Mercurial > p > roundup > code
annotate roundup/cgi/client.py @ 4962:63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
This adds whitelist of safe extensions based on analysis of all
committed mime-types to bugs.python.org and issues.roun...org
In future whitelist can be turned off with option
'render_unsafe_content' (like in Trac), but adding this new
feature requires minor version bump.
| author | anatoly techtonik <techtonik@gmail.com> |
|---|---|
| date | Sat, 17 Jan 2015 21:06:04 +0300 |
| parents | 24209344b507 |
| children | f1a2bd1dea77 |
| rev | line source |
|---|---|
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1 """WWW request handler (also used in the stand-alone server). |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 """ |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
3 __docformat__ = 'restructuredtext' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
5 import base64, binascii, cgi, codecs, mimetypes, os |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
6 import quopri, random, re, rfc822, stat, sys, time |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
7 import socket, errno |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
8 from traceback import format_exc |
|
2233
3d9bb1a052d1
fix random seeding for forking server
Richard Jones <richard@users.sourceforge.net>
parents:
2230
diff
changeset
|
9 |
|
4638
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
10 try: |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
11 from OpenSSL.SSL import SysCallError |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
12 except ImportError: |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
13 SysCallError = None |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
14 |
|
2004
1782fe36e7b8
Move out parts of client.py to new modules:
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1987
diff
changeset
|
15 from roundup import roundupdb, date, hyperdb, password |
|
2557
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
16 from roundup.cgi import templating, cgitb, TranslationService |
|
2004
1782fe36e7b8
Move out parts of client.py to new modules:
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1987
diff
changeset
|
17 from roundup.cgi.actions import * |
| 3396 | 18 from roundup.exceptions import * |
|
2004
1782fe36e7b8
Move out parts of client.py to new modules:
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1987
diff
changeset
|
19 from roundup.cgi.exceptions import * |
|
1782fe36e7b8
Move out parts of client.py to new modules:
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1987
diff
changeset
|
20 from roundup.cgi.form_parser import FormParser |
|
4114
da682f38bad3
bug introduced in the migration to the email package (issue 2550531)
Richard Jones <richard@users.sourceforge.net>
parents:
4109
diff
changeset
|
21 from roundup.mailer import Mailer, MessageSendError, encode_quopri |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
22 from roundup.cgi import accept_language |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
23 from roundup import xmlrpc |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
24 |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
25 from roundup.anypy.cookie_ import CookieError, BaseCookie, SimpleCookie, \ |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
26 get_cookie_date |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
27 from roundup.anypy.io_ import StringIO |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
28 from roundup.anypy import http_ |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
29 from roundup.anypy import urllib_ |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
30 |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
31 from email.MIMEBase import MIMEBase |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
32 from email.MIMEText import MIMEText |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
33 from email.MIMEMultipart import MIMEMultipart |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
34 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
35 def initialiseSecurity(security): |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
36 '''Create some Permissions and Roles on the security object |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
37 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
38 This function is directly invoked by security.Security.__init__() |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
39 as a part of the Security object instantiation. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
40 ''' |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
41 p = security.addPermission(name="Web Access", |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
42 description="User may access the web interface") |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
43 security.addPermissionToRole('Admin', p) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
44 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
45 # doing Role stuff through the web - make sure Admin can |
|
3276
3124e578db02
Email fixes:
Richard Jones <richard@users.sourceforge.net>
parents:
3069
diff
changeset
|
46 # TODO: deprecate this and use a property-based control |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
47 p = security.addPermission(name="Web Roles", |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
48 description="User may manipulate user Roles through the web") |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
49 security.addPermissionToRole('Admin', p) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
50 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
51 def add_message(msg_list, msg, escape=True): |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
52 if escape: |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
53 msg = cgi.escape(msg).replace('\n', '<br />\n') |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
54 else: |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
55 msg = msg.replace('\n', '<br />\n') |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
56 msg_list.append (msg) |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
57 return msg_list # for unittests |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
58 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
59 default_err_msg = ''"""<html><head><title>An error has occurred</title></head> |
|
3554
5e70726a86dd
fixed schema migration problem when Class keys were removed
Richard Jones <richard@users.sourceforge.net>
parents:
3551
diff
changeset
|
60 <body><h1>An error has occurred</h1> |
|
3551
3c70ab03c917
translate error message shown instead of tracebacks, add page title
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3548
diff
changeset
|
61 <p>A problem was encountered processing your request. |
|
3c70ab03c917
translate error message shown instead of tracebacks, add page title
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3548
diff
changeset
|
62 The tracker maintainers have been notified of the problem.</p> |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
63 </body></html>""" |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
64 |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
65 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
66 class LiberalCookie(SimpleCookie): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
67 """ Python's SimpleCookie throws an exception if the cookie uses invalid |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
68 syntax. Other applications on the same server may have done precisely |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
69 this, preventing roundup from working through no fault of roundup. |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
70 Numerous other python apps have run into the same problem: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
71 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
72 trac: http://trac.edgewall.org/ticket/2256 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
73 mailman: http://bugs.python.org/issue472646 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
74 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
75 This particular implementation comes from trac's solution to the |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
76 problem. Unfortunately it requires some hackery in SimpleCookie's |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
77 internals to provide a more liberal __set method. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
78 """ |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
79 def load(self, rawdata, ignore_parse_errors=True): |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
80 if ignore_parse_errors: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
81 self.bad_cookies = [] |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
82 self._BaseCookie__set = self._loose_set |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
83 SimpleCookie.load(self, rawdata) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
84 if ignore_parse_errors: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
85 self._BaseCookie__set = self._strict_set |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
86 for key in self.bad_cookies: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
87 del self[key] |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
88 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
89 _strict_set = BaseCookie._BaseCookie__set |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
90 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
91 def _loose_set(self, key, real_value, coded_value): |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
92 try: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
93 self._strict_set(key, real_value, coded_value) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
94 except CookieError: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
95 self.bad_cookies.append(key) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
96 dict.__setitem__(self, key, None) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
97 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
98 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
99 class Session: |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
100 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
101 Needs DB to be already opened by client |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
102 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
103 Session attributes at instantiation: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
104 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
105 - "client" - reference to client for add_cookie function |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
106 - "session_db" - session DB manager |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
107 - "cookie_name" - name of the cookie with session id |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
108 - "_sid" - session id for current user |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
109 - "_data" - session data cache |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
110 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
111 session = Session(client) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
112 session.set(name=value) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
113 value = session.get(name) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
114 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
115 session.destroy() # delete current session |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
116 session.clean_up() # clean up session table |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
117 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
118 session.update(set_cookie=True, expire=3600*24*365) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
119 # refresh session expiration time, setting persistent |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
120 # cookie if needed to last for 'expire' seconds |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
121 |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
122 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
123 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
124 def __init__(self, client): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
125 self._data = {} |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
126 self._sid = None |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
127 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
128 self.client = client |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
129 self.session_db = client.db.getSessionManager() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
130 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
131 # parse cookies for session id |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
132 self.cookie_name = 'roundup_session_%s' % \ |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
133 re.sub('[^a-zA-Z]', '', client.instance.config.TRACKER_NAME) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
134 cookies = LiberalCookie(client.env.get('HTTP_COOKIE', '')) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
135 if self.cookie_name in cookies: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
136 if not self.session_db.exists(cookies[self.cookie_name].value): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
137 self._sid = None |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
138 # remove old cookie |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
139 self.client.add_cookie(self.cookie_name, None) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
140 else: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
141 self._sid = cookies[self.cookie_name].value |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
142 self._data = self.session_db.getall(self._sid) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
143 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
144 def _gen_sid(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
145 """ generate a unique session key """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
146 while 1: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
147 s = '%s%s'%(time.time(), random.random()) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
148 s = binascii.b2a_base64(s).strip() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
149 if not self.session_db.exists(s): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
150 break |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
151 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
152 # clean up the base64 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
153 if s[-1] == '=': |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
154 if s[-2] == '=': |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
155 s = s[:-2] |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
156 else: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
157 s = s[:-1] |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
158 return s |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
159 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
160 def clean_up(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
161 """Remove expired sessions""" |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
162 self.session_db.clean() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
163 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
164 def destroy(self): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
165 self.client.add_cookie(self.cookie_name, None) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
166 self._data = {} |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
167 self.session_db.destroy(self._sid) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
168 self.client.db.commit() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
169 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
170 def get(self, name, default=None): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
171 return self._data.get(name, default) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
172 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
173 def set(self, **kwargs): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
174 self._data.update(kwargs) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
175 if not self._sid: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
176 self._sid = self._gen_sid() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
177 self.session_db.set(self._sid, **self._data) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
178 # add session cookie |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
179 self.update(set_cookie=True) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
180 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
181 # XXX added when patching 1.4.4 for backward compatibility |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
182 # XXX remove |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
183 self.client.session = self._sid |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
184 else: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
185 self.session_db.set(self._sid, **self._data) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
186 self.client.db.commit() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
187 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
188 def update(self, set_cookie=False, expire=None): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
189 """ update timestamp in db to avoid expiration |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
190 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
191 if 'set_cookie' is True, set cookie with 'expire' seconds lifetime |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
192 if 'expire' is None - session will be closed with the browser |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
193 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
194 XXX the session can be purged within a week even if a cookie |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
195 lifetime is longer |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
196 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
197 self.session_db.updateTimestamp(self._sid) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
198 self.client.db.commit() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
199 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
200 if set_cookie: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
201 self.client.add_cookie(self.cookie_name, self._sid, expire=expire) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
202 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
203 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
204 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
205 class Client: |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
206 """Instantiate to handle one CGI request. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
207 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
208 See inner_main for request processing. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
209 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
210 Client attributes at instantiation: |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
211 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
212 - "path" is the PATH_INFO inside the instance (with no leading '/') |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
