Mercurial > p > roundup > code

view website/issues/extensions/timestamp.py @ 6098:72a281a55a17

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Disable rst raw and include directives. reStructuredText has some directives that can include files or pass raw html to the output. Create new property so user can enable raw or include directives if desired. See: https://docutils.sourceforge.io/docs/howto/security.html for details.
author John Rouillard <rouilj@ieee.org>
date Thu, 20 Feb 2020 21:38:32 -0500
parents 35ea9b1efc14
children
line wrap: on
line source

import time, struct, base64
from roundup.cgi.actions import RegisterAction
from roundup.cgi.exceptions import *

def timestamp():
    return base64.encodestring(struct.pack("i", time.time())).strip()

def unpack_timestamp(s):
    return struct.unpack("i",base64.decodestring(s))[0]

class Timestamped:
    def check(self):
        try:
            created = unpack_timestamp(self.form['opaque'].value)
        except KeyError:
            raise FormError("somebody tampered with the form")
        if time.time() - created < 4:
            raise FormError("responding to the form too quickly")
        return True

class TimestampedRegister(Timestamped, RegisterAction):
    def permission(self):
        self.check()
        RegisterAction.permission(self)

def init(instance):
    instance.registerUtil('timestamp', timestamp)
    instance.registerAction('register', TimestampedRegister)
Roundup Issue Tracker: http://roundup-tracker.org/