Beispiel #1
0
    def validate_test_case(self, req, postname, version, fields):
        if 'testcase-preview' in req.args:
            return []

        qa_res = Resource('qa', postname, version)

        if req.perm(qa_res).has_permission('QA_ADMIN'):
            return []

        if version > 1:
            bp = BlogPost(self.env, postname, version)
            last_post_fields = bp._fetch_fields(version=version - 1)
        else:
            last_post_fields = {}

        field_names = set(fields).union(last_post_fields)
        changes = []

        for field in field_names:
            old = to_unicode(last_post_fields.get(field, ''))
            new = to_unicode(fields.get(field, ''))
            if new and old != new:
                changes.append((old, new))
        author = fields.get('author', '')

        if arity(FilterSystem.test) == 4:
            # 0.11 compatible method signature
            FilterSystem(self.env).test(req, author, changes)
        else:
            # 0.12+ compatible that adds an 'ip' argument
            FilterSystem(self.env).test(req, author, changes, req.remote_addr)
        return []
Beispiel #2
0
    def _process_monitoring_panel(self, req):
        req.perm.assert_permission('SPAM_TRAIN')

        filtersys = FilterSystem(self.env)

        if 'markspam' in req.args or 'markham' in req.args:
            spam = 'markspam' in req.args
            for entry_id in req.args.getlist('sel'):
                filtersys.train(req, entry_id, spam=spam)

        elif 'delete' in req.args:
            for entry_id in req.args.getlist('sel'):
                LogEntry.delete(self.env, entry_id)

        return True
    def validate_blog_comment(self, req, postname, fields):
        if 'previewcomment' in req.args:
            return []

        blog_res = Resource('blog', postname)
        if req.perm(blog_res).has_permission('BLOG_ADMIN'):
            return []

        author = fields.get('author', '')
        changes = [(None, fields.get('comment', '')), (None, author)]
        if arity(FilterSystem.test) == 4:
            # 0.11 compatible method signature
            FilterSystem(self.env).test(req, author, changes)
        else:
            # 0.12+ compatible that adds an 'ip' argument
            FilterSystem(self.env).test(req, author, changes, req.remote_addr)
        return []
Beispiel #4
0
 def filter_topic(self, context, topic):
     # Test topic for spam.
     try:
         if arity(FilterSystem.test) == 4:  #SpamFilter < 0.3.2 or >= 0.7.0
             FilterSystem(self.env).test(context.req, topic['author'],
                                         [(None, topic['author']),
                                          (None, topic['subject']),
                                          (None, topic['body'])])
         else:  #SpamFilter >= 0.3.2 or < 0.7.0
             FilterSystem(self.env).test(context.req, topic['author'],
                                         [(None, topic['author']),
                                          (None, topic['subject']),
                                          (None, topic['body'])],
                                         context.req.remote_addr)
     except RejectContent, error:
         # Topic contains spam.
         return False, error.message
Beispiel #5
0
 def filter_message(self, context, message):
     # Test message for spam.
     try:
         FilterSystem(self.env).test(context.req, message['author'],
                                     [(None, message['author']),
                                      (None, message['body'])])
     except RejectContent, error:
         # Message contains spam.
         return False, error.message
Beispiel #6
0
 def validate_topic(self, req, author, subject, body):
     if req.perm.has_permission('TICKET_ADMIN'):
         # An administrator is allowed to spam
         return []
     if 'preview' in req.args:
         # Only a preview, no need to filter the submission yet
         return []
     changes = [(None, body)]
     FilterSystem(self.env).test(req, author, changes)
     return []
Beispiel #7
0
    def process_request(self, req):
        req.perm.assert_permission('GUESTBOOK_VIEW')

        # getting cursor
        db = self.env.get_db_cnx()
        cursor = db.cursor()

        if req.args.has_key('action'):
            # process append request
            if req.args['action'] == 'newentry':
                req.perm.assert_permission('GUESTBOOK_APPEND')

                # get form values
                author = req.args['author']
                title = req.args['title']
                text = req.args['text']

                # check for spam
                self.log.debug('has_spam_filter: %s' % (has_spam_filter, ))
                if has_spam_filter:
                    FilterSystem(self.env).test(req, author, [(None, title),
                                                              (None, text)])

                self._append_message(cursor, author, title, text)

            # process delete request
            if req.args['action'] == 'delete':
                req.perm.assert_permission('GUESTBOOK_DELETE')
                self._delete_message(cursor, req.args['id'])

        # adding stylesheets
        add_stylesheet(req, 'common/css/wiki.css')
        add_stylesheet(req, 'guestbook/css/guestbook.css')

        # adding scripts
        add_script(req, 'common/js/trac.js')
        add_script(req, 'common/js/wikitoolbar.js')

        # passing variables to template
        req.hdf['guestbook.title'] = self.env.config.get(
            'guestbook', 'title', 'Guestbook')
        req.hdf['guestbook.messages'] = self._get_messages(req, cursor)
        req.hdf['guestbook.append'] = req.perm.has_permission('GUESTBOOK_VIEW')

