def option(files, label=None, deleted=False, channel=None):
# Make sure that if there's a non-disabled version,
# that's the one we use for the ID.
files.sort(lambda a, b: ((a.status == amo.STATUS_DISABLED) -
(b.status == amo.STATUS_DISABLED)))
if label is None:
label = u', '.join(f.get_platform_display() for f in files)
output = [u'<option value="', jinja2.escape(files[0].id), u'" ']
if selected in files:
output.append(u' selected="true"')
status = set(u'status-%s' % amo.STATUS_CHOICES_API[f.status]
for f in files)
if deleted:
status.update([u'status-deleted'])
if channel:
if channel == amo.RELEASE_CHANNEL_LISTED:
label += ' [AMO]'
elif channel == amo.RELEASE_CHANNEL_UNLISTED:
label += ' [Self]'
output.extend((u' class="', jinja2.escape(' '.join(status)), u'"'))
output.extend((u'>', jinja2.escape(label), u'</option>\n'))
return output
def SetupChromiumPages(webstatus, tagComparator=None):
"""Add customizations to default web reporting."""
def _tick_filter(n, stride):
n = ((n / stride) + 1) * stride
return filter(lambda x: x % (n/stride) == 0, range(n+1))
orig_shortrev = webstatus.templates.filters['shortrev']
webstatus.templates.filters.update(
{ 'shortrev': lambda rev, repo: orig_shortrev(rev, repo).rstrip('.'),
'longrev': lambda x, y: jinja2.escape(unicode(x)),
'numstrip': lambda x: jinja2.escape(unicode(x.lstrip('0123456789'))),
'quote': urllib.quote,
'max': lambda x: reduce(max, x, 0),
'average': lambda x: float(sum(x)) / float(max(len(x), 1)),
'ticks': lambda x: ["{v:%d}" % y for y in _tick_filter(x, 12)],
'addlinks': lambda x: re.sub(r'(http://[^\s@]+)', r'<a href="\1">\1</a>', x),
'fixname': lambda x: x.translate(None, ' -():'),
'extract_index': lambda x, i: [y[i] for y in x] })
console_ = ConsoleStatusResource(
orderByTime=webstatus.orderConsoleByTime,
tagComparator=tagComparator)
webstatus.putChild("stats", stats.StatsStatusResource())
webstatus.putChild("waterfall", WaterfallStatusResource())
webstatus.putChild("console", console_)
webstatus.putChild("grid", console_)
webstatus.putChild("tgrid", console_)
webstatus.putChild("horizontal_one_box_per_builder",
HorizontalOneBoxPerBuilder())
return webstatus
def account(acc):
app_names = (', '.join(unicode(apa.addon.name)
for apa in acc.addonpaymentaccount_set.all()
if hasattr(apa, 'addon')))
provider = acc.get_provider()
data = {
'account-url':
reverse('mkt.developers.provider.payment_account',
args=[acc.pk]),
'agreement-url': acc.get_agreement_url(),
'agreement': 'accepted' if acc.agreed_tos else 'rejected',
'app-names': jinja2.escape(app_names),
'delete-url':
reverse('mkt.developers.provider.delete_payment_account',
args=[acc.pk]),
'id': acc.pk,
'name': jinja2.escape(unicode(acc)),
'provider': provider.name,
'provider-full': unicode(provider.full),
'shared': acc.shared,
}
if waffle.switch_is_active('bango-portal') and app_slug:
data['portal-url'] = reverse(
'mkt.developers.apps.payments.bango_portal_from_addon',
args=[app_slug])
return data
def test_current_battle(self):
self.pvp_create_battle(self.account_2, self.account_1, BATTLE_1X1_STATE.PROCESSING)
self.check_html_ok(self.client.get(reverse('game:pvp:calls')), texts=[('pgf-no-calls-message', 1),
('pgf-no-current-battles-message', 0),
('pgf-accept-battle', 0),
jinja2.escape(self.hero_1.name),
jinja2.escape(self.hero_2.name)])
def author_to_user(author, size=16, cssclass=None, with_name=True):
""" Template filter transforming a pygit2 Author object into a text
either with just the username or linking to the user in pagure.
"""
output = escape(author.name)
if not author.email:
return output
user = pagure.lib.query.search_user(flask.g.session, email=author.email)
if user:
output = (
"%(avatar)s <a title='%(name)s' href='%(url)s' "
"%(cssclass)s>%(username)s</a>"
)
if not with_name:
output = (
"<a title='%(name)s' href='%(url)s' "
"%(cssclass)s>%(avatar)s</a>"
)
output = output % (
{
"avatar": avatar(user.default_email, size),
"url": flask.url_for(
"ui_ns.view_user", username=user.username
),
"cssclass": ('class="%s"' % cssclass) if cssclass else "",
"username": user.username,
"name": escape(author.name),
}
)
return output
def check_heroes(self):
result, account_id, bundle_id = register_user('test_user', '*****@*****.**', '111111')
hero_1 = HeroPrototype.get_by_account_id(account_id)
result, account_id, bundle_id = register_user('test_user_2', '*****@*****.**', '111111')
hero_2 = HeroPrototype.get_by_account_id(account_id)
result, account_id, bundle_id = register_user('test_user_3', '*****@*****.**', '111111')
hero_3 = HeroPrototype.get_by_account_id(account_id)
hero_1.premium_state_end_at = datetime.datetime.now() + datetime.timedelta(seconds=60)
hero_1.preferences.set_place(self.place_1)
hero_1.preferences.set_friend(self.place_1.persons[0])
hero_1.preferences.set_enemy(self.place_1.persons[-1])
hero_1.save()
hero_2.premium_state_end_at = datetime.datetime.now() + datetime.timedelta(seconds=60)
hero_2.preferences.set_place(self.place_1)
hero_2.preferences.set_friend(self.place_1.persons[-1])
hero_2.preferences.set_enemy(self.place_1.persons[0])
hero_2.save()
hero_3.preferences.set_place(self.place_1)
hero_3.preferences.set_friend(self.place_1.persons[-1])
hero_3.preferences.set_enemy(self.place_1.persons[0])
hero_3.save()
texts = [(jinja2.escape(hero_1.name), 3),
(jinja2.escape(hero_2.name), 3),
(jinja2.escape(hero_3.name), 0)]
self.check_html_ok(self.request_html(url('game:map:places:show', self.place_1.id)), texts=texts)
def title(self):
"""Return a title for this annotation.
Return the annotated document's title or if the document has no title
then return its filename (if it's a file:// URI) or its URI for
non-file URIs.
The title is escaped and safe to be rendered.
If it contains escaped characters then the title will be a
Markup object, so that it won't be double-escaped.
"""
document_ = self.annotation.document
if document_:
title = document_.title
if title:
# Convert non-string titles into strings.
# We're assuming that title cannot be a byte string.
title = text_type(title)
return jinja2.escape(title)
if self.filename:
return jinja2.escape(urllib2.unquote(self.filename))
else:
return jinja2.escape(urllib2.unquote(self.uri))
def description(self):
"""An HTML-formatted description of this annotation.
The description contains the target text that the user selected to
annotate, as a <blockquote>, and the body text of the annotation
itself.
"""
def get_selection():
selectors = self.annotation.target_selectors
for selector in selectors:
if "exact" in selector:
return selector["exact"]
description = ""
selection = get_selection()
if selection:
selection = jinja2.escape(selection)
description += "<blockquote>{selection}</blockquote>".format(
selection=selection)
text = self.annotation.text
if text:
text = jinja2.escape(text)
description += "{text}".format(text=text)
return description
def test_markup_operations(self):
# adding two strings should escape the unsafe one
unsafe = '<script type="application/x-some-script">alert("foo");</script>'
safe = Markup('<em>username</em>')
assert unsafe + safe == text_type(escape(unsafe)) + text_type(safe)
# string interpolations are safe to use too
assert Markup('<em>%s</em>') % '<bad user>' == \
'<em><bad user></em>'
assert Markup('<em>%(username)s</em>') % {
'username': '******'
} == '<em><bad user></em>'
# an escaped object is markup too
assert type(Markup('foo') + 'bar') is Markup
# and it implements __html__ by returning itself
x = Markup("foo")
assert x.__html__() is x
# it also knows how to treat __html__ objects
class Foo(object):
def __html__(self):
return '<em>awesome</em>'
def __unicode__(self):
return 'awesome'
assert Markup(Foo()) == '<em>awesome</em>'
assert Markup('<strong>%s</strong>') % Foo() == \
'<strong><em>awesome</em></strong>'
# escaping and unescaping
assert escape('"<>&\'') == '"<>&''
assert Markup("<em>Foo & Bar</em>").striptags() == "Foo & Bar"
assert Markup("<test>").unescape() == "<test>"
def _print_row(self):
try:
identifier = "%s_%s" % (self[4].id, self[2])
## for titles ajax fetching
title = '<span class="ajax_changeable" data-id="%s">%s</span>' % (identifier, escape(self[5]))
except AttributeError as e:
title = "Multiple entries"
row = [
escape(self._mos(self[0], "name")),
escape(self._mos(self[1], "name")),
self[2],
escape(self._mos(self[3], "name")),
title,
self._mos(self[6], lambda x: x.strftime("%d.%m.%Y")),
comma_number(self[7]),
]
for i, entry in enumerate(row):
if entry == "Multiple entries":
row[i] = "<b>Multiple entries</b>"
if self._subrows:
row[-1] = "<b>%s</b>" % row[-1]
return row
def report_for_one_test(self, rows, case_id, test_num, status,
test_case, output, trace):
"""
Generate the HTML for one test's results.
