| post.Text.ToLower().IndexOf("style") != -1)`
	`118`	`+ {`
	`119`	`+ if (Request.IsAjaxRequest())`
	`120`	`+ return PartialView("Edit");`
	`121`	`+ }`
`106`	`122`	`if (post.EditPost())`
`107`	`123`	`{`
`108`	`124`	`logger.Info("Изменен пост id: " + post.Id + "у пользователя: " + User.Identity.Name);`
`@@ -139,6 +155,7 @@ public ActionResult Delete(Guid id, ConfirmModel model)`
`139`	`155`	`{`
`140`	`156`	`if (model.Confirm)`
`141`	`157`	`{`
	`158`	`+`
`142`	`159`	`if (PostModel.Delete(id))`
`143`	`160`	`{`
`144`	`161`	`logger.Info("Удален пост id: " + id + "у пользователя: " + User.Identity.Name);`
`@@ -186,6 +203,8 @@ public ActionResult DeleteFavorite(Guid id, ConfirmModel model)`
`186`	`203`	`else`
`187`	`204`	`{`
`188`	`205`	`logger.Error("Ошибка при удалении поста id: " + id + "из Избранного у пользователя: " + User.Identity.Name);`
	`206`	`+ if (Request.IsAjaxRequest())`
	`207`	`+ return PartialView("DeleteFavorite", new { Id = id });`
`189`	`208`	`return View();`
`190`	`209`	`}`
`191`	`210`	`}`
`@@ -194,9 +213,12 @@ public ActionResult DeleteFavorite(Guid id, ConfirmModel model)`
`194`	`213`	`return RedirectToAction("Favorite", "Post");`
`195`	`214`	`}`
`196`	`215`	`}`
	`216`	`+ if (Request.IsAjaxRequest())`
	`217`	`+ return PartialView("DeleteFavorite");`
`197`	`218`	`return View();`
`198`	`219`	`}`
`199`	`220`
	`221`	`+ [AllowAnonymous]`
`200`	`222`	`public ActionResult Comments(Guid id)`
`201`	`223`	`{`
`202`	`224`	`return View();`