def test_indenting_rule_message(self):
        """webmessage - return email-like indenting rule"""
        text = """>>Brave Sir Robin ran away...
<img src="malicious_script"/>*No!*
>>bravely ran away away...
I didn't!*<script>malicious code</script>
>>When danger reared its ugly head, he bravely turned his tail and fled.
<form onload="malicious"></form>*I never did!*
"""
        expected_text = """>>Brave Sir Robin ran away...
&lt;img src="malicious_script" /&gt;*No!*
>>bravely ran away away...
I didn't!*&lt;script&gt;malicious code&lt;/script&gt;
>>When danger reared its ugly head, he bravely turned his tail and fled.
&lt;form onload="malicious"&gt;&lt;/form&gt;*I never did!*
"""

        res = webmessage_mailutils.escape_email_quoted_text(text, indent_txt=">>", linebreak_txt="\n")
        self.assertEqual(res, expected_text)
Example #2
0
    def test_indenting_rule_message(self):
        """webmessage - return email-like indenting rule"""
        text = """>>Brave Sir Robin ran away...
<img src="malicious_script"/>*No!*
>>bravely ran away away...
I didn't!*<script>malicious code</script>
>>When danger reared its ugly head, he bravely turned his tail and fled.
<form onload="malicious"></form>*I never did!*
"""
        expected_text = """>>Brave Sir Robin ran away...
&lt;img src="malicious_script" /&gt;*No!*
>>bravely ran away away...
I didn't!*&lt;script&gt;malicious code&lt;/script&gt;
>>When danger reared its ugly head, he bravely turned his tail and fled.
&lt;form onload="malicious"&gt;&lt;/form&gt;*I never did!*
"""

        res = webmessage_mailutils.escape_email_quoted_text(text,
                                                            indent_txt='>>',
                                                            linebreak_txt='\n')
        self.assertEqual(res, expected_text)
    def send(self, req, form):
        """
        Sends the message.

        Possible form keys:
        @param msg_to_user: comma separated usernames.
        @type msg_to_user: string
        @param msg_to_group: comma separated groupnames.
        @type msg_to_group: string
        @param msg_subject: message subject.
        @type msg_subject: string
        @param msg_body: message body.
        @type msg_body: string
        @param msg_send_year: year to send this message on.
        @type msg_send_year: int
        @param_msg_send_month: month to send this message on
        @type msg_send_month: year
        @param_msg_send_day: day to send this message on
        @type msg_send_day: int
        @param results_field: value determining which results field to display.
                              See CFG_WEBMESSAGE_RESULTS_FIELD in
                              webmessage_config.py.
        @param names_to_add: list of usernames to add to
                             msg_to_user / group.
        @type names_to_add: list of strings
        @param search_pattern: will search for users/groups with this pattern.
        @type search_pattern: string
        @param add_values: if 1 users_to_add will be added to msg_to_user
                           field.
        @type add_values: int
        @param *button: which button was pressed.
        @param ln: language.
        @type ln: string
        @return: a (body, errors, warnings) formed tuple.
        @rtype: tuple
        """
        argd = wash_urlargd(
            form, {
                'msg_to_user': (str, ""),
                'msg_to_group': (str, ""),
                'msg_subject': (str, ""),
                'msg_body': (str, ""),
                'msg_send_year': (int, 0),
                'msg_send_month': (int, 0),
                'msg_send_day': (int, 0),
                'results_field': (str, CFG_WEBMESSAGE_RESULTS_FIELD['NONE']),
                'names_selected': (list, []),
                'search_pattern': (str, ""),
                'send_button': (str, ""),
                'search_user': (str, ""),
                'search_group': (str, ""),
                'add_user': (str, ""),
                'add_group': (str, ""),
            })
        # Check if user is logged
        uid = getUid(req)
        _ = gettext_set_language(argd['ln'])
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourmessages/send" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="yourmessages")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req, "%s/youraccount/login%s" %
                (CFG_SITE_SECURE_URL,
                 make_canonical_urlargd(
                     {
                         'referer':
                         "%s/yourmessages/send%s" %
                         (CFG_SITE_URL, make_canonical_urlargd(argd, {})),
                         "ln":
                         argd['ln']
                     }, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_usemessages']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use messages."))

