def addwords(cfield, field): if hk(cfield) and crit(cfield) != "": words = crit(cfield).split(" ") for w in words: c.append( "(LOWER(%s) LIKE '%%%s%%' OR LOWER(%s) LIKE '%%%s%%')" % (field, w.lower(), field, utils.decode_html(w.lower())))
def addwords(cfield, field): if hk(cfield) and crit(cfield) != "": words = crit(cfield).split(" ") for w in words: c.append("(LOWER(%s) LIKE '%%%s%%' OR LOWER(%s) LIKE '%%%s%%')" % ( field, w.lower(), field, utils.decode_html(w.lower()) ))
def ds(s): """ Formats a value as a string for the database """ if s is None: return u"NULL" elif type(s) != str and type(s) != unicode: return u"'%s'" % str(s) elif not DB_DECODE_HTML_ENTITIES: return u"'%s'" % utils.encode_html(s).replace("'", "`").replace( "\\", "\\\\") else: return u"'%s'" % utils.decode_html( s.replace("'", "`").replace("\\", "\\\\"))
def ds(s, sanitise_xss = True): """ Formats a value as a string for the database """ if s is None: return u"NULL" elif type(s) != str and type(s) != unicode: return u"'%s'" % str(s) elif not DB_DECODE_HTML_ENTITIES: s = utils.encode_html(s) # Turn any leftover unicode chars into HTML entities s = escape(s) # DB/SQL injection safe if sanitise_xss: s = escape_xss(s) # XSS return u"'%s'" % s else: s = utils.decode_html(s) # Turn HTML entities into unicode symbols s = escape(s) # DB/SQL Injection safe if sanitise_xss: s = escape_xss(s) # XSS return u"'%s'" % s
def encode_str_before_write(self, values): """ Fix and encode/decode any string values before storing them in the database. string column names with an asterisk will not do XSS escaping. """ for k, v in values.copy().iteritems(): # Work from a copy to prevent iterator problems if utils.is_str(v) or utils.is_unicode(v): if not DB_DECODE_HTML_ENTITIES: # Store HTML entities as is v = utils.encode_html(v) # Turn any unicode chars into HTML entities else: v = utils.decode_html(v) # Turn HTML entities into unicode chars if k.find("*") != -1: # If there's an asterisk in the name, remove it so that the # value is stored again below, but without XSS escaping del values[k] k = k.replace("*", "") else: # Otherwise, do XSS escaping v = self.escape_xss(v) v = self.escape_apos(v) values[k] = u"%s" % v return values
template = configuration.facebook_template(dbo) posttext = wordprocessor.substitute_tags(template, tags, False, "$$", "$$") # Post on the wall try: l = dbo.locale fb_url = "https://graph.facebook.com/%s/photos?access_token=%s" % ( post_to, access_token) al.debug( "FB posting photo and text '%s' to '%s' at %s" % (posttext, page_name, fb_url), "social.post_animal_facebook", dbo) imagedata = dbfs.get_string(dbo, a["WEBSITEMEDIANAME"]) req, hdr, response = utils.post_multipart( fb_url, (("message", utils.decode_html(posttext).encode("utf-8")), ), (("source", "pic.jpg", imagedata), )) al.debug("FB response: %s" % response, "social.post_animal_facebook", dbo) # If the option is on and all was ok, make a note in the log if configuration.facebook_log(dbo): al.debug( "FB writing entry to animal log: %s %s" % (a["SHELTERCODE"], a["ANIMALNAME"]), "social.post_animal_facebook", dbo) log.add_log( dbo, user, log.ANIMAL, utils.cint(oauth_state[1:]), configuration.facebook_log_type(dbo), _("{0} {1}: posted to Facebook page {2} by {3}", l).format(a["SHELTERCODE"], a["ANIMALNAME"], page_name,
def addstr(cfield, field): if hk(cfield) and criteria[cfield] != "": c.append("(LOWER(%s) LIKE '%%%s%%' OR LOWER(%s) LIKE '%%%s%%')" % (field, criteria[cfield].lower().replace("'", "`"), field, utils.decode_html(criteria[cfield].lower().replace( ";", "`").replace("'", "`"))))
# Generate the body of the post from our facebook template tags = wordprocessor.animal_tags(dbo, a) template = configuration.facebook_template(dbo) posttext = wordprocessor.substitute_tags(template, tags, False, "$$", "$$") # Post on the wall try: l = dbo.locale fb_url = "https://graph.facebook.com/%s/photos?access_token=%s" % ( post_to, access_token) al.debug( "FB posting photo and text '%s' to '%s' at %s" % (posttext, page_name, fb_url), "social.post_animal_facebook", dbo) imagedata = dbfs.get_string(dbo, a["WEBSITEMEDIANAME"]) message = utils.decode_html(posttext).encode("utf-8") r = utils.post_multipart( fb_url, {"message": message}, {"source": ("pic.jpg", imagedata, "image/jpeg")}) al.debug("FB response: %s" % r["response"], "social.post_animal_facebook", dbo) # If the option is on and all was ok, make a note in the log if configuration.facebook_log(dbo): al.debug( "FB writing entry to animal log: %s %s" % (a["SHELTERCODE"], a["ANIMALNAME"]), "social.post_animal_facebook", dbo) log.add_log( dbo, user, log.ANIMAL, utils.cint(oauth_state[1:]), configuration.facebook_log_type(dbo),
if a is None: raise utils.ASMValidationError("Facebook response did not contain a valid animal ID (got %s)" % oauth_state[1:]) # Generate the body of the post from our facebook template tags = wordprocessor.animal_tags(dbo, a) template = configuration.facebook_template(dbo) posttext = wordprocessor.substitute_tags(template, tags, False, "$$", "$$") # Post on the wall try: l = dbo.locale fb_url = "https://graph.facebook.com/%s/photos?access_token=%s" % (post_to, access_token) al.debug("FB posting photo and text '%s' to '%s' at %s" % (posttext, page_name, fb_url), "social.post_animal_facebook", dbo) imagedata = dbfs.get_string(dbo, a["WEBSITEMEDIANAME"]) req, hdr, response = utils.post_multipart(fb_url, ( ("message", utils.decode_html(posttext).encode("utf-8")),), ( ("source", "pic.jpg", imagedata), )) al.debug("FB response: %s" % response, "social.post_animal_facebook", dbo) # If the option is on and all was ok, make a note in the log if configuration.facebook_log(dbo): al.debug("FB writing entry to animal log: %s %s" % (a["SHELTERCODE"], a["ANIMALNAME"]), "social.post_animal_facebook", dbo) log.add_log(dbo, user, log.ANIMAL, utils.cint(oauth_state[1:]), configuration.facebook_log_type(dbo), _("{0} {1}: posted to Facebook page {2} by {3}", l).format(a["SHELTERCODE"], a["ANIMALNAME"], page_name, user)) except urllib2.HTTPError,herr: em = str(herr.read()) al.error("Failed posting photo to facebook: %s" % em, "social.post_animal_facebook", dbo, sys.exc_info()) raise utils.ASMValidationError("Failed posting photo and details to Facebook (http).") except Exception,err: em = str(err)
def addstr(cfield, field): if hk(cfield) and criteria[cfield] != "": c.append("(LOWER(%s) LIKE '%%%s%%' OR LOWER(%s) LIKE '%%%s%%')" % ( field, criteria[cfield].lower().replace("'", "`"), field, utils.decode_html(criteria[cfield].lower().replace(";", "`").replace("'", "`")) ))