"""
# Test description.
name = test_case.id().split('.')[-1]
test_id = name + '_%d' % test_num
doc = test_case.shortDescription() or ''
desc = jinja2.escape(doc and ('%s: %s' % (name, doc)) or name)
# Include output, syntax-highlight tracebacks.
out_trace = ''
for x in [output, trace]:
if isinstance(x, str):
x = unicode(x.encode('string_escape'))
# x = x.decode('latin-1')
trace = highlight(trace, self.trace_lexer, self.formatter)
out_trace = jinja2.escape(output) + jinja2.Markup(trace)
test_class = ''
if status == _TestResult.PASS:
status = 'pass'
test_class += 'hidden '
elif status == _TestResult.FAIL:
status = 'fail'
else:
status = 'error'
test_class += 'test_' + status
rows.append(REPORT_TEST_TMPL.render(locals()))
def hidden_tag(self, *fields):
"""
Wraps hidden fields in a hidden DIV tag, in order to keep XHTML
compliance.
.. versionadded:: 0.3
:param fields: list of hidden field names. If not provided will render
all hidden fields, including the CSRF field.
"""
if not fields:
fields = [f for f in self if _is_hidden(f)]
name = current_app.config.get('WTF_HIDDEN_TAG', 'div')
attrs = current_app.config.get(
'WTF_HIDDEN_TAG_ATTRS', {'style': 'display:none;'})
tag_attrs = u' '.join(
u'%s="%s"' % (escape(k), escape(v)) for k, v in attrs.items())
tag_start = u'<%s %s>' % (escape(name), tag_attrs)
tag_end = u'</%s>' % escape(name)
rv = [tag_start]
for field in fields:
if isinstance(field, string_types):
field = getattr(self, field)
rv.append(text_type(field))
rv.append(tag_end)
return Markup(u"".join(rv))
def highlight_matches(text, base, class_='match', stopword_class='stopword'):
def clean_word(s):
for char in '"\'():|[]{}':
s = s.replace(char, '')
return s
base_tokens = [clean_word(x) for x in base.lower().split()]
words = []
tokens = text.split()
for word in tokens:
if clean_word(word.lower()) in base_tokens:
css_class = class_
elif clean_word(word.lower()) in STOPWORDS or word in '-?':
css_class = stopword_class
else:
css_class = ''
if css_class:
words.append('<span class="%s">%s</span>' % (
css_class,
jinja2.escape(word)
))
else:
words.append(jinja2.escape(word))
return jinja2.Markup(' '.join(words))
def option(files, label=None):
addon = files[0].version.addon
# Make sure that if there's a non-disabled version,
# that's the one we use for the ID.
files.sort(lambda a, b: ((a.status == amo.STATUS_DISABLED) -
(b.status == amo.STATUS_DISABLED)))
if label is None:
label = u', '.join(unicode(os.platform) for os in f)
output = [u'<option value="', jinja2.escape(files[0].id), u'" ']
if files[0].status == amo.STATUS_DISABLED:
# Disabled files can be diffed on Marketplace.
if addon.type != amo.ADDON_WEBAPP:
output.append(u' disabled')
if selected in files:
output.append(u' selected="true"')
status = set(u'status-%s' % amo.STATUS_CHOICES_API[f.status]
for f in files)
output.extend((u' class="', jinja2.escape(' '.join(status)), u'"'))
if addon.type == amo.ADDON_WEBAPP:
# Extend apps to show file status in selects.
label += ' (%s)' % amo.STATUS_CHOICES_API[f.status]
output.extend((u'>', jinja2.escape(label), u'</option>\n'))
return output
def pmailto(address, linkcontent=None):
if not linkcontent:
return Markup(u'<a class="oe-link" data-oe="{}">(hidden)</a>'.format(escape(obscure(address))))
else:
return Markup(
u'<a class="oe-link" data-oe="{}" data-keep="1">{}</a>'.format(escape(obscure(address)), linkcontent)
)
def format_index_name(name):
while True:
m = _attr_re.match(name)
if m:
name, left, loc, right = m.group("name","left", "loc", "right")
type = "attribute"
break
m = _meth_re.match(name)
if m:
name, left, loc, right = m.group("name","left", "loc", "right")
type = "method"
break
m = _fc_re.match(name)
if m:
name, left, loc, right = m.group("name","left", "loc", "right")
if left.startswith("class"):
type = "class"
else:
type = "function"
break
m = _mod_re.match(name)
if m:
name = m.group("name")
left = "module"
loc = right = ''
type = "module"
break
return name
if loc:
loc = literal('<span class="location">') + escape(loc) + literal("</span>")
cat = left + loc + right
return escape(name) + literal('<span class="category ' + type + '">') + escape(cat) + literal("</span>")
def account(acc):
def payment_account_names(app):
account_names = [unicode(acc.payment_account)
for acc in app.all_payment_accounts()]
return (unicode(app.name), account_names)
addon_payment_accounts = acc.addonpaymentaccount_set.all()
associated_apps = [apa.addon
for apa in addon_payment_accounts
if hasattr(apa, 'addon')]
app_names = u', '.join(unicode(app.name) for app in associated_apps)
app_payment_accounts = json.dumps(dict([payment_account_names(app)
for app in associated_apps]))
provider = acc.get_provider()
data = {
'account-url': reverse('mkt.developers.provider.payment_account',
args=[acc.pk]),
'agreement-url': acc.get_agreement_url(),
'agreement': 'accepted' if acc.agreed_tos else 'rejected',
'current-app-name': jinja2.escape(app_name),
'app-names': jinja2.escape(app_names),
'app-payment-accounts': jinja2.escape(app_payment_accounts),
'delete-url': reverse(
'mkt.developers.provider.delete_payment_account',
args=[acc.pk]),
'id': acc.pk,
'name': jinja2.escape(unicode(acc)),
'provider': provider.name,
'provider-full': unicode(provider.full),
'shared': acc.shared,
'portal-url': provider.get_portal_url(app_slug)
}
return data
def osm_map(eval_ctx, loc, **kw):
lat = loc["latitude"]
lng = loc["longitude"]
layer = kw.pop("layer", "mapnik")
attrs = dict(_osm_default_attrs)
attrs.update(kw)
bbox = [lng-LNG_PADDING, lat-LAT_PADDING, lng+LNG_PADDING, lat+LAT_PADDING]
params = {
"bbox": ",".join([str(p) for p in bbox]),
"layer": layer,
"marker": "%f,%f" % (lat, lng),
}
html_attrs = " ".join(
['%s="%s"' % (escape(k), escape(v)) for k, v in attrs.items()])
iframe = MAP_FMT.format(
attrs=html_attrs, params=urlencode(params), root=ROOT)
if eval_ctx.autoescape:
return Markup(iframe)
return iframe
def option(files, label=None):
# Make sure that if there's a non-disabled version,
# that's the one we use for the ID.
files.sort(lambda a, b: ((a.status == mkt.STATUS_DISABLED) -
(b.status == mkt.STATUS_DISABLED)))
if label is None:
label = _('All')
output = [u'<option value="', jinja2.escape(files[0].id), u'" ']
if files[0].status == mkt.STATUS_DISABLED:
# Disabled files can be diffed on Marketplace.
output.append(u' disabled')
if selected in files:
output.append(u' selected="true"')
status = set(u'status-%s' % mkt.STATUS_CHOICES_API[f.status]
for f in files)
output.extend((u' class="', jinja2.escape(' '.join(status)), u'"'))
