def addwords(cfield, field):
if hk(cfield) and crit(cfield) != "":
words = crit(cfield).split(" ")
for w in words:
c.append(
"(LOWER(%s) LIKE '%%%s%%' OR LOWER(%s) LIKE '%%%s%%')" %
(field, w.lower(), field, utils.decode_html(w.lower())))
def addwords(cfield, field):
if hk(cfield) and crit(cfield) != "":
words = crit(cfield).split(" ")
for w in words:
c.append("(LOWER(%s) LIKE '%%%s%%' OR LOWER(%s) LIKE '%%%s%%')" % (
field, w.lower(),
field, utils.decode_html(w.lower())
))
def ds(s):
""" Formats a value as a string for the database """
if s is None:
return u"NULL"
elif type(s) != str and type(s) != unicode:
return u"'%s'" % str(s)
elif not DB_DECODE_HTML_ENTITIES:
return u"'%s'" % utils.encode_html(s).replace("'", "`").replace(
"\\", "\\\\")
else:
return u"'%s'" % utils.decode_html(
s.replace("'", "`").replace("\\", "\\\\"))
def ds(s, sanitise_xss = True):
""" Formats a value as a string for the database """
if s is None:
return u"NULL"
elif type(s) != str and type(s) != unicode:
return u"'%s'" % str(s)
elif not DB_DECODE_HTML_ENTITIES:
s = utils.encode_html(s) # Turn any leftover unicode chars into HTML entities
s = escape(s) # DB/SQL injection safe
if sanitise_xss: s = escape_xss(s) # XSS
return u"'%s'" % s
else:
s = utils.decode_html(s) # Turn HTML entities into unicode symbols
s = escape(s) # DB/SQL Injection safe
if sanitise_xss: s = escape_xss(s) # XSS
return u"'%s'" % s
def encode_str_before_write(self, values):
""" Fix and encode/decode any string values before storing them in the database.
string column names with an asterisk will not do XSS escaping.
"""
for k, v in values.copy().iteritems(): # Work from a copy to prevent iterator problems
if utils.is_str(v) or utils.is_unicode(v):
if not DB_DECODE_HTML_ENTITIES: # Store HTML entities as is
v = utils.encode_html(v) # Turn any unicode chars into HTML entities
else:
v = utils.decode_html(v) # Turn HTML entities into unicode chars
if k.find("*") != -1:
# If there's an asterisk in the name, remove it so that the
# value is stored again below, but without XSS escaping
del values[k]
k = k.replace("*", "")
else:
# Otherwise, do XSS escaping
v = self.escape_xss(v)
v = self.escape_apos(v)
values[k] = u"%s" % v
return values
template = configuration.facebook_template(dbo)
posttext = wordprocessor.substitute_tags(template, tags, False, "$$", "$$")
# Post on the wall
try:
l = dbo.locale
fb_url = "https://graph.facebook.com/%s/photos?access_token=%s" % (
post_to, access_token)
al.debug(
"FB posting photo and text '%s' to '%s' at %s" %
(posttext, page_name, fb_url), "social.post_animal_facebook", dbo)
imagedata = dbfs.get_string(dbo, a["WEBSITEMEDIANAME"])
req, hdr, response = utils.post_multipart(
fb_url,
(("message", utils.decode_html(posttext).encode("utf-8")), ),
(("source", "pic.jpg", imagedata), ))
al.debug("FB response: %s" % response, "social.post_animal_facebook",
dbo)
# If the option is on and all was ok, make a note in the log
if configuration.facebook_log(dbo):
al.debug(
"FB writing entry to animal log: %s %s" %
(a["SHELTERCODE"], a["ANIMALNAME"]),
"social.post_animal_facebook", dbo)
log.add_log(
dbo, user, log.ANIMAL, utils.cint(oauth_state[1:]),
configuration.facebook_log_type(dbo),
_("{0} {1}: posted to Facebook page {2} by {3}",
l).format(a["SHELTERCODE"], a["ANIMALNAME"], page_name,