        if argd['send_button']:
            (body, errors, warnings, title, navtrail) = perform_request_send(
                uid=uid,
                msg_to_user=argd['msg_to_user'],
                msg_to_group=argd['msg_to_group'],
                msg_subject=escape_html(argd['msg_subject']),
                msg_body=escape_email_quoted_text(argd['msg_body']),
                msg_send_year=argd['msg_send_year'],
                msg_send_month=argd['msg_send_month'],
                msg_send_day=argd['msg_send_day'],
                ln=argd['ln'])
        else:
            title = _('Write a message')
            navtrail = get_navtrail(argd['ln'], title)
            if argd['search_user']:
                argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['USER']
            elif argd['search_group']:
                argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['GROUP']
            add_values = 0
            if argd['add_group'] or argd['add_user']:
                add_values = 1
            (body, errors, warnings) = perform_request_write_with_search(
                uid=uid,
                msg_to_user=argd['msg_to_user'],
                msg_to_group=argd['msg_to_group'],
                msg_subject=escape_html(argd['msg_subject']),
                msg_body=escape_email_quoted_text(argd['msg_body']),
                msg_send_year=argd['msg_send_year'],
                msg_send_month=argd['msg_send_month'],
                msg_send_day=argd['msg_send_day'],
                names_selected=argd['names_selected'],
                search_pattern=argd['search_pattern'],
                results_field=argd['results_field'],
                add_values=add_values,
                ln=argd['ln'])
        return page(title=title,
                    body=body,
                    navtrail=navtrail,
                    uid=uid,
                    lastupdated=__lastupdated__,
                    req=req,
                    language=argd['ln'],
                    errors=errors,
                    warnings=warnings,
                    navmenuid="yourmessages",
                    secure_page_p=1)
    def send(self, req, form):
        """
        Sends the message.

        Possible form keys:
        @param msg_to_user: comma separated usernames.
        @type msg_to_user: string
        @param msg_to_group: comma separated groupnames.
        @type msg_to_group: string
        @param msg_subject: message subject.
        @type msg_subject: string
        @param msg_body: message body.
        @type msg_body: string
        @param msg_send_year: year to send this message on.
        @type msg_send_year: int
        @param_msg_send_month: month to send this message on
        @type msg_send_month: year
        @param_msg_send_day: day to send this message on
        @type msg_send_day: int
        @param results_field: value determining which results field to display.
                              See CFG_WEBMESSAGE_RESULTS_FIELD in
                              webmessage_config.py.
        @param names_to_add: list of usernames to add to
                             msg_to_user / group.
        @type names_to_add: list of strings
        @param search_pattern: will search for users/groups with this pattern.
        @type search_pattern: string
        @param add_values: if 1 users_to_add will be added to msg_to_user
                           field.
        @type add_values: int
        @param *button: which button was pressed.
        @param ln: language.
        @type ln: string
        @return: body.
        """
        argd = wash_urlargd(form, {'msg_to_user': (str, ""),
                                   'msg_to_group': (str, ""),
                                   'msg_subject': (str, ""),
                                   'msg_body': (str, ""),
                                   'msg_send_year': (int, 0),
                                   'msg_send_month': (int, 0),
                                   'msg_send_day': (int, 0),
                                   'results_field': (str,
                                        CFG_WEBMESSAGE_RESULTS_FIELD['NONE']),
                                   'names_selected': (list, []),
                                   'search_pattern': (str, ""),
                                   'send_button': (str, ""),
                                   'search_user': (str, ""),
                                   'search_group': (str, ""),
                                   'add_user': (str, ""),
                                   'add_group': (str, ""),
                                   })
        # Check if user is logged
        uid = getUid(req)
        _ = gettext_set_language(argd['ln'])
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourmessages/send" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="yourmessages")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd({
                    'referer' : "%s/yourmessages/send%s" % (
                        CFG_SITE_URL,
                        make_canonical_urlargd(argd, {})),
                    "ln" : argd['ln']}, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_usemessages']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use messages."))

        if argd['send_button']:
            (body, title, navtrail) = perform_request_send(
                            uid=uid,
                            msg_to_user=argd['msg_to_user'],
                            msg_to_group=argd['msg_to_group'],
                            msg_subject=escape_html(argd['msg_subject']),
                            msg_body=escape_email_quoted_text(argd['msg_body']),
                            msg_send_year=argd['msg_send_year'],
                            msg_send_month=argd['msg_send_month'],
                            msg_send_day=argd['msg_send_day'],
                            ln=argd['ln'])
        else:
            title = _('Write a message')
            navtrail = get_navtrail(argd['ln'], title)
            if argd['search_user']:
                argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['USER']
            elif argd['search_group']:
                argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['GROUP']
            add_values = 0
            if argd['add_group'] or argd['add_user']:
                add_values = 1
            body = perform_request_write_with_search(
                            uid=uid,
                            msg_to_user=argd['msg_to_user'],
                            msg_to_group=argd['msg_to_group'],
                            msg_subject=escape_html(argd['msg_subject']),
                            msg_body=escape_email_quoted_text(argd['msg_body']),
                            msg_send_year=argd['msg_send_year'],
                            msg_send_month=argd['msg_send_month'],
                            msg_send_day=argd['msg_send_day'],
                            names_selected=argd['names_selected'],
                            search_pattern=argd['search_pattern'],
                            results_field=argd['results_field'],
                            add_values=add_values,
                            ln=argd['ln'])
        return page(title       = title,
                    body        = body,
                    navtrail    = navtrail,
                    uid         = uid,
                    lastupdated = __lastupdated__,
                    req         = req,
                    language    = argd['ln'],
                    navmenuid   = "yourmessages",
                    secure_page_p=1)
    def send(self, req, form):
        """
        Sends the message.