# Extend apps to show file status in selects.
label += ' (%s)' % mkt.STATUS_CHOICES_API[f.status]
output.extend((u'>', jinja2.escape(label), u'</option>\n'))
return output
def checkwords_filter(text, lang, known_words):
# hack to keep quotation marks
text = str(text)
text = text.replace('"', '"')
text = text.replace(''', "'")
#stemmer = sprakit.stemming.get_stemmer(lang)
tokenizer = sprakit.tokenizing.get_tokenizer(lang)
words = []
highlight_text = []
last_end = 0
for i, (start, end) in enumerate(tokenizer.span_tokenize(text)):
word = escape(text[start:end])
#stemmed_word = stemmer.stem(word)
#stemmed_word = stemmed_word.strip('"\'.,;').lower()
stemmed_word = escape(word.lower())
# consider all words known at first
highlight_word = Markup('<input type="checkbox" name="word_') + stemmed_word + Markup('" id="' + str(i) + '"/><label for="' + str(i) + '" class="known">') + word + Markup('</label>')
if start > last_end:
highlight_text.append(escape(text[last_end:start]))
highlight_text.append(highlight_word)
last_end = end
if len(text) > last_end:
highlight_text.append(escape(text[last_end:]))
highlight_text_str = ''.join(highlight_text)
highlight_text_str = highlight_text_str.replace('\n', '<br/>')
return Markup(highlight_text_str)
def product_as_dict(request, product, purchased=None, receipt_type=None,
src=''):
# Dev environments might not have authors set.
author = ''
author_url = ''
if product.listed_authors:
author = product.listed_authors[0].name
author_url = product.listed_authors[0].get_url_path()
url = (reverse('receipt.issue', args=[product.app_slug])
if receipt_type else product.get_detail_url('record'))
src = src or request.GET.get('src', '')
reviewer = receipt_type == 'reviewer'
ret = {
'id': product.id,
'name': product.name,
'categories': [unicode(cat.name) for cat in
product.categories.all()],
'manifest_url': product.get_manifest_url(reviewer),
'recordUrl': urlparams(url, src=src),
'author': author,
'author_url': author_url,
'iconUrl': product.get_icon_url(64),
'is_packaged': product.is_packaged,
'src': src
}
# Add in previews to the dict.
if product.all_previews:
previews = []
for p in product.all_previews:
preview = {
'fullUrl': jinja2.escape(p.image_url),
'type': jinja2.escape(p.filetype),
'thumbUrl': jinja2.escape(p.thumbnail_url),
'caption': jinja2.escape(p.caption) if p.caption else ''
}
previews.append(preview)
ret.update({'previews': previews})
if product.has_price():
ret.update({
'price': product.premium.get_price() or '0',
'priceLocale': product.premium.get_price_locale(),
})
currencies = product.premium.supported_currencies()
if len(currencies) > 1 and waffle.switch_is_active('currencies'):
currencies_dict = dict([(k, v.get_price_locale())
for k, v in currencies])
ret['currencies'] = json.dumps(currencies_dict, cls=JSONEncoder)
if request.amo_user:
ret['isPurchased'] = purchased
# Jinja2 escape everything except this whitelist so that bool is retained
# for the JSON encoding.
wl = ('isPurchased', 'price', 'currencies', 'categories', 'previews',
'is_packaged')
return dict([k, jinja2.escape(v) if k not in wl else v]
for k, v in ret.items())
def get_nl2br(value, make_urls=True):
"""
Splits the provided string into paragraph tags based on the
line breaks within it and returns the escaped result.
Args:
value: The string to process.
make_urls: If True, will attempt to convert any URLs
in the string to full links.
Returns:
The processed, escaped string.
"""
# We need to surround each split paragraph with a <p> tag,
# because otherwise Jinja ignores the result. See the PR for #254.
if make_urls:
return u'\n\n'.join(
u'<p>%s</p>' %
urlize(p, nofollow=True, target='_blank').
replace('\n', Markup('<br>\n'))
for p in _paragraph_re.split(escape(value)))
else:
return u'\n\n'.join(
u'<p>%s</p>' %
p.replace('\n', Markup('<br>\n'))
for p in _paragraph_re.split(escape(value)))
def html_options(**kwds):
if not kwds:
return u''
opts = []
for n, v in kwds.items():
opts.append(u'%s="%s"' % (jinja2.escape(n), jinja2.escape(v)))
return jinja2.Markup(u' '.join(opts))
def account(acc):
def payment_account_names(app):
account_names = [unicode(acc.payment_account) for acc in app.all_payment_accounts()]
return (unicode(app.name), account_names)
addon_payment_accounts = acc.addonpaymentaccount_set.all()
associated_apps = [apa.addon for apa in addon_payment_accounts if hasattr(apa, "addon")]
app_names = u", ".join(unicode(app.name) for app in associated_apps)
app_payment_accounts = json.dumps(dict([payment_account_names(app) for app in associated_apps]))
provider = acc.get_provider()
data = {
"account-url": reverse("mkt.developers.provider.payment_account", args=[acc.pk]),
"agreement-url": acc.get_agreement_url(),
"agreement": "accepted" if acc.agreed_tos else "rejected",
"current-app-name": jinja2.escape(app_name),
"app-names": jinja2.escape(app_names),
"app-payment-accounts": jinja2.escape(app_payment_accounts),
"delete-url": reverse("mkt.developers.provider.delete_payment_account", args=[acc.pk]),
"id": acc.pk,
"name": jinja2.escape(unicode(acc)),
"provider": provider.name,
"provider-full": unicode(provider.full),
"shared": acc.shared,
"portal-url": provider.get_portal_url(app_slug),
}
return data
def title(self):
"""Return a title for this annotation.
Return the annotated document's title or if the document has no title
then return its filename (if it's a file:// URI) or its URI for
non-file URIs.
The title is escaped and safe to be rendered.
If it contains escaped characters then the title will be a
Markup object, so that it won't be double-escaped.
"""
document_ = self.annotation.document
if document_:
try:
title = document_["title"]
except (KeyError, TypeError):
# Sometimes document_ has no "title" key or isn't a dict at
# all.
title = u""
if title:
# Convert non-string titles into strings.
# We're assuming that title cannot be a byte string.
title = unicode(title)
return jinja2.escape(title)
if self.filename:
return jinja2.escape(urllib2.unquote(self.filename))
else:
return jinja2.escape(urllib2.unquote(self.uri))
def revisions(request):
"""Dashboard for reviewing revisions"""
if request.is_ajax():
username = request.GET.get('user', None)
locale = request.GET.get('locale', None)
topic = request.GET.get('topic', None)
display_start = int(request.GET.get('iDisplayStart', 0))
revisions = (Revision.objects.select_related('creator').all()
.order_by('-created'))
# apply filters, limits, and pages
if username:
revisions = (revisions
.filter(creator__username__istartswith=username))
if locale:
revisions = revisions.filter(document__locale=locale)
if topic:
revisions = revisions.filter(slug__icontains=topic)
total = revisions.count()
revisions = revisions[display_start:display_start + PAGE_SIZE]
# build the master JSON
revision_json = {
'iTotalRecords': total,
'iTotalDisplayRecords': total,
'aaData': []
}
for rev in revisions:
prev = rev.get_previous()
from_rev = str(prev.id if prev else rev.id)
doc_url = reverse('wiki.document', args=[rev.document.full_path], locale=rev.document.locale)
articleUrl = '<a href="%s" target="_blank">%s</a>' % (doc_url, jinja2.escape(rev.document.slug))
articleLocale = '<span class="dash-locale">%s</span>' % rev.document.locale
articleComment = '<span class="dashboard-comment">%s</span>' % format_comment(rev)
articleIsNew = '<span class="dashboard-new">New: </span>' if rev.based_on_id is None else ''
richTitle = articleIsNew + articleUrl + articleLocale + articleComment
revision_json['aaData'].append({
'id': rev.id,
'prev_id': from_rev,
'doc_url': doc_url,
'edit_url': reverse('wiki.edit_document', args=[rev.document.full_path], locale=rev.document.locale),
'compare_url': reverse('wiki.compare_revisions', args=[rev.document.full_path]) + '?from=%s&to=%s&raw=1' % (from_rev, str(rev.id)),
'revert_url': reverse('wiki.revert_document', args=[rev.document.full_path, rev.id]),
'history_url': reverse('wiki.document_revisions', args=[rev.document.full_path], locale=rev.document.locale),
'creator': '<a href="" class="creator">%s</a>' % jinja2.escape(rev.creator.username),
'title': rev.title,
'richTitle': richTitle,
'date': rev.created.strftime('%b %d, %y - %H:%M'),
'slug': rev.document.slug
})
result = json.dumps(revision_json)
return HttpResponse(result, mimetype='application/json')
return jingo.render(request, 'dashboards/revisions.html')
def hostname_or_filename(self):
"""
Return the hostname or filename of this document.
Returns the hostname part of the document's URI, e.g.
'www.example.com' for 'http://www.example.com/example.html'.
If the URI is a file:// URI then return the filename part of it
instead.