213 - "base" is the base URL for the instance |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
214 - "form" is the cgi form, an instance of FieldStorage from the standard |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
215 cgi module |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
216 - "additional_headers" is a dictionary of additional HTTP headers that |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
217 should be sent to the client |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
218 - "response_code" is the HTTP response code to send to the client |
|
2557
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
219 - "translator" is TranslationService instance |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
220 |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
221 During the processing of a request, the following attributes are used: |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
222 |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
223 - "db" |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
224 - "_error_message" holds a list of error messages |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
225 - "_ok_message" holds a list of OK messages |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
226 - "session" is deprecated in favor of session_api (XXX remove) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
227 - "session_api" is the interface to store data in session |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
228 - "user" is the current user's name |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
229 - "userid" is the current user's id |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
230 - "template" is the current :template context |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
231 - "classname" is the current class context name |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
232 - "nodeid" is the current context item id |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
233 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
234 Note: _error_message and _ok_message should not be modified |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
235 directly, use add_ok_message and add_error_message, these, by |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
236 default, escape the message added to avoid XSS security issues. |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
237 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
238 User Identification: |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
239 Users that are absent in session data are anonymous and are logged |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
240 in as that user. This typically gives them all Permissions assigned to the |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
241 Anonymous Role. |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
242 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
243 Every user is assigned a session. "session_api" is the interface to work |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
244 with session data. |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
245 |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
246 Special form variables: |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
247 Note that in various places throughout this code, special form |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
248 variables of the form :<name> are used. The colon (":") part may |
|
1436
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
249 actually be one of either ":" or "@". |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
250 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
251 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
252 # charset used for data storage and form templates |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
253 # Note: must be in lower case for comparisons! |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
254 # XXX take this from instance.config? |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
255 STORAGE_CHARSET = 'utf-8' |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
256 |
|
1421
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
257 # |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
258 # special form variables |
|
1421
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
259 # |
|
1436
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
260 FV_TEMPLATE = re.compile(r'[@:]template') |
|
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
261 FV_OK_MESSAGE = re.compile(r'[@:]ok_message') |
|
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
262 FV_ERROR_MESSAGE = re.compile(r'[@:]error_message') |
|
1421
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
263 |
|
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
264 # Note: index page stuff doesn't appear here: |
|
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
265 # columns, sort, sortdir, filter, group, groupdir, search_text, |
|
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
266 # pagesize, startwith |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
267 |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
268 # list of network error codes that shouldn't be reported to tracker admin |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
269 # (error descriptions from FreeBSD intro(2)) |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
270 IGNORE_NET_ERRORS = ( |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
271 # A write on a pipe, socket or FIFO for which there is |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
272 # no process to read the data. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
273 errno.EPIPE, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
274 # A connection was forcibly closed by a peer. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
275 # This normally results from a loss of the connection |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
276 # on the remote socket due to a timeout or a reboot. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
277 errno.ECONNRESET, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
278 # Software caused connection abort. A connection abort |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
279 # was caused internal to your host machine. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
280 errno.ECONNABORTED, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
281 # A connect or send request failed because the connected party |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
282 # did not properly respond after a period of time. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
283 errno.ETIMEDOUT, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
284 ) |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
285 |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
286 def __init__(self, instance, request, env, form=None, translator=None): |
|
2233
3d9bb1a052d1
fix random seeding for forking server
Richard Jones <richard@users.sourceforge.net>
parents:
2230
diff
changeset
|
287 # re-seed the random number generator |
|
3d9bb1a052d1
fix random seeding for forking server
Richard Jones <richard@users.sourceforge.net>
parents:
2230
diff
changeset
|
288 random.seed() |
|
2230
ca2664e095be
disable forking server when os.fork() not available [SF#938586]
Richard Jones <richard@users.sourceforge.net>
parents:
2183
diff
changeset
|
289 self.start = time.time() |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
290 self.instance = instance |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
291 self.request = request |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
292 self.env = env |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
293 self.setTranslator(translator) |
|
1799
071ea6fc803f
Extracted duplicated mail-sending code...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1798
diff
changeset
|
294 self.mailer = Mailer(instance.config) |
|
1004
5f12d3259f31
logout works better now
Richard Jones <richard@users.sourceforge.net>
parents:
1003
diff
changeset
|
295 |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
296 # save off the path |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
297 self.path = env['PATH_INFO'] |
|
1004
5f12d3259f31
logout works better now
Richard Jones <richard@users.sourceforge.net>
parents:
1003
diff
changeset
|
298 |
|
1398
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
299 # this is the base URL for this tracker |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
300 self.base = self.instance.config.TRACKER_WEB |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
301 |
|
4586
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
302 # should cookies be secure? |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
303 self.secure = self.base.startswith ('https') |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
304 |
|
2183
ac24a9c74cca
be paranoid about TRACKER_WEB
Richard Jones <richard@users.sourceforge.net>
parents:
2137
diff
changeset
|
305 # check the tracker_we setting |
|
ac24a9c74cca
be paranoid about TRACKER_WEB
Richard Jones <richard@users.sourceforge.net>
parents:
2137
diff
changeset
|
306 if not self.base.endswith('/'): |
|
ac24a9c74cca
be paranoid about TRACKER_WEB
Richard Jones <richard@users.sourceforge.net>
parents:
2137
diff
changeset
|
307 self.base = self.base + '/' |
|
ac24a9c74cca
be paranoid about TRACKER_WEB
Richard Jones <richard@users.sourceforge.net>
parents:
2137
diff
changeset
|
308 |
|
1398
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
309 # this is the "cookie path" for this tracker (ie. the path part of |
|
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
310 # the "base" url) |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
311 self.cookie_path = urllib_.urlparse(self.base)[2] |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
312 # cookies to set in http responce |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
313 # {(path, name): (value, expire)} |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
314 self._cookies = {} |
|
1398
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
315 |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
316 # see if we need to re-parse the environment for the form (eg Zope) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
317 if form is None: |
|
4344
85b00a3820b3
Fix thread safety with stdin in roundup-server
Richard Jones <richard@users.sourceforge.net>
parents:
4329
diff
changeset
|
318 self.form = cgi.FieldStorage(fp=request.rfile, environ=env) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
319 else: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
320 self.form = form |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
321 |
|
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
322 # turn debugging on/off |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
323 try: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
324 self.debug = int(env.get("ROUNDUP_DEBUG", 0)) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
325 except ValueError: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
326 # someone gave us a non-int debug level, turn it off |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
327 self.debug = 0 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
328 |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
329 # flag to indicate that the HTTP headers have been sent |
|
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
330 self.headers_done = 0 |
|
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
331 |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
332 # additional headers to send with the request - must be registered |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
333 # before the first write |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
334 self.additional_headers = {} |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
335 self.response_code = 200 |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
336 |
|
2947
e611be5ee6c4
initialize self.charset early to enable html output for tracebacks...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2946
diff
changeset
|
337 # default character set |
|
e611be5ee6c4
initialize self.charset early to enable html output for tracebacks...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2946
diff
changeset
|
338 self.charset = self.STORAGE_CHARSET |
|
e611be5ee6c4
initialize self.charset early to enable html output for tracebacks...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2946
diff
changeset
|
339 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
340 # parse cookies (used for charset lookups) |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
341 # use our own LiberalCookie to handle bad apps on the same |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
342 # server that have set cookies that are out of spec |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
343 self.cookie = LiberalCookie(self.env.get('HTTP_COOKIE', '')) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
344 |
|
2928
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
345 self.user = None |
|
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
346 self.userid = None |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
347 self.nodeid = None |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
348 self.classname = None |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
349 self.template = None |
|
2928
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
350 |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
351 def setTranslator(self, translator=None): |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
352 """Replace the translation engine |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
353 |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
354 'translator' |
|
2557
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
355 is TranslationService instance. |
|
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
356 It must define methods 'translate' (TAL-compatible i18n), |
|
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
357 'gettext' and 'ngettext' (gettext-compatible i18n). |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
358 |
|
2557
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
359 If omitted, create default TranslationService. |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
360 """ |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
361 if translator is None: |
|
2808
18c28d22b3b5
pass tracker home directory to get_translation()
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2800
diff
changeset
|
362 translator = TranslationService.get_translation( |
|
2923
29563959c026
language defaults to config option TRACKER_LANGUAGE
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2906
diff
changeset
|
363 language=self.instance.config["TRACKER_LANGUAGE"], |
|
2808
18c28d22b3b5
pass tracker home directory to get_translation()
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2800
diff
changeset
|
364 tracker_home=self.instance.config["TRACKER_HOME"]) |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
365 self.translator = translator |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
366 self._ = self.gettext = translator.gettext |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
367 self.ngettext = translator.ngettext |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
368 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
369 def main(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
370 """ Wrap the real main in a try/finally so we always close off the db. |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
371 """ |
|
1133
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
372 try: |
|
4919
24209344b507
Link /xmlrpc to docs if accessed with browser
anatoly techtonik <techtonik@gmail.com>
parents:
4903
diff
changeset
|
373 if self.path == 'xmlrpc': |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
374 self.handle_xmlrpc() |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
375 else: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
376 self.inner_main() |
|
1133
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
377 finally: |
|
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
378 if hasattr(self, 'db'): |
|
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
379 self.db.close() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
380 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
381 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
382 def handle_xmlrpc(self): |
|
4919
24209344b507
Link /xmlrpc to docs if accessed with browser
anatoly techtonik <techtonik@gmail.com>
parents:
4903
diff
changeset
|
383 if self.env.get('CONTENT_TYPE') != 'text/xml': |
|
24209344b507
Link /xmlrpc to docs if accessed with browser
anatoly techtonik <techtonik@gmail.com>
parents:
4903
diff
changeset
|
|
|
24209344b507
Link /xmlrpc to docs if accessed with browser
anatoly techtonik <techtonik@gmail.com>
parents:
4903
diff
changeset
|
386 "XML-RPC interface</a>.") |
|
24209344b507
Link /xmlrpc to docs if accessed with browser
anatoly techtonik <techtonik@gmail.com>
parents:
4903
diff
changeset
|
387 return |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
388 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
389 # Pull the raw XML out of the form. The "value" attribute |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
390 # will be the raw content of the POST request. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
391 assert self.form.file |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
392 input = self.form.value |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
393 # So that the rest of Roundup can query the form in the |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
394 # usual way, we create an empty list of fields. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
395 self.form.list = [] |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
396 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
397 # Set the charset and language, since other parts of |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
398 # Roundup may depend upon that. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
399 self.determine_charset() |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
400 self.determine_language() |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
401 # Open the database as the correct user. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
402 self.determine_user() |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
403 self.check_anonymous_access() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
404 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
405 # Call the appropriate XML-RPC method. |
| 4083 | 406 handler = xmlrpc.RoundupDispatcher(self.db, |
| 407 self.instance.actions, | |
| 408 self.translator, | |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
409 allow_none=True) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
410 output = handler.dispatch(input) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
411 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
412 self.setHeader("Content-Type", "text/xml") |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
413 self.setHeader("Content-Length", str(len(output))) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
414 self.write(output) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
415 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