        Possible form keys:
        @param msg_to_user: comma separated usernames.
        @type msg_to_user: string
        @param msg_to_group: comma separated groupnames.
        @type msg_to_group: string
        @param msg_subject: message subject.
        @type msg_subject: string
        @param msg_body: message body.
        @type msg_body: string
        @param msg_send_year: year to send this message on.
        @type msg_send_year: int
        @param_msg_send_month: month to send this message on
        @type msg_send_month: year
        @param_msg_send_day: day to send this message on
        @type msg_send_day: int
        @param results_field: value determining which results field to display.
                              See CFG_WEBMESSAGE_RESULTS_FIELD in
                              webmessage_config.py.
        @param names_to_add: list of usernames to add to
                             msg_to_user / group.
        @type names_to_add: list of strings
        @param search_pattern: will search for users/groups with this pattern.
        @type search_pattern: string
        @param add_values: if 1 users_to_add will be added to msg_to_user
                           field.
        @type add_values: int
        @param *button: which button was pressed.
        @param ln: language.
        @type ln: string
        @return: a (body, errors, warnings) formed tuple.
        @rtype: tuple
        """
        argd = wash_urlargd(
            form,
            {
                "msg_to_user": (str, ""),
                "msg_to_group": (str, ""),
                "msg_subject": (str, ""),
                "msg_body": (str, ""),
                "msg_send_year": (int, 0),
                "msg_send_month": (int, 0),
                "msg_send_day": (int, 0),
                "results_field": (str, CFG_WEBMESSAGE_RESULTS_FIELD["NONE"]),
                "names_selected": (list, []),
                "search_pattern": (str, ""),
                "send_button": (str, ""),
                "search_user": (str, ""),
                "search_group": (str, ""),
                "add_user": (str, ""),
                "add_group": (str, ""),
            },
        )
        # Check if user is logged
        uid = getUid(req)
        _ = gettext_set_language(argd["ln"])
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourmessages/send" % (CFG_SITE_URL,), navmenuid="yourmessages")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req,
                "%s/youraccount/login%s"
                % (
                    CFG_SITE_SECURE_URL,
                    make_canonical_urlargd(
                        {
                            "referer": "%s/yourmessages/send%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})),
                            "ln": argd["ln"],
                        },
                        {},
                    ),
                ),
            )

        user_info = collect_user_info(req)
        if not user_info["precached_usemessages"]:
            return page_not_authorized(req, "../", text=_("You are not authorized to use messages."))

        if argd["send_button"]:
            (body, errors, warnings, title, navtrail) = perform_request_send(
                uid=uid,
                msg_to_user=argd["msg_to_user"],
                msg_to_group=argd["msg_to_group"],
                msg_subject=escape_html(argd["msg_subject"]),
                msg_body=escape_email_quoted_text(argd["msg_body"]),
                msg_send_year=argd["msg_send_year"],
                msg_send_month=argd["msg_send_month"],
                msg_send_day=argd["msg_send_day"],
                ln=argd["ln"],
            )
        else:
            title = _("Write a message")
            navtrail = get_navtrail(argd["ln"], title)
            if argd["search_user"]:
                argd["results_field"] = CFG_WEBMESSAGE_RESULTS_FIELD["USER"]
            elif argd["search_group"]:
                argd["results_field"] = CFG_WEBMESSAGE_RESULTS_FIELD["GROUP"]
            add_values = 0
            if argd["add_group"] or argd["add_user"]:
                add_values = 1
            (body, errors, warnings) = perform_request_write_with_search(
                uid=uid,
                msg_to_user=argd["msg_to_user"],
                msg_to_group=argd["msg_to_group"],
                msg_subject=escape_html(argd["msg_subject"]),
                msg_body=escape_email_quoted_text(argd["msg_body"]),
                msg_send_year=argd["msg_send_year"],
                msg_send_month=argd["msg_send_month"],
                msg_send_day=argd["msg_send_day"],
                names_selected=argd["names_selected"],
                search_pattern=argd["search_pattern"],
                results_field=argd["results_field"],
                add_values=add_values,
                ln=argd["ln"],
            )
        return page(
            title=title,
            body=body,
            navtrail=navtrail,
            uid=uid,
            lastupdated=__lastupdated__,
            req=req,
            language=argd["ln"],
            errors=errors,
            warnings=warnings,
            navmenuid="yourmessages",
        )