The returned hostname or filename is escaped and safe to be rendered.
If it contains escaped characters the returned value will be a Markup
object so that it doesn't get double-escaped.
"""
if self.filename:
return jinja2.escape(url_unquote(self.filename))
else:
hostname = urlparse.urlparse(self.uri).hostname
# urlparse()'s .hostname is sometimes None.
hostname = hostname or ''
return jinja2.escape(hostname)
def views_query(db=None):
names, dbs_table = get_dbs_table(current_user.home, db)
obj = []
if db:
db_uri, session, metadata = init_db(current_user.home, db)
if not db_uri:
flash("База данных не существует: {0}".format(db), 'error')
return render_template('p/empty.html')
sqltemplates = SQLTemplate.query.all()
sqltemplates = sorted(sqltemplates, key=lambda row: row.id)
table_names = ['SQL query', 'Description']
table_rows = [[Markup('<a href="{0}">{1}</a>'.format(url_for('views_query_db_id', db=escape(db), id=sqltemplate.id),
escape(sqltemplate.name) if sqltemplate.name else "<{0}>".format(sqltemplate.id))),
Markup('<a href="{0}">{1}</a>'.format(url_for('views_query_db_dump', db=escape(db), id=sqltemplate.id),
escape(sqltemplate.description) if sqltemplate.description else '>'))
] for sqltemplate in sqltemplates]
obj.append((table_names, table_rows, db, ''))
return render_template('db/index.html',
title = 'Databases',
names = names,
rows = dbs_table,
obj = obj,
)
def config_value(view, context, model, name):
property = getattr(model, name)
if len(property) > 80:
fmt = ('<span style="cursor:pointer" class="needShowFullInfo" '
'data-full="{}">{}...</span>')
property = Markup(fmt).format(escape(property), escape(property[:80]))
return property
def group_link(group):
try:
profile = GroupProfile.objects.get(group=group)
url = reverse('groups.profile', args=[profile.slug])
html = '<a href="%s">%s</a>' % (escape(url), escape(group.name))
return Markup(html)
except GroupProfile.DoesNotExist:
return group.name
def __str__(self):
return jinja2.escape(self.version)
def replacement_unmatched(text):
return jinja2.escape(text)
def changelinkfilter(changelink):
''' Returns function that does regex search/replace in
comments to add links to bug ids and similar.
@param changelink:
Either C{None}
or: a tuple (2 or 3 elements)
1. a regex to match what we look for
2. an url with regex refs (\g<0>, \1, \2, etc) that becomes the 'href' attribute
3. (optional) an title string with regex ref regex
or: a dict mapping projects to above tuples
(no links will be added if the project isn't found)
or: a callable taking (changehtml, project) args
(where the changetext is HTML escaped in the
form of a jinja2.Markup instance) and
returning another jinja2.Markup instance with
the same change text plus any HTML tags added to it.
'''
assert not changelink or isinstance(changelink, dict) or \
isinstance(changelink, tuple) or callable(changelink)
def replace_from_tuple(t):
search, url_replace = t[:2]
if len(t) == 3:
title_replace = t[2]
else:
title_replace = ''
search_re = re.compile(search)
def replacement_unmatched(text):
return jinja2.escape(text)
def replacement_matched(mo):
# expand things *after* application of the regular expressions
url = jinja2.escape(mo.expand(url_replace))
title = jinja2.escape(mo.expand(title_replace))
body = jinja2.escape(mo.group())
if title:
return '<a href="%s" title="%s">%s</a>' % (url, title, body)
else:
return '<a href="%s">%s</a>' % (url, body)
def filter(text, project):
# now, we need to split the string into matched and unmatched portions,
# quoting the unmatched portions directly and quoting the components of
# the 'a' element for the matched portions. We can't use re.split here,
# because the user-supplied patterns may have multiple groups.
html = []
last_idx = 0
for mo in search_re.finditer(text):
html.append(replacement_unmatched(text[last_idx:mo.start()]))
html.append(replacement_matched(mo))
last_idx = mo.end()
html.append(replacement_unmatched(text[last_idx:]))
return jinja2.Markup(''.join(html))
return filter
if not changelink:
return lambda text, project: jinja2.escape(text)
elif isinstance(changelink, dict):
def dict_filter(text, project):
# TODO: Optimize and cache return value from replace_from_tuple so
# we only compile regex once per project, not per view
t = changelink.get(project)
if t:
return replace_from_tuple(t)(text, project)
else:
return cgi.escape(text)
return dict_filter
elif isinstance(changelink, tuple):
return replace_from_tuple(changelink)
elif callable(changelink):
def callable_filter(text, project):
text = jinja2.escape(text)
return changelink(text, project)
return callable_filter
assert False, 'changelink has unsupported type, but that is checked before'
def contribute(request, addon):
# Enforce paypal-imposed comment length limit
commentlimit = PAYPAL_MAX_COMMENT_LENGTH
contrib_type = request.POST.get('type', 'suggested')
is_suggested = contrib_type == 'suggested'
source = request.POST.get('source', '')
comment = request.POST.get('comment', '')
amount = {
'suggested': addon.suggested_amount,
'onetime': request.POST.get('onetime-amount', '')
}.get(contrib_type, '')
if not amount:
amount = settings.DEFAULT_SUGGESTED_CONTRIBUTION
form = ContributionForm({'amount': amount})
if len(comment) > commentlimit or not form.is_valid():
return http.HttpResponse(json.dumps({'error': 'Invalid data.',
'status': '', 'url': '',
'paykey': ''}),
content_type='application/json')
contribution_uuid = hashlib.md5(str(uuid.uuid4())).hexdigest()
if addon.charity:
# TODO(andym): Figure out how to get this in the addon authors
# locale, rather than the contributors locale.
name, paypal_id = (u'%s: %s' % (addon.name, addon.charity.name),
addon.charity.paypal)
else:
name, paypal_id = addon.name, addon.paypal_id
# l10n: {0} is the addon name
contrib_for = _(u'Contribution for {0}').format(jinja2.escape(name))
paykey, error, status = '', '', ''
try:
paykey, status = paypal.get_paykey(
dict(amount=amount,
email=paypal_id,
ip=request.META.get('REMOTE_ADDR'),
memo=contrib_for,
pattern='addons.paypal',
slug=addon.slug,
uuid=contribution_uuid))
except paypal.PaypalError as error:
log.error(
'Error getting paykey, contribution for addon '
'(addon: %s, contribution: %s)'
% (addon.pk, contribution_uuid), exc_info=True)
if paykey:
contrib = Contribution(addon_id=addon.id, charity_id=addon.charity_id,
amount=amount, source=source,
source_locale=request.LANG,
annoying=addon.annoying,
uuid=str(contribution_uuid),
is_suggested=is_suggested,
suggested_amount=addon.suggested_amount,
comment=comment, paykey=paykey)
contrib.save()
url = '%s?paykey=%s' % (settings.PAYPAL_FLOW_URL, paykey)
if request.GET.get('result_type') == 'json' or request.is_ajax():
# If there was an error getting the paykey, then JSON will
# not have a paykey and the JS can cope appropriately.
return http.HttpResponse(json.dumps({'url': url,
'paykey': paykey,
'error': str(error),
'status': status}),
content_type='application/json')
return http.HttpResponseRedirect(url)
async def display_columns_and_rows(self,
database,
table,
description,
rows,
link_column=False,
truncate_cells=0):
"Returns columns, rows for specified table - including fancy foreign key treatment"
db = self.ds.databases[database]
table_metadata = self.ds.table_metadata(database, table)
sortable_columns = await self.sortable_columns_for_table(
database, table, True)
columns = [{
"name": r[0],
"sortable": r[0] in sortable_columns
} for r in description]
pks = await db.primary_keys(table)
column_to_foreign_key_table = {
fk["column"]: fk["other_table"]
for fk in await db.foreign_keys_for_table(table)
}
cell_rows = []
for row in rows:
cells = []
# Unless we are a view, the first column is a link - either to the rowid
# or to the simple or compound primary key
if link_column:
is_special_link_column = len(pks) != 1
pk_path = path_from_row_pks(row, pks, not pks, False)
cells.append({
"column":
pks[0] if len(pks) == 1 else "Link",
"is_special_link_column":
is_special_link_column,
"raw":
pk_path,
"value":
jinja2.Markup(
'<a href="/{database}/{table}/{flat_pks_quoted}">{flat_pks}</a>'
.format(
database=database,
table=urllib.parse.quote_plus(table),
flat_pks=str(jinja2.escape(pk_path)),
flat_pks_quoted=path_from_row_pks(
row, pks, not pks),
)),
})
for value, column_dict in zip(row, columns):
column = column_dict["name"]
if link_column and len(pks) == 1 and column == pks[0]:
# If there's a simple primary key, don't repeat the value as it's
# already shown in the link column.
continue
# First let the plugins have a go
# pylint: disable=no-member
plugin_display_value = pm.hook.render_cell(
value=value,
column=column,
table=table,
database=database,
datasette=self.ds,
)
if plugin_display_value is not None:
display_value = plugin_display_value
elif isinstance(value, bytes):
display_value = jinja2.Markup(
"<Binary data: {} byte{}>".format(
len(value), "" if len(value) == 1 else "s"))
elif isinstance(value, dict):
# It's an expanded foreign key - display link to other row
label = value["label"]
value = value["value"]
# The table we link to depends on the column
other_table = column_to_foreign_key_table[column]
link_template = (LINK_WITH_LABEL if
(label != value) else LINK_WITH_VALUE)
display_value = jinja2.Markup(
link_template.format(
database=database,
table=urllib.parse.quote_plus(other_table),
link_id=urllib.parse.quote_plus(str(value)),
id=str(jinja2.escape(value)),
label=str(jinja2.escape(label)),
))
elif value in ("", None):
display_value = jinja2.Markup(" ")
elif is_url(str(value).strip()):
display_value = jinja2.Markup(
'<a href="{url}">{url}</a>'.format(
url=jinja2.escape(value.strip())))
elif column in table_metadata.get("units", {}) and value != "":
# Interpret units using pint
value = value * ureg(table_metadata["units"][column])
# Pint uses floating point which sometimes introduces errors in the compact
# representation, which we have to round off to avoid ugliness. In the vast
# majority of cases this rounding will be inconsequential. I hope.
value = round(value.to_compact(), 6)
display_value = jinja2.Markup(
"{:~P}".format(value).replace(" ", " "))
else:
display_value = str(value)
if truncate_cells and len(display_value) > truncate_cells:
display_value = display_value[:truncate_cells] + u"\u2026"
cells.append({
"column": column,
"value": display_value,
"raw": value
})
cell_rows.append(Row(cells))
if link_column:
# Add the link column header.
# If it's a simple primary key, we have to remove and re-add that column name at
# the beginning of the header row.
if len(pks) == 1:
columns = [col for col in columns if col["name"] != pks[0]]
columns = [{
"name": pks[0] if len(pks) == 1 else "Link",
"sortable": len(pks) == 1
}] + columns
return columns, cell_rows
def env(request):
return http.HttpResponse(u'<pre>%s</pre>' % (jinja2.escape(request)))
def paragraphize(value):
return jinja2.Markup(u'\n\n'.join(
u'<p>%s</p>' % p.replace('\n', '<br>\n')
for p in PARAGRAPH_RE.split(jinja2.escape(value))))
def generate_report(self, result):
"""
Return a HTML report with the results of all cases and tests.
"""
# Jinja template dictionary.
template_dict = {}
template_dict['title'] = jinja2.escape(self.title)
template_dict['description'] = jinja2.escape(self.description)
template_dict['sagenb_version'] = SAGENB_VERSION
template_dict['environment'] = self.extra_args.get('environment')
template_dict['start_time'] = str(self.start_time)[:19]
template_dict['stop_time'] = str(self.stop_time)[:19]
template_dict['elapsed_time'] = self.elapsed_time
template_dict['pass_total'] = result.success_count
template_dict['fail_total'] = result.failure_count
template_dict['error_total'] = result.error_count
template_dict['count_total'] = result.total_count
rows = []
sorted_result = self.sort_result(result.result)
# Iterate over cases.
for i, (case_type, case_results) in enumerate(sorted_result):
# Stats for this case.
passes = 0
failures = 0
errors = 0
for status, test_case, output, trace in case_results:
if status == _TestResult.PASS:
passes += 1
elif status == _TestResult.FAIL:
failures += 1
else:
errors += 1
# Case description.
if case_type.__module__ == '__main__':
name = case_type.__name__
else:
name = '%s.%s' % (case_type.__module__, case_type.__name__)
doc = case_type.__doc__ and case_type.__doc__.split('\n')[0] or ''
desc = jinja2.escape(doc and '%s: %s' % (name, doc) or name)
case_id = name.replace('.', '-') + '_%d' % i
case_class = failures > 0 and 'case_fail' or errors > 0 and 'case_error' or 'case_pass'
count = passes + failures + errors
rows.append(REPORT_CASE_TMPL.render(locals()))
# Iterate over this case's tests.
for j, (status, test_case, output,
trace) in enumerate(case_results):
self.report_for_one_test(rows, case_id, j, status, test_case,
output, trace)
template_dict['test_cases_and_tests'] = '\n'.join(rows)
# Make the report self-contained.
stylesheet = template(os.path.join('css', 'test_report.css'))
template_dict[
'stylesheet'] = '<style type="text/css"><!--\n' + stylesheet + '\n--></style>'
template_dict['stylesheet'] += IE_STYLE_FIX.render()
jquery = open(os.path.join(DATA, 'jquery/jquery-1.3.2.min.js'),
'r').read()
template_dict[
'javascript'] = '<script type="text/javascript">\n' + jquery + '\n</script>'
return template(os.path.join('html', 'test_report.html'),
**template_dict)
def link(item):
html = """<a href="%s">%s</a>""" % (item.get_url_path(),
jinja2.escape(item.name))
return jinja2.Markup(html)
def xss():
name = request.args.get('name')
#response='<h1>Hello,%s!</h1>' % name
response = '<h1>Hello,%s!</h1>' % escape(name)
return response
def page_title(title):
return jinja2.Markup('%s | MDN' % jinja2.escape(title))
def get_format_multilined_string(value):
escaped_value = escape(value)
new_line_regex = r"(?:\r\n|\r|\n)+"
value_with_line_break_tag = re.sub(new_line_regex, "<br>", escaped_value)
return "{}".format(value_with_line_break_tag)
def nl2br(eval_ctx, value):
result = u'\n\n'.join(u'<p>%s</p>' % p.replace('\n', '<br>\n') \
for p in _paragraph_re.split(escape(value)))
if eval_ctx.autoescape:
result = Markup(result)
return result
def nl2br(string):
"""Turn newlines into <br>."""
if not string:
return ''
return jinja2.Markup('<br>'.join(jinja2.escape(string).splitlines()))
chart_info = json.loads(response.text)
title = chart_info['title']
veroeffentlicht = chart_info['publishedAt']
try:
datenquelle = chart_info['metadata']['data']['external-data']
except:
datenquelle = ""
pass
url2 = chart_info['publicUrl']
bild = 'https:' + str(chart_info['thumbnails']['full'])
iframe = chart_info['metadata']['publish']['embed-codes'][
'embed-method-responsive']
iframe_code = jinja2.escape(
str(chart_info['metadata']['publish']['embed-codes']
['embed-method-responsive']))
zeile.append([
chartid, title, veroeffentlicht, datenquelle, iframe_code, iframe,
bild, kommentar, datenquelle, url2
])
response = requests.get(
'https://api.datawrapper.de/v3/charts/{}/export/svg'.format(chartid),
headers=svg_headers,
params=svg_querystring)
svg_filename = chartid + "_export.svg"
file = open(svg_filename, "w")
file.write(response.text)
def contribute(request, addon):
webapp = addon.is_webapp()
contrib_type = request.GET.get('type', 'suggested')
is_suggested = contrib_type == 'suggested'
source = request.GET.get('source', '')
comment = request.GET.get('comment', '')
amount = {
'suggested': addon.suggested_amount,
'onetime': request.GET.get('onetime-amount', '')
}.get(contrib_type, '')
if not amount:
amount = settings.DEFAULT_SUGGESTED_CONTRIBUTION
contribution_uuid = hashlib.md5(str(uuid.uuid4())).hexdigest()
if addon.charity:
# TODO(andym): Figure out how to get this in the addon authors
# locale, rather than the contributors locale.
name, paypal_id = (u'%s: %s' % (addon.name, addon.charity.name),
addon.charity.paypal)
else:
name, paypal_id = addon.name, addon.paypal_id
# l10n: {0} is the addon name
contrib_for = _(u'Contribution for {0}').format(jinja2.escape(name))
paykey, error = '', ''
try:
paykey = paypal.get_paykey(
dict(uuid=contribution_uuid,
slug=addon.slug,
amount=amount,
email=paypal_id,
memo=contrib_for,
ip=request.META.get('REMOTE_ADDR'),
pattern='%s.paypal' % ('apps' if webapp else 'addons')))
except:
log.error('Error getting paykey, contribution for addon: %s' %
addon.pk,
exc_info=True)
error = _('There was an error communicating with PayPal.')