416 def add_ok_message(self, msg, escape=True): |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
417 add_message(self._ok_message, msg, escape) |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
418 |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
419 def add_error_message(self, msg, escape=True): |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
420 add_message(self._error_message, msg, escape) |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
421 |
|
1133
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
422 def inner_main(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
423 """Process a request. |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
424 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
425 The most common requests are handled like so: |
|
1054
3d8ea16347aa
more explanatory docstring
Richard Jones <richard@users.sourceforge.net>
parents:
1053
diff
changeset
|
426 |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
427 1. look for charset and language preferences, set up user locale |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
428 see determine_charset, determine_language |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
429 2. figure out who we are, defaulting to the "anonymous" user |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
430 see determine_user |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
431 3. figure out what the request is for - the context |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
432 see determine_context |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
433 4. handle any requested action (item edit, search, ...) |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
434 see handle_action |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
435 5. render a template, resulting in HTML output |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
436 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
437 In some situations, exceptions occur: |
|
1054
3d8ea16347aa
more explanatory docstring
Richard Jones <richard@users.sourceforge.net>
parents:
1053
diff
changeset
|
438 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
439 - HTTP Redirect (generally raised by an action) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
440 - SendFile (generally raised by determine_context) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
441 serve up a FileClass "content" property |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
442 - SendStaticFile (generally raised by determine_context) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
443 serve up a file from the tracker "html" directory |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
444 - Unauthorised (generally raised by an action) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
445 the action is cancelled, the request is rendered and an error |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
446 message is displayed indicating that permission was not |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
447 granted for the action to take place |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
448 - templating.Unauthorised (templating action not permitted) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
449 raised by an attempted rendering of a template when the user |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
450 doesn't have permission |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
451 - NotFound (raised wherever it needs to be) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
452 percolates up to the CGI interface that called the client |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
453 """ |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
454 self._ok_message = [] |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
455 self._error_message = [] |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
456 try: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
457 self.determine_charset() |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
458 self.determine_language() |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
459 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
460 try: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
461 # make sure we're identified (even anonymously) |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
462 self.determine_user() |
|
2938
463902a0fbbb
determine user before context:
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2937
diff
changeset
|
463 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
464 # figure out the context and desired content template |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
465 self.determine_context() |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
466 |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
467 # if we've made it this far the context is to a bit of |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
468 # Roundup's real web interface (not a file being served up) |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
469 # so do the Anonymous Web Acess check now |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
470 self.check_anonymous_access() |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
471 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
472 # possibly handle a form submit action (may change self.classname |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
473 # and self.template, and may also append error/ok_messages) |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
474 html = self.handle_action() |
|
1697
c9f67f2f7ba7
don't open the database for static files
Richard Jones <richard@users.sourceforge.net>
parents:
1692
diff
changeset
|
475 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
476 if html: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
477 self.write_html(html) |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
478 return |
|
2045
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
479 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
480 # now render the page |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
481 # we don't want clients caching our dynamic pages |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
482 self.additional_headers['Cache-Control'] = 'no-cache' |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
483 # Pragma: no-cache makes Mozilla and its ilk |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
484 # double-load all pages!! |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
485 # self.additional_headers['Pragma'] = 'no-cache' |
|
1579
07a6b8587bc2
removed Pragma: no-cache...
Richard Jones <richard@users.sourceforge.net>
parents:
1562
diff
changeset
|
486 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
487 # pages with messages added expire right now |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
488 # simple views may be cached for a small amount of time |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
489 # TODO? make page expire time configurable |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
490 # <rj> always expire pages, as IE just doesn't seem to do the |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
491 # right thing here :( |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
492 date = time.time() - 1 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
493 #if self._error_message or self._ok_message: |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
494 # date = time.time() - 1 |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
495 #else: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
496 # date = time.time() + 5 |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
497 self.additional_headers['Expires'] = rfc822.formatdate(date) |
| 1552 | 498 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
499 # render the content |
|
3896
fca0365521fc
ignore client shutdown exceptions when sending responses
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3867
diff
changeset
|
500 self.write_html(self.renderContext()) |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
501 except SendFile, designator: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
502 # The call to serve_file may result in an Unauthorised |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
503 # exception or a NotModified exception. Those |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
504 # exceptions will be handled by the outermost set of |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
505 # exception handlers. |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
506 self.serve_file(designator) |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
507 except SendStaticFile, file: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
508 self.serve_static_file(str(file)) |
|
3896
fca0365521fc
ignore client shutdown exceptions when sending responses
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3867
diff
changeset
|
509 except IOError: |
|
3900
182ba3207899
wrap comment to less than 75 chars
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3898
diff
changeset
|
510 # IOErrors here are due to the client disconnecting before |
|
4638
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
511 # receiving the reply. |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
512 pass |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
513 except SysCallError: |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
514 # OpenSSL.SSL.SysCallError is similar to IOError above |
|
3896
fca0365521fc
ignore client shutdown exceptions when sending responses
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3867
diff
changeset
|
515 pass |
|
2230
ca2664e095be
disable forking server when os.fork() not available [SF#938586]
Richard Jones <richard@users.sourceforge.net>
parents:
2183
diff
changeset
|
516 |
|
2052
78e6a1e4984e
forward-port from maint branch
Richard Jones <richard@users.sourceforge.net>
parents:
2046
diff
changeset
|
517 except SeriousError, message: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
518 self.write_html(str(message)) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
519 except Redirect, url: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
520 # let's redirect - if the url isn't None, then we need to do |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
521 # the headers, otherwise the headers have been set before the |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
522 # exception was raised |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
523 if url: |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
524 self.additional_headers['Location'] = str(url) |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
525 self.response_code = 302 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
526 self.write_html('Redirecting to <a href="%s">%s</a>'%(url, url)) |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
527 except LoginError, message: |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
528 # The user tried to log in, but did not provide a valid |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
529 # username and password. If we support HTTP |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
530 # authorization, send back a response that will cause the |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
531 # browser to prompt the user again. |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
532 if self.instance.config.WEB_HTTP_AUTH: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
533 self.response_code = http_.client.UNAUTHORIZED |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
534 realm = self.instance.config.TRACKER_NAME |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
535 self.setHeader("WWW-Authenticate", |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
536 "Basic realm=\"%s\"" % realm) |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
537 else: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
538 self.response_code = http_.client.FORBIDDEN |
|
4898
850551a1568b
Fix issue2550843 (AttributeError: 'Unauthorised' object has no attribute 'replace')
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4880
diff
changeset
|
539 self.renderFrontPage(str(message)) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
540 except Unauthorised, message: |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
541 # users may always see the front page |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
542 self.response_code = 403 |
|
4898
850551a1568b
Fix issue2550843 (AttributeError: 'Unauthorised' object has no attribute 'replace')
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4880
diff
changeset
|
543 self.renderFrontPage(str(message)) |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
544 except NotModified: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
545 # send the 304 response |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
546 self.response_code = 304 |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
547 self.header() |
|
3898
dd00c917fc40
per-tracker 404 templating
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3896
diff
changeset
|
548 except NotFound, e: |
|
dd00c917fc40
per-tracker 404 templating
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3896
diff
changeset
|
549 self.response_code = 404 |
|
dd00c917fc40
per-tracker 404 templating
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3896
diff
changeset
|
550 self.template = '404' |
|
dd00c917fc40
per-tracker 404 templating
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3896
diff
changeset
|
551 try: |
|
dd00c917fc40
per-tracker 404 templating
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3896
diff
changeset
|
552 cl = self.db.getclass(self.classname) |
|
dd00c917fc40
per-tracker 404 templating
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3896
diff
changeset
|
553 self.write_html(self.renderContext()) |
|
dd00c917fc40
per-tracker 404 templating
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3896
diff
changeset
|
554 except KeyError: |
|
dd00c917fc40
per-tracker 404 templating
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3896
diff
changeset
|
555 # we can't map the URL to a class we know about |
|
dd00c917fc40
per-tracker 404 templating
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3896
diff
changeset
|
556 # reraise the NotFound and let roundup_server |
|
dd00c917fc40
per-tracker 404 templating
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3896
diff
changeset
|
557 # handle it |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
558 raise NotFound(e) |
|
1818
85fd3d0e7d81
Actually use FormError, so we can move the handling up to inner_main().
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1807
diff
changeset
|
559 except FormError, e: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
560 self.add_error_message(self._('Form Error: ') + str(e)) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
561 self.write_html(self.renderContext()) |
|
4640
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
562 except IOError: |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
563 # IOErrors here are due to the client disconnecting before |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
564 # receiving the reply. |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
565 # may happen during write_html and serve_file, too. |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
566 pass |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
567 except SysCallError: |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
568 # OpenSSL.SSL.SysCallError is similar to IOError above |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
569 # may happen during write_html and serve_file, too. |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
570 pass |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
571 except: |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
572 # Something has gone badly wrong. Therefore, we should |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
573 # make sure that the response code indicates failure. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
574 if self.response_code == http_.client.OK: |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
575 self.response_code = http_.client.INTERNAL_SERVER_ERROR |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
576 # Help the administrator work out what went wrong. |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
577 html = ("<h1>Traceback</h1>" |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
578 + cgitb.html(i18n=self.translator) |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
579 + ("<h1>Environment Variables</h1><table>%s</table>" |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
580 % cgitb.niceDict("", self.env))) |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
581 if not self.instance.config.WEB_DEBUG: |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
582 exc_info = sys.exc_info() |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
583 subject = "Error: %s" % exc_info[1] |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
584 self.send_error_to_admin(subject, html, format_exc()) |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
585 self.write_html(self._(default_err_msg)) |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
586 else: |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
587 self.write_html(html) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
588 |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
589 def clean_sessions(self): |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
590 """Deprecated |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
591 XXX remove |
|
1937
4c850112895b
Some reformatting and fixing docstrings for emacs.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1936
diff
changeset
|
592 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
593 self.clean_up() |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
594 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
595 def clean_up(self): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
596 """Remove expired sessions and One Time Keys. |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
597 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
598 Do it only once an hour. |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
599 """ |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
600 hour = 60*60 |
|
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
601 now = time.time() |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
602 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
603 # XXX: hack - use OTK table to store last_clean time information |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
604 # 'last_clean' string is used instead of otk key |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
605 last_clean = self.db.getOTKManager().get('last_clean', 'last_use', 0) |
|
2046
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
606 if now - last_clean < hour: |
|
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
607 return |
|
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
608 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
609 self.session_api.clean_up() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
610 self.db.getOTKManager().clean() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
611 self.db.getOTKManager().set('last_clean', last_use=now) |
|
3687
ff9f4ca42454
Postgres backend allows transaction collisions to be ignored when...
