def doDeleteResource(wfile, req):
wlib = store.getWeblib()
item = wlib.webpages.getById(req.rid)
if item:
log.info('Deleting WebPage %s' % unicode(item))
store.getStore().removeItem(item)
response.redirect(wfile, '/updateParent')
def doDelete(wfile, req):
wlib = store.getWeblib()
entries = _buildEntries(req)
for item in entries:
try:
log.debug('Delete web page: %s', unicode(item))
store.getStore().removeItem(item)
except:
log.exception('Unable to delete: %s', unicode(item))
response.redirect(wfile, '/updateParent')
def test_PUT_input_escape(self):
# First insert some risky data into weblib
badtag = weblib.Tag(name='</bad_tag>')
badtag = store.getStore().writeTag(badtag)
# GET
url = '/weblib/@%s/form?name=</bad_tag>' % badtag.id
txt = self._run_url(url)
self.assert_('bad_tag' in txt)
self.assert_('</bad_tag>' not in txt)
def doPutResource(wfile, req, bean):
wlib = store.getWeblib()
if not bean.validate():
FormRenderer(wfile).output(bean)
return
item = bean.item
if bean.newTags:
assert bean.create_tags
item.tags = weblib.makeTags(store.getStore(), item.tags_description)
if item.id < 0:
log.info('Adding WebPage: %s' % unicode(item))
store.getStore().writeWebPage(item)
else:
log.info('Updating WebPage: %s' % unicode(item))
store.getStore().writeWebPage(item)
response.redirect(wfile, '/updateParent')
def doPost(wfile, req):
wlib = store.getWeblib()
entries = _buildEntries(req)
checklist = _buildChecklist(req)
errors = []
# parse add tags
tags_description = req.param('add_tags')
if weblib.Tag.hasIllegalChar(tags_description.replace(',',' ')):
errors.append('These characters are not allowed in tag name: ' + weblib.Tag.ILLEGAL_CHARACTERS)
tags_description = ''
# check for new tags and the create_tags flag
_, unknown = weblib.parseTags(wlib, tags_description)
if unknown and (not req.param('create_tags')):
tags = u', '.join(unknown)
errors.append('These tags are not previous used: ' + tags)
tags_description = ''
# note: validation should be done, new tags will be created here
set_tags = weblib.makeTags(store.getStore(), tags_description)
remove_tags = []
# going through checklist, add to set_tags, delete_tags
for tag, flag in checklist:
if flag:
if tag not in set_tags:
set_tags.append(tag)
else:
remove_tags.append(tag)
if errors:
doShowForm(wfile, req, errors, checklist=checklist, new_tags=unknown)
return
log.debug('EditTags for %s entries set(%s) remove(%s).', len(entries), set_tags, remove_tags)
wlib.editTags(entries, [], set_tags, remove_tags)
store.getStore().refresh_when_needed()
response.redirect(wfile, '/updateParent')
def test_POST_input_escape(self):
# First insert some risky data into weblib
stor = store.getStore()
badtag = weblib.Tag(name='</bad_tag>')
badtag = stor.writeTag(badtag)
badpage = weblib.WebPage(
name = '</bad_tag>',
url = '</bad_tag>',
description = '</bad_tag>',
tags = [badtag]
)
badpage = stor.writeWebPage(badpage)
# GET and make sure it is escaped
txt = self._run_url('/weblib/tag_categorize')
self.assert_('bad_tag' in txt)
self.assert_('</bad_tag>' not in txt)
def doSave(wfile, req):
store.getStore().save()
wlib = store.getWeblib()
wfile.write('200 ok\r\n\r\n')
wfile.write('saved %s pages %s tags' % (len(wlib.webpages), len(wlib.tags)))
def doLoad(wfile, req):
store.getStore().load()
wlib = store.getWeblib()
wfile.write('200 ok\r\n\r\n')
wfile.write('Load %s pages %s tags' % (len(wlib.webpages), len(wlib.tags)))
def tearDown(self): # TODO HACK: close any open file before replace. # Need comphrensive review store.getStore().reset()