if paykey:
contrib = Contribution(addon_id=addon.id,
charity_id=addon.charity_id,
amount=amount,
source=source,
source_locale=request.LANG,
annoying=addon.annoying,
uuid=str(contribution_uuid),
is_suggested=is_suggested,
suggested_amount=addon.suggested_amount,
comment=comment,
paykey=paykey)
contrib.save()
assert settings.PAYPAL_FLOW_URL, 'settings.PAYPAL_FLOW_URL is not defined'
url = '%s?paykey=%s' % (settings.PAYPAL_FLOW_URL, paykey)
if request.GET.get('result_type') == 'json' or request.is_ajax():
# If there was an error getting the paykey, then JSON will
# not have a paykey and the JS can cope appropriately.
return http.HttpResponse(json.dumps({
'url': url,
'paykey': paykey,
'error': error
}),
content_type='application/json')
return http.HttpResponseRedirect(url)
def __unicode__(self):
return jinja2.escape(self.version)
async def render_template(self,
templates,
context=None,
request=None,
view_name=None):
context = context or {}
if isinstance(templates, Template):
template = templates
else:
if isinstance(templates, str):
templates = [templates]
template = self.jinja_env.select_template(templates)
body_scripts = []
# pylint: disable=no-member
for script in pm.hook.extra_body_script(
template=template.name,
database=context.get("database"),
table=context.get("table"),
view_name=view_name,
datasette=self,
):
body_scripts.append(Markup(script))
extra_template_vars = {}
# pylint: disable=no-member
for extra_vars in pm.hook.extra_template_vars(
template=template.name,
database=context.get("database"),
table=context.get("table"),
view_name=view_name,
request=request,
datasette=self,
):
if callable(extra_vars):
extra_vars = extra_vars()
if asyncio.iscoroutine(extra_vars):
extra_vars = await extra_vars
assert isinstance(extra_vars,
dict), "extra_vars is of type {}".format(
type(extra_vars))
extra_template_vars.update(extra_vars)
template_context = {
**context,
**{
"actor":
request.actor if request else None,
"display_actor":
display_actor,
"show_logout":
request is not None and "ds_actor" in request.cookies,
"app_css_hash":
self.app_css_hash(),
"zip":
zip,
"body_scripts":
body_scripts,
"format_bytes":
format_bytes,
"show_messages":
lambda: self._show_messages(request),
"extra_css_urls":
self._asset_urls("extra_css_urls", template, context),
"extra_js_urls":
self._asset_urls("extra_js_urls", template, context),
"base_url":
self.config("base_url"),
"csrftoken":
request.scope["csrftoken"] if request else lambda: "",
},
**extra_template_vars,
}
if request and request.args.get("_context") and self.config(
"template_debug"):
return "<pre>{}</pre>".format(
jinja2.escape(
json.dumps(template_context, default=repr, indent=4)))
return await template.render_async(template_context)
def test_sample_code_extraction(self):
sample_html = u"""
<div class="foo">
<p>Hello world!</p>
<p>Unicode fun: Przykłady 例 예제 示例</p>
</div>
"""
sample_css = u"""
.foo p { color: red; }
"""
sample_js = u"""
window.alert("Hi there!");
"""
doc_src = u"""
<p>This is a page. Deal with it.</p>
<h3 id="sample0">This is a section</h3>
<pre class="brush:html; highlight: [5, 15]; html-script: true">section html</pre>
<pre class="brush:css;">section css</pre>
<pre class="brush: js">section js</pre>
<h3>The following is a new section</h3>
<div id="sample1" class="code-sample">
<pre class="brush: html;">Ignore me</pre>
<pre class="brush:css;">Ignore me</pre>
<pre class="brush: js">Ignore me</pre>
</div>
<ul id="sample2" class="code-sample">
<li><span>HTML</span>
<pre class="brush: html">%s</pre>
</li>
<li><span>CSS</span>
<pre class="brush:css;random:crap;in:the;classname">%s</pre>
</li>
<li><span>JS</span>
<pre class="brush: js">%s</pre>
</li>
</ul>
<p>More content shows up here.</p>
<p id="not-a-sample">This isn't a sample, but it
shouldn't cause an error</p>
<h4 id="sample3">Another section</h4>
<pre class="brush: html">Ignore me</pre>
<pre class="brush: js">Ignore me</pre>
<h4>Yay a header</h4>
<p>Yadda yadda</p>
<div id="sample4" class="code-sample">
<pre class="brush: js">Ignore me</pre>
</div>
<p>Yadda yadda</p>
""" % (escape(sample_html), escape(sample_css), escape(sample_js))
# live sample using the section logic
result = wiki.content.extract_code_sample('sample0', doc_src)
eq_('section html', result['html'].strip())
eq_('section css', result['css'].strip())
eq_('section js', result['js'].strip())
# pull out a complete sample.
result = wiki.content.extract_code_sample('sample2', doc_src)
eq_(sample_html.strip(), result['html'].strip())
eq_(sample_css.strip(), result['css'].strip())
eq_(sample_js.strip(), result['js'].strip())
# a sample missing one part.
result = wiki.content.extract_code_sample('sample3', doc_src)
eq_('Ignore me', result['html'].strip())
eq_(None, result['css'])
eq_('Ignore me', result['js'].strip())
# a sample with only one part.
result = wiki.content.extract_code_sample('sample4', doc_src)
eq_(None, result['html'])
eq_(None, result['css'])
eq_('Ignore me', result['js'].strip())
# a "sample" with no code listings.
result = wiki.content.extract_code_sample('not-a-sample', doc_src)
eq_(None, result['html'])
eq_(None, result['css'])
eq_(None, result['js'])
def get_output(data):
g = defaultdict(str, [(k, jinja2.escape(v)) for k, v in data.iteritems()])
required = ['mimetype', 'appID', 'appVersion', 'clientOS', 'chromeLocale']
# Some defaults we override depending on what we find below.
plugin = dict(mimetype='-1', name='-1', guid='-1', version='',
iconUrl='', XPILocation='', InstallerLocation='',
InstallerHash='', InstallerShowsUI='',
manualInstallationURL='', licenseURL='',
needsRestart='true')
# Special case for mimetype if they are provided.
plugin['mimetype'] = g['mimetype'] or '-1'
output = Template(xml_template)
for s in required:
if s not in data:
# A sort of 404, matching what was returned in the original PHP.
return output.substitute(plugin)
# Figure out what plugins we've got, and what plugins we know where
# to get.
# Begin our huge and embarrassing if-else statement.
if (g['mimetype'] in ['application/x-shockwave-flash',
'application/futuresplash'] and
re.match(flash_re, g['clientOS'])):
# Tell the user where they can go to get the installer.
plugin.update(
name='Adobe Flash Player',
manualInstallationURL='http://www.adobe.com/go/getflashplayer')
# Offer Windows users a specific flash plugin installer instead.
# Don't use a https URL for the license here, per request from
# Macromedia.
if g['clientOS'].startswith('Win'):
plugin.update(
guid='{4cfaef8a-a6c9-41a0-8e6f-967eb8f49143}',
XPILocation='',
iconUrl='http://fpdownload2.macromedia.com/pub/flashplayer/current/fp_win_installer.ico',
needsRestart='false',
InstallerShowsUI='true',
version='13.0.0.214',
InstallerHash='sha256:3429f62b63ea7e06298231be7a2cf80b15745ba09442a952cbf23942e1aeba42',
InstallerLocation='http://download.macromedia.com/pub/flashplayer/pdc/fp_pl_pfs_installer.exe')
elif (g['mimetype'] == 'application/x-director' and
g['clientOS'].startswith('Win')):
plugin.update(
name='Adobe Shockwave Player',
manualInstallationURL='http://get.adobe.com/shockwave/otherversions')
# Even though the shockwave installer is not a silent installer, we
# need to show its EULA here since we've got a slimmed down
# installer that doesn't do that itself.
if g['chromeLocale'] != 'ja-JP':
plugin.update(
licenseURL='http://www.adobe.com/go/eula_shockwaveplayer')
else:
plugin.update(
licenseURL='http://www.adobe.com/go/eula_shockwaveplayer_jp')
plugin.update(
guid='{45f2a22c-4029-4209-8b3d-1421b989633f}',
XPILocation='',
version='12.1.1.151',
InstallerHash='sha256:22105e72f390b72ee6120f43d83eec3d85f38df32d3a5d6b3d18dcf0cc46dbf7',
InstallerLocation='http://fpdownload.macromedia.com/pub/shockwave/default/english/win95nt/latest/Shockwave_Installer_FF.exe',
manualInstallationURL='http://get.adobe.com/shockwave/otherversions',
needsRestart='false',
InstallerShowsUI='false')
elif (g['mimetype'] in ['audio/x-pn-realaudio-plugin',
'audio/x-pn-realaudio'] and
re.match(r'^(Win|Linux|PPC Mac OS X)', g['clientOS'])):
plugin.update(
name='Real Player',
version='10.5',
manualInstallationURL='http://www.real.com')
if g['clientOS'].startswith('Win'):
plugin.update(
XPILocation='http://forms.real.com/real/player/download.html?type=firefox',
guid='{d586351c-cb55-41a7-8e7b-4aaac5172d39}')
else:
plugin.update(
guid='{269eb771-59de-4702-9209-ca97ce522f6d}')
elif (re.match(quicktime_re, g['mimetype']) and
re.match(r'^(Win|PPC Mac OS X)', g['clientOS'])):