Richard Jones <richard@users.sourceforge.net>
parents:
3628
diff
changeset
|
612 self.db.commit(fail_ok=True) |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
613 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
614 def determine_charset(self): |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
615 """Look for client charset in the form parameters or browser cookie. |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
616 |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
617 If no charset requested by client, use storage charset (utf-8). |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
618 |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
619 If the charset is found, and differs from the storage charset, |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
620 recode all form fields of type 'text/plain' |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
621 """ |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
622 # look for client charset |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
623 charset_parameter = 0 |
|
4799
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
624 # Python 2.6 form may raise a TypeError if list in form is None |
|
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
625 charset = None |
|
4800
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
626 try: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
627 charset = self.form['@charset'].value |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
628 if charset.lower() == "none": |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
629 charset = "" |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
630 charset_parameter = 1 |
|
4799
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
631 except (KeyError, TypeError): |
|
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
632 pass |
|
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
633 if charset is None and 'roundup_charset' in self.cookie: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
634 charset = self.cookie['roundup_charset'].value |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
635 if charset: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
636 # make sure the charset is recognized |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
637 try: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
638 codecs.lookup(charset) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
639 except LookupError: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
640 self.add_error_message(self._('Unrecognized charset: %r') |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
641 % charset) |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
642 charset_parameter = 0 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
643 else: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
644 self.charset = charset.lower() |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
645 # If we've got a character set in request parameters, |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
646 # set the browser cookie to keep the preference. |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
647 # This is done after codecs.lookup to make sure |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
648 # that we aren't keeping a wrong value. |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
649 if charset_parameter: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
650 self.add_cookie('roundup_charset', charset) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
651 |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
652 # if client charset is different from the storage charset, |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
653 # recode form fields |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
654 # XXX this requires FieldStorage from Python library. |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
655 # mod_python FieldStorage is not supported! |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
656 if self.charset != self.STORAGE_CHARSET: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
657 decoder = codecs.getdecoder(self.charset) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
658 encoder = codecs.getencoder(self.STORAGE_CHARSET) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
659 re_charref = re.compile('&#([0-9]+|x[0-9a-f]+);', re.IGNORECASE) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
660 def _decode_charref(matchobj): |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
661 num = matchobj.group(1) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
662 if num[0].lower() == 'x': |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
663 uc = int(num[1:], 16) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
664 else: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
665 uc = int(num) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
666 return unichr(uc) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
667 |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
668 for field_name in self.form: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
669 field = self.form[field_name] |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
670 if (field.type == 'text/plain') and not field.filename: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
671 try: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
672 value = decoder(field.value)[0] |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
673 except UnicodeError: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
674 continue |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
675 value = re_charref.sub(_decode_charref, value) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
676 field.value = encoder(value)[0] |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
677 |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
678 def determine_language(self): |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
679 """Determine the language""" |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
680 # look for language parameter |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
681 # then for language cookie |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
682 # last for the Accept-Language header |
|
4800
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
683 # Python 2.6 form may raise a TypeError if list in form is None |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
684 language = None |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
685 try: |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
686 language = self.form["@language"].value |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
687 if language.lower() == "none": |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
688 language = "" |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
689 self.add_cookie("roundup_language", language) |
|
4800
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
690 except (KeyError, TypeError): |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
691 pass |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
692 if language is None: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
693 if "roundup_language" in self.cookie: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
694 language = self.cookie["roundup_language"].value |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
695 elif self.instance.config["WEB_USE_BROWSER_LANGUAGE"]: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
696 hal = self.env.get('HTTP_ACCEPT_LANGUAGE') |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
697 language = accept_language.parse(hal) |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
698 else: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
699 language = "" |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
700 |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
701 self.language = language |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
702 if language: |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
703 self.setTranslator(TranslationService.get_translation( |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
704 language, |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
705 tracker_home=self.instance.config["TRACKER_HOME"])) |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
706 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
707 def determine_user(self): |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
708 """Determine who the user is""" |
|
1724
bc4f0aec594e
oops, we really do need a database
Richard Jones <richard@users.sourceforge.net>
parents:
1719
diff
changeset
|
709 self.opendb('admin') |
|
bc4f0aec594e
oops, we really do need a database
Richard Jones <richard@users.sourceforge.net>
parents:
1719
diff
changeset
|
710 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
711 # get session data from db |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
712 # XXX: rename |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
713 self.session_api = Session(self) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
714 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
715 # take the opportunity to cleanup expired sessions and otks |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
716 self.clean_up() |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
717 |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
718 user = None |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
719 # first up, try http authorization if enabled |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
720 if self.instance.config['WEB_HTTP_AUTH']: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
721 if 'REMOTE_USER' in self.env: |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
722 # we have external auth (e.g. by Apache) |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
723 user = self.env['REMOTE_USER'] |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
724 elif self.env.get('HTTP_AUTHORIZATION', ''): |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
725 # try handling Basic Auth ourselves |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
726 auth = self.env['HTTP_AUTHORIZATION'] |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
727 scheme, challenge = auth.split(' ', 1) |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
728 if scheme.lower() == 'basic': |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
729 try: |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
730 decoded = base64.decodestring(challenge) |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
731 except TypeError: |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
732 # invalid challenge |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
733 pass |
|
4574
35adb3950a39
Fix xmlrpc URL parsing so that passwords may contain a ':' character
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4543
diff
changeset
|
734 username, password = decoded.split(':', 1) |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
735 try: |
|
4669
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
736 # Current user may not be None, otherwise |
|
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
737 # instatiation of the login action will fail. |
|
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
738 # So we set the user to anonymous first. |
|
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
739 self.make_user_anonymous() |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
740 login = self.get_action_class('login')(self) |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
741 login.verifyLogin(username, password) |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
742 except LoginError, err: |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
743 self.make_user_anonymous() |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
744 raise |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
745 user = username |
|
2928
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
746 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
747 # if user was not set by http authorization, try session lookup |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
748 if not user: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
749 user = self.session_api.get('user') |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
750 if user: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
751 # update session lifetime datestamp |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
752 self.session_api.update() |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
753 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
754 # if no user name set by http authorization or session lookup |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
755 # the user is anonymous |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
756 if not user: |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
757 user = 'anonymous' |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
758 |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
759 # sanity check on the user still being valid, |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
760 # getting the userid at the same time |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
761 try: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
762 self.userid = self.db.user.lookup(user) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
763 except (KeyError, TypeError): |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
764 user = 'anonymous' |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
765 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
766 # make sure the anonymous user is valid if we're using it |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
767 if user == 'anonymous': |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
768 self.make_user_anonymous() |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
769 else: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
770 self.user = user |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
771 |
|
1003
f89b8d32291b
Hack hack hack...
Richard Jones <richard@users.sourceforge.net>
parents:
1002
diff
changeset
|
772 # reopen the database as the correct user |
|
f89b8d32291b
Hack hack hack...
Richard Jones <richard@users.sourceforge.net>
parents:
1002
diff
changeset
|
773 self.opendb(self.user) |
|
f89b8d32291b
Hack hack hack...
Richard Jones <richard@users.sourceforge.net>
parents:
1002
diff
changeset
|
774 |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
775 def check_anonymous_access(self): |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
776 """Check that the Anonymous user is actually allowed to use the web |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
777 interface and short-circuit all further processing if they're not. |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
778 """ |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
779 # allow Anonymous to use the "login" and "register" actions (noting |
|
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
780 # that "register" has its own "Register" permission check) |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
781 |
|
4802
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
782 action = '' |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
783 try: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
784 if ':action' in self.form: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
785 action = self.form[':action'] |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
786 elif '@action' in self.form: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
787 action = self.form['@action'] |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
788 except TypeError: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
789 pass |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
790 if isinstance(action, list): |
|
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
791 raise SeriousError('broken form: multiple @action values submitted') |
|
4384
b0d812e10549
fix actions check for < Python2.6
Richard Jones <richard@users.sourceforge.net>
parents:
4380
diff
changeset
|
792 elif action != '': |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
793 action = action.value.lower() |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
794 if action in ('login', 'register'): |
|
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
795 return |
|
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
796 |
|
4329
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
797 # allow Anonymous to view the "user" "register" template if they're |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
798 # allowed to register |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
799 if (self.db.security.hasPermission('Register', self.userid, 'user') |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
800 and self.classname == 'user' and self.template == 'register'): |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
801 return |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
802 |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
803 # otherwise for everything else |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
804 if self.user == 'anonymous': |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
805 if not self.db.security.hasPermission('Web Access', self.userid): |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
806 raise Unauthorised(self._("Anonymous users are not " |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
807 "allowed to use the web interface")) |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
808 |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
809 def opendb(self, username): |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
810 """Open the database and set the current user. |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
811 |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
812 Opens a database once. On subsequent calls only the user is set on |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
813 the database object the instance.optimize is set. If we are in |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
814 "Development Mode" (cf. roundup_server) then the database is always |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
815 re-opened. |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
816 """ |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
817 # don't do anything if the db is open and the user has not changed |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
818 if hasattr(self, 'db') and self.db.isCurrentUser(username): |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
819 return |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
820 |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
821 # open the database or only set the user |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
822 if not hasattr(self, 'db'): |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
823 self.db = self.instance.open(username) |
| 4781 | 824 self.db.tx_Source = "web" |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
825 else: |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
826 if self.instance.optimize: |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
827 self.db.setCurrentUser(username) |
| 4781 | 828 self.db.tx_Source = "web" |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
829 else: |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
830 self.db.close() |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
831 self.db = self.instance.open(username) |
| 4781 | 832 self.db.tx_Source = "web" |
|
4212
51a098592b78
Reopen session with database.