def addstr(cfield, field):
if hk(cfield) and criteria[cfield] != "":
c.append("(LOWER(%s) LIKE '%%%s%%' OR LOWER(%s) LIKE '%%%s%%')" %
(field, criteria[cfield].lower().replace("'", "`"), field,
utils.decode_html(criteria[cfield].lower().replace(
";", "`").replace("'", "`"))))
# Generate the body of the post from our facebook template
tags = wordprocessor.animal_tags(dbo, a)
template = configuration.facebook_template(dbo)
posttext = wordprocessor.substitute_tags(template, tags, False, "$$", "$$")
# Post on the wall
try:
l = dbo.locale
fb_url = "https://graph.facebook.com/%s/photos?access_token=%s" % (
post_to, access_token)
al.debug(
"FB posting photo and text '%s' to '%s' at %s" %
(posttext, page_name, fb_url), "social.post_animal_facebook", dbo)
imagedata = dbfs.get_string(dbo, a["WEBSITEMEDIANAME"])
message = utils.decode_html(posttext).encode("utf-8")
r = utils.post_multipart(
fb_url, {"message": message},
{"source": ("pic.jpg", imagedata, "image/jpeg")})
al.debug("FB response: %s" % r["response"],
"social.post_animal_facebook", dbo)
# If the option is on and all was ok, make a note in the log
if configuration.facebook_log(dbo):
al.debug(
"FB writing entry to animal log: %s %s" %
(a["SHELTERCODE"], a["ANIMALNAME"]),
"social.post_animal_facebook", dbo)
log.add_log(
dbo, user, log.ANIMAL, utils.cint(oauth_state[1:]),
configuration.facebook_log_type(dbo),
if a is None:
raise utils.ASMValidationError("Facebook response did not contain a valid animal ID (got %s)" % oauth_state[1:])
# Generate the body of the post from our facebook template
tags = wordprocessor.animal_tags(dbo, a)
template = configuration.facebook_template(dbo)
posttext = wordprocessor.substitute_tags(template, tags, False, "$$", "$$")
# Post on the wall
try:
l = dbo.locale
fb_url = "https://graph.facebook.com/%s/photos?access_token=%s" % (post_to, access_token)
al.debug("FB posting photo and text '%s' to '%s' at %s" % (posttext, page_name, fb_url), "social.post_animal_facebook", dbo)
imagedata = dbfs.get_string(dbo, a["WEBSITEMEDIANAME"])
req, hdr, response = utils.post_multipart(fb_url, ( ("message", utils.decode_html(posttext).encode("utf-8")),), ( ("source", "pic.jpg", imagedata), ))
al.debug("FB response: %s" % response, "social.post_animal_facebook", dbo)
# If the option is on and all was ok, make a note in the log
if configuration.facebook_log(dbo):
al.debug("FB writing entry to animal log: %s %s" % (a["SHELTERCODE"], a["ANIMALNAME"]), "social.post_animal_facebook", dbo)
log.add_log(dbo, user, log.ANIMAL, utils.cint(oauth_state[1:]), configuration.facebook_log_type(dbo),
_("{0} {1}: posted to Facebook page {2} by {3}", l).format(a["SHELTERCODE"], a["ANIMALNAME"], page_name,
user))
except urllib2.HTTPError,herr:
em = str(herr.read())
al.error("Failed posting photo to facebook: %s" % em, "social.post_animal_facebook", dbo, sys.exc_info())
raise utils.ASMValidationError("Failed posting photo and details to Facebook (http).")
except Exception,err:
em = str(err)
def addstr(cfield, field):
if hk(cfield) and criteria[cfield] != "":
c.append("(LOWER(%s) LIKE '%%%s%%' OR LOWER(%s) LIKE '%%%s%%')" % (
field, criteria[cfield].lower().replace("'", "`"),
field, utils.decode_html(criteria[cfield].lower().replace(";", "`").replace("'", "`"))
))