# Well, we don't have a plugin that can handle any of those
# mimetypes, but the Apple Quicktime plugin can. Point the user to
# the Quicktime download page.
plugin.update(
name='Apple Quicktime',
guid='{a42bb825-7eee-420f-8ee7-834062b6fefd}',
InstallerShowsUI='true',
manualInstallationURL='http://www.apple.com/quicktime/download/')
elif (re.match(java_re, g['mimetype']) and
re.match(r'^(Win|Linux|PPC Mac OS X)', g['clientOS'])):
# We serve up the Java plugin for the following mimetypes:
#
# application/x-java-vm
# application/x-java-applet;jpi-version=1.5
# application/x-java-bean;jpi-version=1.5
# application/x-java-applet;version=1.3
# application/x-java-bean;version=1.3
# application/x-java-applet;version=1.2.2
# application/x-java-bean;version=1.2.2
# application/x-java-applet;version=1.2.1
# application/x-java-bean;version=1.2.1
# application/x-java-applet;version=1.4.2
# application/x-java-bean;version=1.4.2
# application/x-java-applet;version=1.5
# application/x-java-bean;version=1.5
# application/x-java-applet;version=1.3.1
# application/x-java-bean;version=1.3.1
# application/x-java-applet;version=1.4
# application/x-java-bean;version=1.4
# application/x-java-applet;version=1.4.1
# application/x-java-bean;version=1.4.1
# application/x-java-applet;version=1.2
# application/x-java-bean;version=1.2
# application/x-java-applet;version=1.1.3
# application/x-java-bean;version=1.1.3
# application/x-java-applet;version=1.1.2
# application/x-java-bean;version=1.1.2
# application/x-java-applet;version=1.1.1
# application/x-java-bean;version=1.1.1
# application/x-java-applet;version=1.1
# application/x-java-bean;version=1.1
# application/x-java-applet
# application/x-java-bean
#
#
# We don't want to link users directly to the Java plugin because
# we want to warn them about ongoing security problems first. Link
# to SUMO.
plugin.update(
name='Java Runtime Environment',
manualInstallationURL='https://support.mozilla.org/kb/use-java-plugin-to-view-interactive-content',
needsRestart='false',
guid='{fbe640ef-4375-4f45-8d79-767d60bf75b8}')
elif (g['mimetype'] in ['application/pdf', 'application/vnd.fdf',
'application/vnd.adobe.xfdf',
'application/vnd.adobe.xdp+xml',
'application/vnd.adobe.xfd+xml'] and
re.match(r'^(Win|PPC Mac OS X|Linux(?! x86_64))', g['clientOS'])):
plugin.update(
name='Adobe Acrobat Plug-In',
guid='{d87cd824-67cb-4547-8587-616c70318095}',
manualInstallationURL='http://www.adobe.com/products/acrobat/readstep.html')
elif (g['mimetype'] == 'application/x-mtx' and
re.match(r'^(Win|PPC Mac OS X)', g['clientOS'])):
plugin.update(
name='Viewpoint Media Player',
guid='{03f998b2-0e00-11d3-a498-00104b6eb52e}',
manualInstallationURL='http://www.viewpoint.com/pub/products/vmp.html')
elif re.match(wmp_re, g['mimetype']):
# We serve up the Windows Media Player plugin for the following
# mimetypes:
#
# application/asx
# application/x-mplayer2
# audio/x-ms-wax
# audio/x-ms-wma
# video/x-ms-asf
# video/x-ms-asf-plugin
# video/x-ms-wm
# video/x-ms-wmp
# video/x-ms-wmv
# video/x-ms-wmx
# video/x-ms-wvx
#
# For all windows users who don't have the WMP 11 plugin, give them
# a link for it.
if g['clientOS'].startswith('Win'):
plugin.update(
name='Windows Media Player',
version='11',
guid='{cff1240a-fd24-4b9f-8183-ccd96e5300d0}',
manualInstallationURL='http://port25.technet.com/pages/windows-media-player-firefox-plugin-download.aspx')
# For OSX users -- added Intel to this since flip4mac is a UB.
# Contact at MS was okay w/ this, plus MS points to this anyway.
elif re.match(r'^(PPC|Intel) Mac OS X', g['clientOS']):
plugin.update(
name='Flip4Mac',
version='2.1',
guid='{cff0240a-fd24-4b9f-8183-ccd96e5300d0}',
manualInstallationURL='http://www.flip4mac.com/wmv_download.htm')
elif (g['mimetype'] == 'application/x-xstandard' and
re.match(r'^(Win|PPC Mac OS X)', g['clientOS'])):
plugin.update(
name='XStandard XHTML WYSIWYG Editor',
guid='{3563d917-2f44-4e05-8769-47e655e92361}',
iconUrl='http://xstandard.com/images/xicon32x32.gif',
XPILocation='http://xstandard.com/download/xstandard.xpi',
InstallerShowsUI='false',
manualInstallationURL='http://xstandard.com/download/',
licenseURL='http://xstandard.com/license/')
elif (g['mimetype'] == 'application/x-dnl' and
g['clientOS'].startswith('Win')):
plugin.update(
name='DNL Reader',
guid='{ce9317a3-e2f8-49b9-9b3b-a7fb5ec55161}',
version='5.5',
iconUrl='http://digitalwebbooks.com/reader/dwb16.gif',
XPILocation='http://digitalwebbooks.com/reader/xpinst.xpi',
InstallerShowsUI='false',
manualInstallationURL='http://digitalwebbooks.com/reader/')
elif (g['mimetype'] == 'application/x-videoegg-loader' and
g['clientOS'].startswith('Win')):
plugin.update(
name='VideoEgg Publisher',
guid='{b8b881f0-2e07-11db-a98b-0800200c9a66}',
iconUrl='http://videoegg.com/favicon.ico',
XPILocation='http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.xpi',
InstallerShowsUI='true',
manualInstallationURL='http://www.videoegg.com/')
elif (g['mimetype'] == 'video/vnd.divx' and
g['clientOS'].startswith('Win')):
plugin.update(
name='DivX Web Player',
guid='{a8b771f0-2e07-11db-a98b-0800200c9a66}',
iconUrl='http://images.divx.com/divx/player/webplayer.png',
XPILocation='http://download.divx.com/player/DivXWebPlayer.xpi',
InstallerShowsUI='false',
licenseURL='http://go.divx.com/plugin/license/',
manualInstallationURL='http://go.divx.com/plugin/download/')
elif (g['mimetype'] == 'video/vnd.divx' and
re.match(r'^(PPC|Intel) Mac OS X', g['clientOS'])):
plugin.update(
name='DivX Web Player',
guid='{a8b771f0-2e07-11db-a98b-0800200c9a66}',
iconUrl='http://images.divx.com/divx/player/webplayer.png',
XPILocation='http://download.divx.com/player/DivXWebPlayerMac.xpi',
InstallerShowsUI='false',
licenseURL='http://go.divx.com/plugin/license/',
manualInstallationURL='http://go.divx.com/plugin/download/')
# End ridiculously huge and embarrassing if-else block.
return output.substitute(plugin)
def prod_anchor(prod_id):
url = prod_url(prod_id=prod_id)
return jinja2.Markup('<a class="hoveronly" href="{}">{}</a>'.format(
jinja2.escape(url), prod_id))
def render_addon_name(self, record):
url = reverse('reviewers.review', args=[record.addon_slug])
self.increment_item()
return u'<a href="%s">%s <em>%s</em></a>' % (
url, jinja2.escape(record.addon_name),
jinja2.escape(record.latest_version))
def get_report_data(host):
all_tasks = {}
subtasks = defaultdict(list)
for t in host._task_times:
task = t['task']
if not task.cancelled():
if t['type'] == 'task':
all_tasks[id(t['task'])] = t
else:
subtasks[id(t['task'])].append(t)
if not all_tasks: # pragma: no cover
return
all_tasks = sorted(all_tasks.values(), key=itemgetter('start'))
stats = {}
_start = all_tasks[0]['start']
tasks = []
for row, task_dict in enumerate(all_tasks):
row += 1
task = task_dict['task']
m = task_dict
local_time = m['time']
task_name = task.__class_name__()
stat = stats.setdefault(task_name, {
'name': task_name,
'calls': 0,
'time': 0,
'remote_time': 0
})
stat['calls'] += 1
stat['time'] += local_time
stat['remote_time'] += m.get('remote_time', 0.)