Stefan Seefeld <stefan@seefeld.name>
parents:
4145
diff
changeset
|
833 # The old session API refers to the closed database; |
|
51a098592b78
Reopen session with database.
Stefan Seefeld <stefan@seefeld.name>
parents:
4145
diff
changeset
|
834 # we can no longer use it. |
|
51a098592b78
Reopen session with database.
Stefan Seefeld <stefan@seefeld.name>
parents:
4145
diff
changeset
|
835 self.session_api = Session(self) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
836 |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
837 |
|
2829
aa1cb9df09c3
ignore leading zeroes in the ID part of a node designator
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2808
diff
changeset
|
838 def determine_context(self, dre=re.compile(r'([^\d]+)0*(\d+)')): |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
839 """Determine the context of this page from the URL: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
840 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
841 The URL path after the instance identifier is examined. The path |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
842 is generally only one entry long. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
843 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
844 - if there is no path, then we are in the "home" context. |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
845 - if the path is "_file", then the additional path entry |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
846 specifies the filename of a static file we're to serve up |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
847 from the instance "html" directory. Raises a SendStaticFile |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
848 exception.(*) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
849 - if there is something in the path (eg "issue"), it identifies |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
850 the tracker class we're to display. |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
851 - if the path is an item designator (eg "issue123"), then we're |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
852 to display a specific item. |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
853 - if the path starts with an item designator and is longer than |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
854 one entry, then we're assumed to be handling an item of a |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
855 FileClass, and the extra path information gives the filename |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
856 that the client is going to label the download with (ie |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
857 "file123/image.png" is nicer to download than "file123"). This |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
858 raises a SendFile exception.(*) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
859 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
860 Both of the "*" types of contexts stop before we bother to |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
861 determine the template we're going to use. That's because they |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
862 don't actually use templates. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
863 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
864 The template used is specified by the :template CGI variable, |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
865 which defaults to: |
|
1053
b28393def972
more explanatory docsting
Richard Jones <richard@users.sourceforge.net>
parents:
1051
diff
changeset
|
866 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
867 - only classname suplied: "index" |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
868 - full item designator supplied: "item" |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
869 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
870 We set: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
871 |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
872 self.classname - the class to display, can be None |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
873 |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
874 self.template - the template to render the current context with |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
875 |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
876 self.nodeid - the nodeid of the class we're displaying |
|
1937
4c850112895b
Some reformatting and fixing docstrings for emacs.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1936
diff
changeset
|
877 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
878 # default the optional variables |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
879 self.classname = None |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
880 self.nodeid = None |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
881 |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
882 # see if a template or messages are specified |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
883 template_override = ok_message = error_message = None |
|
4801
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
884 try: |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
885 keys = self.form.keys() |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
886 except TypeError: |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
887 keys = () |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
888 for key in keys: |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
889 if self.FV_TEMPLATE.match(key): |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
890 template_override = self.form[key].value |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
891 elif self.FV_OK_MESSAGE.match(key): |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
892 ok_message = self.form[key].value |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
893 elif self.FV_ERROR_MESSAGE.match(key): |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
894 error_message = self.form[key].value |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
895 |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
896 # see if we were passed in a message |
|
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
897 if ok_message: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
898 self.add_ok_message(ok_message) |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
899 if error_message: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
900 self.add_error_message(error_message) |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
901 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
902 # determine the classname and possibly nodeid |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
903 path = self.path.split('/') |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
904 if not path or path[0] in ('', 'home', 'index'): |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
905 if template_override is not None: |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
906 self.template = template_override |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
907 else: |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
908 self.template = '' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
909 return |
|
1911
f5c804379c85
fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents:
1905
diff
changeset
|
910 elif path[0] in ('_file', '@@file'): |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
911 raise SendStaticFile(os.path.join(*path[1:])) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
912 else: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
913 self.classname = path[0] |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
914 if len(path) > 1: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
915 # send the file identified by the designator in path[0] |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
916 raise SendFile(path[0]) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
917 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
918 # see if we got a designator |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
919 m = dre.match(self.classname) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
920 if m: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
921 self.classname = m.group(1) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
922 self.nodeid = m.group(2) |
|
3494
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
923 try: |
|
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
924 klass = self.db.getclass(self.classname) |
|
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
925 except KeyError: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
926 raise NotFound('%s/%s'%(self.classname, self.nodeid)) |
|
3494
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
927 if not klass.hasnode(self.nodeid): |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
928 raise NotFound('%s/%s'%(self.classname, self.nodeid)) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
929 # with a designator, we default to item view |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
930 self.template = 'item' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
931 else: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
932 # with only a class, we default to index view |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
933 self.template = 'index' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
934 |
|
1288
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
935 # make sure the classname is valid |
|
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
936 try: |
|
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
937 self.db.getclass(self.classname) |
|
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
938 except KeyError: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
939 raise NotFound(self.classname) |
|
1288
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
940 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
941 # see if we have a template override |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
942 if template_override is not None: |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
943 self.template = template_override |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
944 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
945 def serve_file(self, designator, dre=re.compile(r'([^\d]+)(\d+)')): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
946 """ Serve the file from the content property of the designated item. |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
947 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
948 m = dre.match(str(designator)) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
949 if not m: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
950 raise NotFound(str(designator)) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
951 classname, nodeid = m.group(1), m.group(2) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
952 |
|
4263
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
953 try: |
|
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
954 klass = self.db.getclass(classname) |
|
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
955 except KeyError: |
|
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
956 # The classname was not valid. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
957 raise NotFound(str(designator)) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
958 |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
959 # perform the Anonymous user access check |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
960 self.check_anonymous_access() |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
961 |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
962 # make sure we have the appropriate properties |
|
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
963 props = klass.getprops() |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
964 if 'type' not in props: |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
965 raise NotFound(designator) |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
966 if 'content' not in props: |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
967 raise NotFound(designator) |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
968 |
|
2870
795cdba40c05
enforce View Permission when serving file content [SF#1050470]
Richard Jones <richard@users.sourceforge.net>
parents:
2864
diff
changeset
|
969 # make sure we have permission |
|
795cdba40c05
enforce View Permission when serving file content [SF#1050470]
Richard Jones <richard@users.sourceforge.net>
parents:
2864
diff
changeset
|
970 if not self.db.security.hasPermission('View', self.userid, |
|
795cdba40c05
enforce View Permission when serving file content [SF#1050470]
Richard Jones <richard@users.sourceforge.net>
parents:
2864
diff
changeset
|
971 classname, 'content', nodeid): |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
972 raise Unauthorised(self._("You are not allowed to view " |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
973 "this file.")) |
|
2870
795cdba40c05
enforce View Permission when serving file content [SF#1050470]
Richard Jones <richard@users.sourceforge.net>
parents:
2864
diff
changeset
|
974 |
|
4962
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
975 |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
976 # --- mime-type security |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
977 # mime type detection is performed in cgi.form_parser |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
978 |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
979 # everything not here is served as 'application/octet-stream' |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
980 whitelist = [ |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
981 'text/plain', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
982 'text/x-csrc', # .c |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
983 'text/x-chdr', # .h |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
984 'text/x-patch', # .patch and .diff |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
985 'text/x-python', # .py |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
986 'text/xml', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
987 'text/csv', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
988 'text/css', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
989 'application/pdf', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
990 'image/gif', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
991 'image/jpeg', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
992 'image/png', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
993 'image/webp', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
994 'audio/ogg', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
995 'video/webm', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
996 ] |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
997 |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
998 if self.instance.config['WEB_ALLOW_HTML_FILE']: |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
999 whitelist.append('text/html') |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1000 |
|
4530
c1c395058dee
issue2550715: IndexError when requesting non-existing file via http.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents:
4523
diff
changeset
|
1001 try: |
|
c1c395058dee
issue2550715: IndexError when requesting non-existing file via http.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents:
4523
diff
changeset
|
1002 mime_type = klass.get(nodeid, 'type') |
|
c1c395058dee
issue2550715: IndexError when requesting non-existing file via http.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents:
4523
diff
changeset
|
1003 except IndexError, e: |
|
c1c395058dee
issue2550715: IndexError when requesting non-existing file via http.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents:
4523
diff
changeset
|
1004 raise NotFound(e) |
|
4291
b1772fdb09d0
Fix traceback on .../msgN/ url...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4265
diff
changeset
|
1005 # Can happen for msg class: |
|
b1772fdb09d0
Fix traceback on .../msgN/ url...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4265
diff
changeset
|
1006 if not mime_type: |
|
b1772fdb09d0
Fix traceback on .../msgN/ url...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4265
diff
changeset
|
1007 mime_type = 'text/plain' |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1008 |
|
4962
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1009 if mime_type not in whitelist: |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1010 mime_type = 'application/octet-stream' |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1011 |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1012 # --/ mime-type security |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1013 |
|
4088
34434785f308
Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents:
4083
diff
changeset
|
1014 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1015 # If this object is a file (i.e., an instance of FileClass), |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1016 # see if we can find it in the filesystem. If so, we may be |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1017 # able to use the more-efficient request.sendfile method of |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1018 # sending the file. If not, just get the "content" property |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1019 # in the usual way, and use that. |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1020 content = None |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1021 filename = None |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1022 if isinstance(klass, hyperdb.FileClass): |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1023 try: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1024 filename = self.db.filename(classname, nodeid) |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1025 except AttributeError: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1026 # The database doesn't store files in the filesystem |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1027 # and therefore doesn't provide the "filename" method. |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1028 pass |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1029 except IOError: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1030 # The file does not exist. |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1031 pass |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1032 if not filename: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1033 content = klass.get(nodeid, 'content') |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
