"""WWW request handler (also used in the stand-alone server). """ __docformat__ = 'restructuredtext' import base64, binascii, cgi, codecs, mimetypes, os import quopri, random, re, rfc822, stat, sys, time import socket, errno from traceback import format_exc from roundup import roundupdb, date, hyperdb, password from roundup.cgi import templating, cgitb, TranslationService from roundup.cgi.actions import * from roundup.exceptions import * from roundup.cgi.exceptions import * from roundup.cgi.form_parser import FormParser from roundup.mailer import Mailer, MessageSendError, encode_quopri from roundup.cgi import accept_language from roundup import xmlrpc from roundup.anypy.cookie_ import CookieError, BaseCookie, SimpleCookie, \ get_cookie_date from roundup.anypy.io_ import StringIO from roundup.anypy import http_ from roundup.anypy import urllib_ from email.MIMEBase import MIMEBase from email.MIMEText import MIMEText from email.MIMEMultipart import MIMEMultipart def initialiseSecurity(security): '''Create some Permissions and Roles on the security object This function is directly invoked by security.Security.__init__() as a part of the Security object instantiation. ''' p = security.addPermission(name="Web Access", description="User may access the web interface") security.addPermissionToRole('Admin', p) # doing Role stuff through the web - make sure Admin can # TODO: deprecate this and use a property-based control p = security.addPermission(name="Web Roles", description="User may manipulate user Roles through the web") security.addPermissionToRole('Admin', p) # used to clean messages passed through CGI variables - HTML-escape any tag # that isn't , , and
(including XHTML variants) so # that people can't pass through nasties like