name = '{0}({1})'.format(task_name,
task.args.get('name', repr(task.args)))
t = Item(
type="task",
name=jinja2.escape(name),
short_name=task_name.replace('nuka.tasks.', ''),
start=(m['start'] - _start),
time=local_time,
rc=task.res.get('rc', 0),
row=row,
filename=m['filename'],
lineno=m['lineno'],
funcs=[],
remote_calls=[],
)
tasks.append(round_dict(t))
subs = sorted(subtasks[id(task)], key=itemgetter('start'))
sh_start = None
for item in subs:
if item['type'] == 'api_call':
name = item['name']
elif item['type'] == 'pre_process':
name = 'pre_process()'
elif item['type'] == 'post_process':
name = 'post_process()'
item['type'] == 'pre_process'
else:
cmd = ' '.join(item['cmd'])
if nuka.config['script'] in cmd:
cmd = 'nuka/script.py'
name = 'subprocess({0})'.format(cmd)
func = Item(
name=name,
type=item['type'],
start=(item['start'] - _start),
time=item['time'],
parent=t.uid,
latency=item.get('latency'),
remote_calls=[],
)
if 'meta' in item:
sh_start = func['start'] + item['latency']
shs = item['meta']['remote_calls']
for sh in shs:
tsh = Item(
type="sh",
start=sh_start,
name='sh({0})'.format(sh['cmd']),
time=sh['time'],
parent=t.uid,
rc=sh['rc'],
)
func['remote_calls'].append(round_dict(tsh))
sh_start += tsh.time
t['funcs'].append(round_dict(func))
_end = all_tasks[-1]
_real_end = _end
i = 1
while isinstance(_real_end['task'], teardown):
i += 1
try:
_real_end = all_tasks[-i]
except IndexError:
_real_end = _end
break
for k, v in stats.items():
v['avg_time'] = v['time'] / v['calls']
v['avg_remote_time'] = v['remote_time'] / v['calls']
for kk, vv in v.items():
if isinstance(vv, float):
v[kk] = '%.3f' % vv
stats = sorted(stats.values(), key=itemgetter('remote_time'), reverse=True)
data = {
'host': host.name,
'tasks': tasks,
'stats': stats,
'total_time': _end['start'] + _end['time'] - _start,
'real_time': _real_end['start'] + _real_end['time'] - _start,
}
return data
def safe_substitute(string, *args):
return string % tuple(jinja2.escape(arg) for arg in args)
def callable_filter(text, project):
text = jinja2.escape(text)
return changelink(text, project)
def render_addon_name(self, record):
url = self._get_addon_name_url(record)
return u'<a href="%s">%s <em>%s</em></a>' % (
url, jinja2.escape(record.name),
jinja2.escape(record.current_version))
def do_github_commit_link(commit):
commit_url = jinja2.escape(GITHUB_COMMIT_TEMPLATE % commit)
return jinja2.Markup('<a href="%s">%s</a>' % (commit_url, commit[:8]))
def create_app(default_config_path=None):
"""Create and return a Flask application. Reads a config file path from the
OK_SERVER_CONFIG environment variable. If it is not set, reads from
default_config_path instead. This is so we can default to a development
environment locally, but the app will fail in production if there is no
config file rather than dangerously defaulting to a development environment.
"""
app = Flask(__name__)
config_path = os.getenv('OK_SERVER_CONFIG', default_config_path)
if config_path is None:
raise ValueError(
'No configuration file found'
'Check that the OK_SERVER_CONFIG environment variable is set.')
app.config.from_pyfile(config_path)
# Senty Error Reporting & Other Prod Changes
sentry_dsn = os.getenv('SENTRY_DSN')
if not app.debug:
app.wsgi_app = ProxyFix(app.wsgi_app)
if sentry_dsn:
sentry.init_app(app, dsn=sentry_dsn)
@app.errorhandler(500)
def internal_server_error(error):
return render_template(
'errors/500.html',
event_id=g.sentry_event_id,
public_dsn=sentry.client.get_public_dsn('https')), 500
# In production mode, add log handler to sys.stderr.
app.logger.addHandler(logging.StreamHandler())
app.logger.setLevel(logging.INFO)
@app.errorhandler(404)
def not_found_error(error):
if request.path.startswith("/api"):
return api.handle_error(error)
return render_template('errors/404.html'), 404
# initialize the cache
cache.init_app(app)
# initialize redis task queues
RQ(app)
# Protect All Routes from csrf
csrf.init_app(app)
# initialize the debug tool bar
debug_toolbar.init_app(app)
# initialize SQLAlchemy
db.init_app(app)
# Flask-Login manager
login_manager.init_app(app)
# Import and register the different asset bundles
assets_env.init_app(app)
assets_loader = PythonAssetsLoader(assets)
for name, bundle in assets_loader.load_bundles().items():
assets_env.register(name, bundle)
# custom URL handling
converters.init_app(app)
# custom Jinja rendering
app.jinja_env.globals.update({
'utils':
utils,
'debug':
app.debug,
'instantclick':
app.config.get('INSTANTCLICK', True),
'CSRFForm':
CSRFForm
})
app.jinja_env.filters.update({
'markdown':
lambda data: Markup(markdown(escape(data))),
'pluralize':
utils.pluralize
})
# register our blueprints
# OAuth should not need CSRF protection
csrf.exempt(auth)
app.register_blueprint(auth)
csrf.exempt(oauth)
app.register_blueprint(oauth)
app.register_blueprint(student)
app.register_blueprint(admin, url_prefix='/admin')
app.register_blueprint(about, url_prefix='/about')
# Redis Queue dashboard
csrf.exempt(queue)
app.register_blueprint(queue, url_prefix='/rq')
# API does not need CSRF protection
csrf.exempt(api_endpoints)
app.register_blueprint(api_endpoints, url_prefix=API_PREFIX)
return app
def get_field(self, *args, **kw):
# obj is the value getting interpolated into the string.
obj, used_key = super(SafeFormatter, self).get_field(*args, **kw)
return jinja2.escape(obj), used_key
def onlystaff(ctx, value, tag=None):
"""Display content only if the current logged in user `is_staff()`.
This tag generatyes HTML. If you don't wan't HTML use this construct::
{% if is_staff() %}Internal Info{% endif %}
The Tag encloses content in a ``<span>`` or ``<div>`` depending
on it's contents::
{{ "bla"|onlystaff }}
<!-- is rendered to: -->
<span class="gaetk_onlystaff">bla</span>
{% filter onlystaff %}
<form ...></form>
{% endfilter %}
<!-- is rendered to: -->
<div class="gaetk_onlystaff">
<form ...></form>
</div>
{% filter onlystaff %}
<i>test text</i>
{% endfilter %}
<!-- is rendered to: -->
<span class="gaetk_onlystaff"><i>test text</i></span>
If you not happy with how the filter chooses between ``<span>`` and ``<div>``
you can provide a tag to be used. Or you can provide empty data to avoid
all markup::
{% filter onlystaff('p') %}
<i>test text</i>
{% endfilter %}
<!-- is rendered to: -->
<p class="gaetk_onlystaff">bla</p>
{% filter onlystaff('') %}
foo
{% endfilter %}
<!-- is rendered to: -->
foo
Automatic detection does not work perfectly within tables.
Your milage may vary.
If the user is not staff an empty tag is generated::
{% filter onlystaff %}
supersecret
{% endfilter %}
<!-- is rendered to: -->
<span class="gaetk_onlystaff-denied"><!-- !is_staff() --></span>
{% filter onlystaff('') %}
supersecret
{% endfilter %}
<!-- is rendered to: (nothing) -->
"""
if tag is None:
tag = 'span'
m = re.search(r'$\s*<(%s)' % '|'.join(NOTAGS), value)
if m:
tag = ''
else:
m = re.search(r'<(%s)' % '|'.join(BLOCKTAGS), value)
if m:
tag = 'div'
granted = False
if ctx.get('credential') and ctx.get('credential').staff:
granted = True
if granted:
if not tag:
return value
value = '<{tag} class="gaetk_onlystaff">{value}</{tag}>'.format(
tag=tag, value=jinja2.escape(value))
else:
if not ctx.get('credential'):
logger.info('context has no credential!')
if not tag:
return ''
value = '<{tag} class="gaetk_onlystaff_denied"><!-- !is_staff() --></{tag}>'.format(
tag=tag)
return Markup(value)