1034 |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
1035 lmt = klass.get(nodeid, 'activity').timestamp() |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1036 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1037 self._serve_file(lmt, mime_type, content, filename) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1038 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1039 def serve_static_file(self, file): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1040 """ Serve up the file named from the templates dir |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1041 """ |
|
2864
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1042 # figure the filename - try STATIC_FILES, then TEMPLATES dir |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1043 for dir_option in ('STATIC_FILES', 'TEMPLATES'): |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1044 prefix = self.instance.config[dir_option] |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1045 if not prefix: |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1046 continue |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1047 # ensure the load doesn't try to poke outside |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1048 # of the static files directory |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1049 prefix = os.path.normpath(prefix) |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1050 filename = os.path.normpath(os.path.join(prefix, file)) |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1051 if os.path.isfile(filename) and filename.startswith(prefix): |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1052 break |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1053 else: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1054 raise NotFound(file) |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1055 |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1056 # last-modified time |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1057 lmt = os.stat(filename)[stat.ST_MTIME] |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1058 |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1059 # detemine meta-type |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1060 file = str(file) |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1061 mime_type = mimetypes.guess_type(file)[0] |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1062 if not mime_type: |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1063 if file.endswith('.css'): |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1064 mime_type = 'text/css' |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1065 else: |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1066 mime_type = 'text/plain' |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1067 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1068 self._serve_file(lmt, mime_type, '', filename) |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1069 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1070 def _serve_file(self, lmt, mime_type, content=None, filename=None): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1071 """ guts of serve_file() and serve_static_file() |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1072 """ |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1073 |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1074 # spit out headers |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1075 self.additional_headers['Content-Type'] = mime_type |
|
3800
75d3896929bb
really fix the last-modified code
Richard Jones <richard@users.sourceforge.net>
parents:
3796
diff
changeset
|
1076 self.additional_headers['Last-Modified'] = rfc822.formatdate(lmt) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1077 |
|
1498
203f6a154b30
even better if-modified-since handling for cgi-bin
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1497
diff
changeset
|
1078 ims = None |
|
1469
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
1079 # see if there's an if-modified-since... |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1080 # XXX see which interfaces set this |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1081 #if hasattr(self.request, 'headers'): |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1082 #ims = self.request.headers.getheader('if-modified-since') |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1083 if 'HTTP_IF_MODIFIED_SINCE' in self.env: |
|
1497
2704d8438823
better if-modified-since handling for cgi-bin
Richard Jones <richard@users.sourceforge.net>
parents:
1477
diff
changeset
|
1084 # cgi will put the header in the env var |
|
1469
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
1085 ims = self.env['HTTP_IF_MODIFIED_SINCE'] |
|
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
1086 if ims: |
|
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
1087 ims = rfc822.parsedate(ims)[:6] |
|
3800
75d3896929bb
really fix the last-modified code
Richard Jones <richard@users.sourceforge.net>
parents:
3796
diff
changeset
|
1088 lmtt = time.gmtime(lmt)[:6] |
|
1469
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
1089 if lmtt <= ims: |
|
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
1090 raise NotModified |
|
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
1091 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1092 if filename: |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1093 self.write_file(filename) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1094 else: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1095 self.additional_headers['Content-Length'] = str(len(content)) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1096 self.write(content) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1097 |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1098 def send_error_to_admin(self, subject, html, txt): |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1099 """Send traceback information to admin via email. |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1100 We send both, the formatted html (with more information) and |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1101 the text version of the traceback. We use |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1102 multipart/alternative so the receiver can chose which version |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1103 to display. |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1104 """ |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1105 to = [self.mailer.config.ADMIN_EMAIL] |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1106 message = MIMEMultipart('alternative') |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1107 self.mailer.set_message_attributes(message, to, subject) |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1108 part = MIMEBase('text', 'html') |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1109 part.set_charset('utf-8') |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1110 part.set_payload(html) |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1111 encode_quopri(part) |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1112 message.attach(part) |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1113 part = MIMEText(txt) |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1114 message.attach(part) |
|
4523
a03646a02f68
Fix issue2550691 where a Unix From-Header was sometimes inserted...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4384
diff
changeset
|
1115 self.mailer.smtp_send(to, message.as_string()) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
1116 |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
1117 def renderFrontPage(self, message): |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
1118 """Return the front page of the tracker.""" |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
1119 |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
1120 self.classname = self.nodeid = None |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
1121 self.template = '' |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1122 self.add_error_message(message) |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
1123 self.write_html(self.renderContext()) |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
1124 |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1125 def selectTemplate(self, name, view): |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1126 """ Choose existing template for the given combination of |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1127 classname (name parameter) and template request variable |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1128 (view parameter) and return its name. |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1129 |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1130 In most cases the name will be "classname.view", but |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1131 if "view" is None, then template name "classname" will |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1132 be returned. |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1133 |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1134 If "classname.view" template doesn't exist, the |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1135 "_generic.view" is used as a fallback. |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1136 |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1137 [ ] cover with tests |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1138 """ |
|
4739
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
1139 loader = self.instance.templates |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
1140 |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
1141 # if classname is not set, use "home" template |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
1142 if name is None: |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
1143 name = 'home' |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
1144 |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1145 tplname = name |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1146 if view: |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1147 tplname = '%s.%s' % (name, view) |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1148 |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1149 if loader.check(tplname): |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1150 return tplname |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1151 |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1152 # rendering class/context with generic template for this view. |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1153 # with no view it's impossible to choose which generic template to use |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1154 if not view: |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1155 raise templating.NoTemplate('Template "%s" doesn\'t exist' % name) |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1156 |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1157 generic = '_generic.%s' % view |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1158 if loader.check(generic): |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1159 return generic |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1160 |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1161 raise templating.NoTemplate('No template file exists for templating ' |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1162 '"%s" with template "%s" (neither "%s" nor "%s")' % (name, view, |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1163 tplname, generic)) |
|
4739
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
1164 |
|
1204
b862bbf2067a
Replaced the content() callback ickiness with Page Template macro usage
Richard Jones <richard@users.sourceforge.net>
parents:
1196
diff
changeset
|
1165 def renderContext(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1166 """ Return a PageTemplate for the named page |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1167 """ |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1168 tplname = self.selectTemplate(self.classname, self.template) |
|
1204
b862bbf2067a
Replaced the content() callback ickiness with Page Template macro usage
Richard Jones <richard@users.sourceforge.net>
parents:
1196
diff
changeset
|
1169 |
|
1103
db787cef1385
handled some XXXs
Richard Jones <richard@users.sourceforge.net>
parents:
1096
diff
changeset
|
1170 # catch errors so we can handle PT rendering errors more nicely |
|
1204
b862bbf2067a
Replaced the content() callback ickiness with Page Template macro usage
Richard Jones <richard@users.sourceforge.net>
parents:
1196
diff
changeset
|
1171 args = { |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1172 'ok_message': self._ok_message, |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1173 'error_message': self._error_message |
|
1204
b862bbf2067a
Replaced the content() callback ickiness with Page Template macro usage
Richard Jones <richard@users.sourceforge.net>
parents:
1196
diff
changeset
|
1174 } |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1175 try: |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
1176 pt = self.instance.templates.load(tplname) |
|
1016
d6c13142e7b9
Keep a cache of compiled PageTemplates.
Richard Jones <richard@users.sourceforge.net>
parents:
1008
diff
changeset
|
1177 # let the template render figure stuff out |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
1178 result = pt.render(self, None, None, **args) |
|
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
1179 self.additional_headers['Content-Type'] = pt.content_type |
|
2942
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1180 if self.env.get('CGI_SHOW_TIMING', ''): |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1181 if self.env['CGI_SHOW_TIMING'].upper() == 'COMMENT': |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1182 timings = {'starttag': '<!-- ', 'endtag': ' -->'} |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1183 else: |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1184 timings = {'starttag': '<p>', 'endtag': '</p>'} |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1185 timings['seconds'] = time.time()-self.start |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1186 s = self._('%(starttag)sTime elapsed: %(seconds)fs%(endtag)s\n' |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1187 ) % timings |
|
2237
f624fc20f8fe
added capturing of stats
Richard Jones <richard@users.sourceforge.net>
parents:
2233
diff
changeset
|
1188 if hasattr(self.db, 'stats'): |
|
2942
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1189 timings.update(self.db.stats) |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1190 s += self._("%(starttag)sCache hits: %(cache_hits)d," |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1191 " misses %(cache_misses)d." |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1192 " Loading items: %(get_items)f secs." |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1193 " Filtering: %(filtering)f secs." |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
1194 "%(endtag)s\n") % timings |
|
2237
f624fc20f8fe
added capturing of stats
Richard Jones <richard@users.sourceforge.net>
parents:
2233
diff
changeset
|
1195 s += '</body>' |
|
2230
ca2664e095be
disable forking server when os.fork() not available [SF#938586]
Richard Jones <richard@users.sourceforge.net>
parents:
2183
diff
changeset
|
1196 result = result.replace('</body>', s) |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
1197 return result |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
1198 except templating.NoTemplate, message: |
|
4380
11d9f3f98897
fix potential XSS hole
Richard Jones <richard@users.sourceforge.net>
parents:
4370
diff
changeset
|
1199 return '<strong>%s</strong>'%cgi.escape(str(message)) |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
1200 except templating.Unauthorised, message: |
|
4380
11d9f3f98897
fix potential XSS hole
Richard Jones <richard@users.sourceforge.net>
parents:
4370
diff
changeset
|
1201 raise Unauthorised(cgi.escape(str(message))) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1202 except: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1203 # everything else |
|
4045
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1204 if self.instance.config.WEB_DEBUG: |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1205 return cgitb.pt_html(i18n=self.translator) |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1206 exc_info = sys.exc_info() |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1207 try: |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1208 # If possible, send the HTML page template traceback |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1209 # to the administrator. |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1210 subject = "Templating Error: %s" % exc_info[1] |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1211 self.send_error_to_admin(subject, cgitb.pt_html(), format_exc()) |
|
4045
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1212 # Now report the error to the user. |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1213 return self._(default_err_msg) |
|
4045
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1214 except: |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1215 # Reraise the original exception. The user will |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1216 # receive an error message, and the adminstrator will |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1217 # receive a traceback, albeit with less information |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
1218 # than the one we tried to generate above. |
|
4649
fc513bd18167
Use "raise E, V, T" instead of "raise E(V).with_traceback(T)" (with_traceback is not available in Python 2).
