def afterTraversal(event):
"""
check it should be blocked by lockout
"""
request = event.request
if not ICastleLayer.providedBy(request):
return
shield.protect(request)
resp = request.response
context = get_context_from_request(request)
cache_tags = set([
getattr(context, 'portal_type', '').lower().replace(' ', '-'),
getattr(context, 'meta_type', '').lower().replace(' ', '-'),
IUUID(context, ''),
urlparse(request.URL).netloc.lower().replace('.', '').replace(':', '')
])
resp.setHeader('Cache-Tag', ','.join(t for t in cache_tags if t))
# Prevent IE and Chrome from incorrectly detecting non-scripts as scripts
resp.setHeader('X-Content-Type-Options', 'nosniff')
# prevent some XSS from browser
resp.setHeader('X-XSS-Protection', '1; mode=block')
def transformIterable(self, result, encoding):
"""
Apply our customize transform that attempts to provide
b/w compatibility with diazo if user still tries to use
a diazo powered theme.
"""
if self.request.response.getHeader('X-Theme-Applied'):
return
if not isinstance(result, XMLSerializer):
return
# Obtain settings. Do nothing if not found
policy = theming_policy(self.request)
settings = policy.getSettings()
if settings is None:
return None
if not policy.isThemeEnabled():
return None
try:
if isPloneTheme(settings):
# XXX old style theme
# manual render tiles, then do theme transform
result.tree = tiles.renderTiles(self.request, result.tree)
result = self._old_transformIterable(result, encoding)
return result
except AttributeError:
pass
DevelopmentMode = Globals.DevelopmentMode
try:
# if we are here, it means we are rendering the the
# classic way and we need to do replacements.
# check for #visual-portal-wrapper to make sure we need
# transform this response
# XXX WARNING: THIS IS NECESSARY
wrapper = wrapper_xpath(result.tree)
if len(wrapper) == 0:
return None
context = get_context_from_request(self.request)
transform = getTransform(context, self.request)
if transform is None:
return None
transformed = transform(self.request, result, context=context)
if transformed is None:
return None
result = transformed
if settings.doctype:
result.doctype = settings.doctype
if not result.doctype.endswith('\n'):
result.doctype += '\n'
return result
except etree.LxmlError:
if not (DevelopmentMode):
raise
return result
def add(self, text, type=u'info'):
if self.anon:
return super(CastleStatusMessage, self).add(text, type)
try:
text = translate(text)
except Exception:
pass
cache_key = self.get_cache_key()
try:
messages = cache.get(cache_key)
except KeyError:
messages = []
site_path = context_path = '/'.join(self.site_path)
context = get_context_from_request(self.context)
if context:
try:
context_path = '/'.join(context.getPhysicalPath())
except AttributeError:
pass
messages.append({
'text': text,
'type': type,
'timestamp': time.time(),
'context': context_path[len(site_path):]
})
messages = messages[-self.max_messages:]
# cache for 1 hour, should it be longer? shorter?
cache.set(cache_key, messages, 1 * 60 * 60)
def afterTraversal(event):
"""
check if it should be blocked by lockout
"""
request = event.request
if not ICastleLayer.providedBy(request):
return
robot_view = shield.protect(request)
resp = request.response
if robot_view:
resp.setBody(robot_view, lock=True)
resp.setHeader('X-Robots-Tag', 'noindex')
context = get_context_from_request(request)
if api.user.is_anonymous():
if hasattr(context, 'UID'):
if not api.portal.get_registry_record(
'plone.allow_public_in_private_container', default=False):
try:
brain = api.portal.get_tool('portal_catalog')(
UID=context.UID())[0]
if getattr(brain, 'has_private_parents', False):
raise NotFound
except IndexError:
pass # brain 0 was not found by its UID
cache_tags = set([
getattr(context, 'portal_type', '').lower().replace(' ', '-'),
getattr(context, 'meta_type', '').lower().replace(' ', '-'),
IUUID(context, ''),
urlparse(request.URL).netloc.lower().replace('.', '').replace(':', '')
])
resp.setHeader('Cache-Tag', ','.join(t for t in cache_tags if t))
# Prevent IE and Chrome from incorrectly detecting non-scripts as scripts
resp.setHeader('X-Content-Type-Options', 'nosniff')
# prevent some XSS from browser
resp.setHeader('X-XSS-Protection', '1; mode=block')