        # database commit and return page content
        db.commit()
        return 'guestbook.cs', 'text/html'
Beispiel #8
0
    def nuke_user(self, username):
        db = self.env.get_db_cnx()
        cursor = db.cursor()
        print "Nuking %r..." % username

        cursor.execute('SELECT id FROM ticket WHERE reporter=%s', (username, ))
        ticketids = [row[0] for row in cursor.fetchall()]
        if ticketids:
            print "deleting tickets %s reported by %s" % (ticketids, username)
            for id_ in ticketids:
                Ticket(self.env, id_).delete()
        else:
            print "No tickets reported by", username
        cursor.execute(
            "SELECT ticket,time FROM ticket_change WHERE author=%s AND field = 'comment'",
            (username, ))

        comments = cursor.fetchall()
        if comments:
            # XXX is there an API for this? can't find one.
            print "deleting comments %s by %s" % (comments, username)
            cursor.execute(
                "DELETE FROM ticket_change WHERE author=%s AND field = 'comment'",
                (username, ))
        else:
            print "No comments by", username

        # Hooking into TracSpamFilter here.
        # Train all entries for this user, then delete.
        try:
            import tracspamfilter
        except ImportError:
            pass
        else:
            from tracspamfilter.api import FilterSystem
            handler = FilterSystem(self.compmgr)

            class fakerequest(object):
                # stuff needed by Request(); the filter builds a new one
                # and it assumes it was triggered by an HTTP request.
                environ = {'wsgi.url_scheme': 'http'}

            # Unfortunately, tracspamfilter.model.LogEntry.select()
            # doesn't support querying by author. Not much of an ORM, eh?
            cursor.execute("SELECT id FROM spamfilter_log WHERE author=%s",
                           (username, ))
            entries = [row[0] for row in cursor.fetchall()]

            # Bug: For some reason this hangs on handler.train(),
            # likely upstream services being slow?
            print "Training and deleting %d spamfilter log entries" % len(
                entries)
            for entry in entries:
                print "Training %s..." % entry
                handler.train(fakerequest, entry, spam=True)
            cursor.execute("DELETE FROM spamfilter_log WHERE author=%s",
                           (username, ))

        import acct_mgr.api
        account_mgr = acct_mgr.api.AccountManager(self.env)
        delete_enabled = account_mgr.supports('delete_user')
        if delete_enabled:
            account_mgr.delete_user(username)
            # XXX auth_cookie rows do not actually seem to get deleted?
            # is there an API for this?
            cursor.execute('DELETE FROM auth_cookie WHERE name=%s',
                           (username, ))
            print "Deleted %r!" % username
        else:
            print "The password store does not support deleting users."
    def nuke_user(self, username):
        db = self.env.get_db_cnx()
        cursor = db.cursor()
        print "Nuking %r..." % username

        cursor.execute('SELECT id FROM ticket WHERE reporter=%s', (username,))
        ticketids = [row[0] for row in cursor.fetchall()]
        if ticketids:
            print "deleting tickets %s reported by %s" % (ticketids, username)
            for id_ in ticketids:
                Ticket(self.env, id_).delete()
        else:
            print "No tickets reported by", username
        cursor.execute("SELECT ticket,time FROM ticket_change WHERE author=%s AND field = 'comment'", (username,))

        comments = cursor.fetchall()
        if comments:
            # XXX is there an API for this? can't find one.
            print "deleting comments %s by %s" % (comments, username)
            cursor.execute("DELETE FROM ticket_change WHERE author=%s AND field = 'comment'", (username,))
        else:
            print "No comments by", username

        # Hooking into TracSpamFilter here.
        # Train all entries for this user, then delete.
        try:
            import tracspamfilter
        except ImportError:
            pass
        else:
            from tracspamfilter.api import FilterSystem
            handler =  FilterSystem(self.compmgr)
            class fakerequest(object):
                # stuff needed by Request(); the filter builds a new one
                # and it assumes it was triggered by an HTTP request.
                environ = {'wsgi.url_scheme': 'http'}
            # Unfortunately, tracspamfilter.model.LogEntry.select()
            # doesn't support querying by author. Not much of an ORM, eh?
            cursor.execute("SELECT id FROM spamfilter_log WHERE author=%s",
                           (username,))
            entries = [row[0] for row in cursor.fetchall()]

            # Bug: For some reason this hangs on handler.train(),
            # likely upstream services being slow?
            print "Training and deleting %d spamfilter log entries" % len(entries)
            for entry in entries:
                print "Training %s..." % entry
                handler.train(fakerequest, entry, spam=True)
            cursor.execute("DELETE FROM spamfilter_log WHERE author=%s",
                           (username,))


        import acct_mgr.api
        account_mgr = acct_mgr.api.AccountManager(self.env)
        delete_enabled = account_mgr.supports('delete_user')
        if delete_enabled:
            account_mgr.delete_user(username)
            # XXX auth_cookie rows do not actually seem to get deleted?
            # is there an API for this?
            cursor.execute('DELETE FROM auth_cookie WHERE name=%s', (username,))
            print "Deleted %r!" % username
        else:
            print "The password store does not support deleting users."