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4648
diff
changeset
|
1219 raise exc_info[0], exc_info[1], exc_info[2] |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1220 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1221 # these are the actions that are available |
| 2904 | 1222 actions = ( |
| 1223 ('edit', EditItemAction), | |
| 1224 ('editcsv', EditCSVAction), | |
| 1225 ('new', NewItemAction), | |
| 1226 ('register', RegisterAction), | |
| 1227 ('confrego', ConfRegoAction), | |
| 1228 ('passrst', PassResetAction), | |
| 1229 ('login', LoginAction), | |
| 1230 ('logout', LogoutAction), | |
| 1231 ('search', SearchAction), | |
| 1232 ('retire', RetireAction), | |
| 1233 ('show', ShowAction), | |
| 1234 ('export_csv', ExportCSVAction), | |
| 1235 ) | |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1236 def handle_action(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1237 """ Determine whether there should be an Action called. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1238 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1239 The action is defined by the form variable :action which |
|
1477
ed725179953d
Added password reset facility for forgotten passwords.
Richard Jones <richard@users.sourceforge.net>
parents:
1472
diff
changeset
|
1240 identifies the method on this object to call. The actions |
| 2904 | 1241 are defined in the "actions" sequence on this class. |
|
2045
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
1242 |
|
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
1243 Actions may return a page (by default HTML) to return to the |
|
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
1244 user, bypassing the usual template rendering. |
|
3388
0c66acaea802
present Reject exception messages to web users [SF#1237685]
Richard Jones <richard@users.sourceforge.net>
parents:
3356
diff
changeset
|
1245 |
|
0c66acaea802
present Reject exception messages to web users [SF#1237685]
Richard Jones <richard@users.sourceforge.net>
parents:
3356
diff
changeset
|
1246 We explicitly catch Reject and ValueError exceptions and |
|
0c66acaea802
present Reject exception messages to web users [SF#1237685]
Richard Jones <richard@users.sourceforge.net>
parents:
3356
diff
changeset
|
1247 present their messages to the user. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1248 """ |
|
4804
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
1249 action = None |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
1250 try: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
1251 if ':action' in self.form: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
1252 action = self.form[':action'] |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
1253 elif '@action' in self.form: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
1254 action = self.form['@action'] |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
1255 except TypeError: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
1256 pass |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
1257 if action is None: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1258 return None |
|
2638
18e86941c950
Load up extensions in the tracker "extensions" directory.
Richard Jones <richard@users.sourceforge.net>
parents:
2592
diff
changeset
|
1259 |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
1260 if isinstance(action, list): |
|
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
1261 raise SeriousError('broken form: multiple @action values submitted') |
|
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
1262 else: |
|
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
1263 action = action.value.lower() |
|
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
1264 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1265 try: |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1266 action_klass = self.get_action_class(action) |
|
2019
8fab5d394f22
Call actions in a different way so we won't hide any bad TypeErrors.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2018
diff
changeset
|
1267 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1268 # call the mapped action |
|
2019
8fab5d394f22
Call actions in a different way so we won't hide any bad TypeErrors.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2018
diff
changeset
|
1269 if isinstance(action_klass, type('')): |
|
8fab5d394f22
Call actions in a different way so we won't hide any bad TypeErrors.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2018
diff
changeset
|
1270 # old way of specifying actions |
|
2045
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
1271 return getattr(self, action_klass)() |
|
2019
8fab5d394f22
Call actions in a different way so we won't hide any bad TypeErrors.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2018
diff
changeset
|
1272 else: |
|
2045
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
1273 return action_klass(self).execute() |
|
2032
5a7ec0c63095
fixes to some unit tests, and a cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2019
diff
changeset
|
1274 |
|
3388
0c66acaea802
present Reject exception messages to web users [SF#1237685]
Richard Jones <richard@users.sourceforge.net>
parents:
3356
diff
changeset
|
1275 except (ValueError, Reject), err: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1276 self.add_error_message(str(err)) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1277 |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1278 def get_action_class(self, action_name): |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1279 if (hasattr(self.instance, 'cgi_actions') and |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1280 action_name in self.instance.cgi_actions): |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1281 # tracker-defined action |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1282 action_klass = self.instance.cgi_actions[action_name] |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1283 else: |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1284 # go with a default |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1285 for name, action_klass in self.actions: |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1286 if name == action_name: |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1287 break |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1288 else: |
|
4578
941681fec1b0
issue2550711 Fix XSS vulnerability in @action parameter.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4574
diff
changeset
|
1289 raise ValueError('No such action "%s"'%cgi.escape(action_name)) |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1290 return action_klass |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
1291 |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1292 def _socket_op(self, call, *args, **kwargs): |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1293 """Execute socket-related operation, catch common network errors |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1294 |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1295 Parameters: |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1296 call: a callable to execute |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1297 args, kwargs: call arguments |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1298 |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1299 """ |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1300 try: |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1301 call(*args, **kwargs) |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1302 except socket.error, err: |
|
3807
c27aafab067d
Band-aid over handling of netework errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3800
diff
changeset
|
1303 err_errno = getattr (err, 'errno', None) |
|
3808
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
1304 if err_errno is None: |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
1305 try: |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
1306 err_errno = err[0] |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
1307 except TypeError: |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
1308 pass |
|
3807
c27aafab067d
Band-aid over handling of netework errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3800
diff
changeset
|
1309 if err_errno not in self.IGNORE_NET_ERRORS: |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1310 raise |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1311 except IOError: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1312 # Apache's mod_python will raise IOError -- without an |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1313 # accompanying errno -- when a write to the client fails. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1314 # A common case is that the client has closed the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1315 # connection. There's no way to be certain that this is |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1316 # the situation that has occurred here, but that is the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1317 # most likely case. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1318 pass |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1319 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1320 def write(self, content): |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1321 if not self.headers_done: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1322 self.header() |
|
2592
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
1323 if self.env['REQUEST_METHOD'] != 'HEAD': |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1324 self._socket_op(self.request.wfile.write, content) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1325 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1326 def write_html(self, content): |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1327 if not self.headers_done: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1328 # at this point, we are sure about Content-Type |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1329 if 'Content-Type' not in self.additional_headers: |
|
3867
2563ddf71cd7
Enabled over-riding of content-type in web interface (thanks John Mitchell)
Richard Jones <richard@users.sourceforge.net>
parents:
3808
diff
changeset
|
1330 self.additional_headers['Content-Type'] = \ |
|
2563ddf71cd7
Enabled over-riding of content-type in web interface (thanks John Mitchell)
Richard Jones <richard@users.sourceforge.net>
parents:
3808
diff
changeset
|
1331 'text/html; charset=%s' % self.charset |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1332 self.header() |
|
2592
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
1333 |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
1334 if self.env['REQUEST_METHOD'] == 'HEAD': |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
1335 # client doesn't care about content |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
1336 return |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
1337 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1338 if self.charset != self.STORAGE_CHARSET: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1339 # recode output |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1340 content = content.decode(self.STORAGE_CHARSET, 'replace') |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1341 content = content.encode(self.charset, 'xmlcharrefreplace') |
|
2592
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
1342 |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
1343 # and write |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1344 self._socket_op(self.request.wfile.write, content) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1345 |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1346 def http_strip(self, content): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1347 """Remove HTTP Linear White Space from 'content'. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1348 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1349 'content' -- A string. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1350 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1351 returns -- 'content', with all leading and trailing LWS |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1352 removed.""" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1353 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1354 # RFC 2616 2.2: Basic Rules |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1355 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1356 # LWS = [CRLF] 1*( SP | HT ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1357 return content.strip(" \r\n\t") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1358 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1359 def http_split(self, content): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1360 """Split an HTTP list. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1361 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1362 'content' -- A string, giving a list of items. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1363 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1364 returns -- A sequence of strings, containing the elements of |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1365 the list.""" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1366 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1367 # RFC 2616 2.1: Augmented BNF |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1368 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1369 # Grammar productions of the form "#rule" indicate a |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1370 # comma-separated list of elements matching "rule". LWS |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1371 # is then removed from each element, and empty elements |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1372 # removed. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1373 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1374 # Split at commas. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1375 elements = content.split(",") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1376 # Remove linear whitespace at either end of the string. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1377 elements = [self.http_strip(e) for e in elements] |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1378 # Remove any now-empty elements. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1379 return [e for e in elements if e] |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
1380 |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1381 def handle_range_header(self, length, etag): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1382 """Handle the 'Range' and 'If-Range' headers. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1383 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1384 'length' -- the length of the content available for the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1385 resource. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1386 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1387 'etag' -- the entity tag for this resources. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1388 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1389 returns -- If the request headers (including 'Range' and |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1390 'If-Range') indicate that only a portion of the entity should |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1391 be returned, then the return value is a pair '(offfset, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1392 length)' indicating the first byte and number of bytes of the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1393 content that should be returned to the client. In addition, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1394 this method will set 'self.response_code' to indicate Partial |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1395 Content. In all other cases, the return value is 'None'. If |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1396 appropriate, 'self.response_code' will be |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1397 set to indicate 'REQUESTED_RANGE_NOT_SATISFIABLE'. In that |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1398 case, the caller should not send any data to the client.""" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1399 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1400 # RFC 2616 14.35: Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1401 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1402 # See if the Range header is present. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1403 ranges_specifier = self.env.get("HTTP_RANGE") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1404 if ranges_specifier is None: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1405 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1406 # RFC 2616 14.27: If-Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1407 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1408 # Check to see if there is an If-Range header. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1409 # Because the specification says: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1410 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1411 # The If-Range header ... MUST be ignored if the request |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1412 # does not include a Range header, we check for If-Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1413 # after checking for Range. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1414 if_range = self.env.get("HTTP_IF_RANGE") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1415 if if_range: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1416 # The grammar for the If-Range header is: |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
1417 # |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1418 # If-Range = "If-Range" ":" ( entity-tag | HTTP-date ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1419 # entity-tag = [ weak ] opaque-tag |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1420 # weak = "W/" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1421 # opaque-tag = quoted-string |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1422 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1423 # We only support strong entity tags. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1424 if_range = self.http_strip(if_range) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1425 if (not if_range.startswith('"') |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1426 or not if_range.endswith('"')): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1427 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1428 # If the condition doesn't match the entity tag, then we |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1429 # must send the client the entire file. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1430 if if_range != etag: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1431 return |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1432 # The grammar for the Range header value is: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1433 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1434 # ranges-specifier = byte-ranges-specifier |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1435 # byte-ranges-specifier = bytes-unit "=" byte-range-set |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1436 # byte-range-set = 1#( byte-range-spec | suffix-byte-range-spec ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1437 # byte-range-spec = first-byte-pos "-" [last-byte-pos] |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1438 # first-byte-pos = 1*DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1439 # last-byte-pos = 1*DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1440 # suffix-byte-range-spec = "-" suffix-length |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1441 # suffix-length = 1*DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1442 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1443 # Look for the "=" separating the units from the range set. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1444 specs = ranges_specifier.split("=", 1) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1445 if len(specs) != 2: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1446 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1447 # Check that the bytes-unit is in fact "bytes". If it is not, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1448 # we do not know how to process this range. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1449 bytes_unit = self.http_strip(specs[0]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1450 if bytes_unit != "bytes": |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1451 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1452 # Seperate the range-set into range-specs. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1453 byte_range_set = self.http_strip(specs[1]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1454 byte_range_specs = self.http_split(byte_range_set) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1455 # We only handle exactly one range at this time. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1456 if len(byte_range_specs) != 1: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1457 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1458 # Parse the spec. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1459 byte_range_spec = byte_range_specs[0] |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1460 pos = byte_range_spec.split("-", 1) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1461 if len(pos) != 2: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1462 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1463 # Get the first and last bytes. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1464 first = self.http_strip(pos[0]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1465 last = self.http_strip(pos[1]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1466 # We do not handle suffix ranges. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1467 if not first: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1468 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1469 # Convert the first and last positions to integers. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1470 try: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1471 first = int(first) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1472 if last: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1473 last = int(last) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1474 else: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1475 last = length - 1 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1476 except: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1477 # The positions could not be parsed as integers. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1478 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1479 # Check that the range makes sense. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1480 if (first < 0 or last < 0 or last < first): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1481 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1482 if last >= length: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1483 # RFC 2616 10.4.17: 416 Requested Range Not Satisfiable |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1484 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1485 # If there is an If-Range header, RFC 2616 says that we |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1486 # should just ignore the invalid Range header. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1487 if if_range: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1488 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1489 # Return code 416 with a Content-Range header giving the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1490 # allowable range. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1491 self.response_code = http_.client.REQUESTED_RANGE_NOT_SATISFIABLE |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1492 self.setHeader("Content-Range", "bytes */%d" % length) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1493 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1494 # RFC 2616 10.2.7: 206 Partial Content |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1495 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1496 # Tell the client that we are honoring the Range request by |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1497 # indicating that we are providing partial content. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1498 self.response_code = http_.client.PARTIAL_CONTENT |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1499 # RFC 2616 14.16: Content-Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1500 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1501 # Tell the client what data we are providing. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1502 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1503 # content-range-spec = byte-content-range-spec |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1504 # byte-content-range-spec = bytes-unit SP |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1505 # byte-range-resp-spec "/" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1506 # ( instance-length | "*" ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1507 # byte-range-resp-spec = (first-byte-pos "-" last-byte-pos) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1508 # | "*" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1509 # instance-length = 1 * DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1510 self.setHeader("Content-Range", |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1511 "bytes %d-%d/%d" % (first, last, length)) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1512 return (first, last - first + 1) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1513 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1514 def write_file(self, filename): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1515 """Send the contents of 'filename' to the user.""" |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1516 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1517 # Determine the length of the file. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1518 stat_info = os.stat(filename) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1519 length = stat_info[stat.ST_SIZE] |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1520 # Assume we will return the entire file. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1521 offset = 0 |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
1522 # If the headers have not already been finalized, |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1523 if not self.headers_done: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1524 # RFC 2616 14.19: ETag |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1525 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1526 # Compute the entity tag, in a format similar to that |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1527 # used by Apache. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1528 etag = '"%x-%x-%x"' % (stat_info[stat.ST_INO], |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1529 length, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1530 stat_info[stat.ST_MTIME]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1531 self.setHeader("ETag", etag) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1532 # RFC 2616 14.5: Accept-Ranges |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1533 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1534 # Let the client know that we will accept range requests. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1535 self.setHeader("Accept-Ranges", "bytes") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1536 # RFC 2616 14.35: Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1537 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1538 # If there is a Range header, we may be able to avoid |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1539 # sending the entire file. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1540 content_range = self.handle_range_header(length, etag) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1541 if content_range: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1542 offset, length = content_range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1543 # RFC 2616 14.13: Content-Length |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1544 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1545 # Tell the client how much data we are providing. |
| 4145 | 1546 self.setHeader("Content-Length", str(length)) |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1547 # Send the HTTP header. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1548 self.header() |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1549 # If the client doesn't actually want the body, or if we are |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1550 # indicating an invalid range. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1551 if (self.env['REQUEST_METHOD'] == 'HEAD' |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1552 or self.response_code == http_.client.REQUESTED_RANGE_NOT_SATISFIABLE): |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1553 return |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1554 # Use the optimized "sendfile" operation, if possible. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1555 if hasattr(self.request, "sendfile"): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1556 self._socket_op(self.request.sendfile, filename, offset, length) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1557 return |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1558 # Fallback to the "write" operation. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1559 f = open(filename, 'rb') |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1560 try: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1561 if offset: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1562 f.seek(offset) |
| 4077 | 1563 content = f.read(length) |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1564 finally: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1565 f.close() |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
1566 self.write(content) |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1567 |
|
2046
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
1568 def setHeader(self, header, value): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1569 """Override a header to be returned to the user's browser. |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1570 """ |
|
2046
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
1571 self.additional_headers[header] = value |
|
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
1572 |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
1573 def header(self, headers=None, response=None): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1574 """Put up the appropriate header. |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1575 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1576 if headers is None: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1577 headers = {'Content-Type':'text/html; charset=utf-8'} |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
1578 if response is None: |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
1579 response = self.response_code |
|
1130
89bd02ffe4af
tell clients/caches not to cache our dynamic bits
Richard Jones <richard@users.sourceforge.net>
parents:
1129
diff
changeset
|
1580 |
|
89bd02ffe4af
tell clients/caches not to cache our dynamic bits
Richard Jones <richard@users.sourceforge.net>
parents:
1129
diff
changeset
|
1581 # update with additional info |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
1582 headers.update(self.additional_headers) |
|
1130
89bd02ffe4af
tell clients/caches not to cache our dynamic bits
Richard Jones <richard@users.sourceforge.net>
parents:
1129
diff
changeset
|
1583 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1584 if headers.get('Content-Type', 'text/html') == 'text/html': |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1585 headers['Content-Type'] = 'text/html; charset=utf-8' |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1586 |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1587 headers = list(headers.items()) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1588 |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1589 for ((path, name), (value, expire)) in self._cookies.iteritems(): |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
1590 cookie = "%s=%s; Path=%s;"%(name, value, path) |
|
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
1591 if expire is not None: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1592 cookie += " expires=%s;"%get_cookie_date(expire) |
|
4586
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
1593 # mark as secure if https, see issue2550689 |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
1594 if self.secure: |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
1595 cookie += " secure;" |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
1596 # prevent theft of session cookie, see issue2550689 |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
1597 cookie += " HttpOnly;" |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1598 headers.append(('Set-Cookie', cookie)) |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1599 |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
1600 self._socket_op(self.request.start_response, headers, response) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1601 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1602 self.headers_done = 1 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1603 if self.debug: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1604 self.headers_sent = headers |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1605 |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1606 def add_cookie(self, name, value, expire=86400*365, path=None): |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1607 """Set a cookie value to be sent in HTTP headers |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1608 |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1609 Parameters: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1610 name: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1611 cookie name |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1612 value: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1613 cookie value |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1614 expire: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1615 cookie expiration time (seconds). |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1616 If value is empty (meaning "delete cookie"), |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1617 expiration time is forced in the past |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1618 and this argument is ignored. |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
1619 If None, the cookie will expire at end-of-session. |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1620 If omitted, the cookie will be kept for a year. |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1621 path: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1622 cookie path (optional) |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1623 |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1624 """ |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1625 if path is None: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1626 path = self.cookie_path |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1627 if not value: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1628 expire = -1 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1629 self._cookies[(path, name)] = (value, expire) |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1630 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1631 def make_user_anonymous(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1632 """ Make us anonymous |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1633 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1634 This method used to handle non-existence of the 'anonymous' |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1635 user, but that user is mandatory now. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1636 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1637 self.userid = self.db.user.lookup('anonymous') |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1638 self.user = 'anonymous' |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1639 |
|
1801
9f9d35f3d8f7
Change the message asking for confirmation of registration...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1799
diff
changeset
|
1640 def standard_message(self, to, subject, body, author=None): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1641 """Send a standard email message from Roundup. |
|
2248
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
1642 |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
1643 "to" - recipients list |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
1644 "subject" - Subject |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
1645 "body" - Message |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
1646 "author" - (name, address) tuple or None for admin email |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
1647 |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
1648 Arguments are passed to the Mailer.standard_message code. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1649 """ |
|
1799
071ea6fc803f
Extracted duplicated mail-sending code...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1798
diff
changeset
|
1650 try: |
|
1801
9f9d35f3d8f7
Change the message asking for confirmation of registration...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1799
diff
changeset
|
1651 self.mailer.standard_message(to, subject, body, author) |
|
1802
fe9d122f1bb1
Fix misnamed exception clause.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1801
diff
changeset
|
1652 except MessageSendError, e: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1653 self.add_error_message(str(e)) |
|
2248
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
1654 return 0 |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
1655 return 1 |
|
1467
378081f066cc
registration is now a two-step process with confirmation from the
Richard Jones <richard@users.sourceforge.net>
parents:
1456
diff
changeset
|
1656 |
|
2107
b7404a96b58a
minor pre-release / test fixes
Richard Jones <richard@users.sourceforge.net>
parents:
2082
diff
changeset
|
1657 def parsePropsFromForm(self, create=0): |
|
2010
1b11ffd8015e
forward-porting of fixed edit action / parsePropsFromForm...
Richard Jones <richard@users.sourceforge.net>
parents:
2005
diff
changeset
|
1658 return FormParser(self).parse(create=create) |
|
1b11ffd8015e
forward-porting of fixed edit action / parsePropsFromForm...
Richard Jones <richard@users.sourceforge.net>
parents:
2005
diff
changeset
|
1659 |
|
2799
9605965569b0
disallow caching of pages with error and/or ok messages.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2724
diff
changeset
|
1660 # vim: set et sts=4 sw=4 : |