Exemple #1
0
def newline_to_br(v, name='(Unknown name)', md={}):
    # Unsafe data is explicitly quoted here; we don't expect this to be HTML
    # quoted later on anyway.
    if isinstance(v, TaintedString): v = v.quoted()
    v = ustr(v)
    if v.find('\r') >= 0: v = ''.join(v.split('\r'))
    if v.find('\n') >= 0: v = '<br />\n'.join(v.split('\n'))
    return v
Exemple #2
0
def newline_to_br(v, name='(Unknown name)', md={}):
    # Unsafe data is explicitly quoted here; we don't expect this to be HTML
    # quoted later on anyway.
    if isinstance(v, TaintedString): v = v.quoted()
    v=ustr(v)
    if v.find('\r') >= 0: v=''.join(v.split('\r'))
    if v.find('\n') >= 0: v='<br />\n'.join(v.split('\n'))
    return v
Exemple #3
0
    def render(self, md):
        args = self.args
        have_arg = args.has_key
        name = self.__name__

        val = self.expr

        if val is None:
            if md.has_key(name):
                if have_arg('url'):
                    val = md.getitem(name, 0)
                    val = val.absolute_url()
                else:
                    val = md[name]
            else:
                if have_arg('missing'):
                    return args['missing']
                else:
                    raise KeyError, name
        else:
            val = val.eval(md)
            if have_arg('url'): val = val.absolute_url()

        __traceback_info__ = name, val, args

        if have_arg('null') and not val and val != 0:
            # check for null (false but not zero, including None, [], '')
            return args['null']

        # handle special formats defined using fmt= first
        if have_arg('fmt'):
            _get = getattr(md, 'guarded_getattr', None)
            if _get is None:
                _get = getattr

            fmt = args['fmt']
            if have_arg('null') and not val and val != 0:
                try:
                    if hasattr(val, fmt):
                        val = _get(val, fmt)()
                    elif special_formats.has_key(fmt):
                        if fmt == 'html-quote' and \
                           isinstance(val, TaintedString):
                            # TaintedStrings will be quoted by default, don't
                            # double quote.
                            pass
                        else:
                            val = special_formats[fmt](val, name, md)
                    elif fmt == '':
                        val = ''
                    else:
                        if isinstance(val, TaintedString):
                            val = TaintedString(fmt % val)
                        else:
                            val = fmt % val
                except:
                    t, v = sys.exc_type, sys.exc_value
                    if hasattr(sys, 'exc_info'): t, v = sys.exc_info()[:2]
                    if val is None or not str(val): return args['null']
                    raise t, v

            else:
                # We duplicate the code here to avoid exception handler
                # which tends to screw up stack or leak
                if hasattr(val, fmt):
                    val = _get(val, fmt)()
                elif special_formats.has_key(fmt):
                    if fmt == 'html-quote' and \
                        isinstance(val, TaintedString):
                        # TaintedStrings will be quoted by default, don't
                        # double quote.
                        pass
                    else:
                        val = special_formats[fmt](val, name, md)
                elif fmt == '':
                    val = ''
                else:
                    if isinstance(val, TaintedString):
                        val = TaintedString(fmt % val)
                    else:
                        val = fmt % val

        # finally, pump it through the actual string format...
        fmt = self.fmt
        if fmt == 's':
            # Keep tainted strings as tainted strings here.
            if not isinstance(val, TaintedString):
                val = ustr(val)
        else:
            # Keep tainted strings as tainted strings here.
            wastainted = 0
            if isinstance(val, TaintedString): wastainted = 1
            val = ('%' + self.fmt) % (val, )
            if wastainted and '<' in val:
                val = TaintedString(val)

        # next, look for upper, lower, etc
        for f in self.modifiers:
            if f.__name__ == 'html_quote' and isinstance(val, TaintedString):
                # TaintedStrings will be quoted by default, don't double quote.
                continue
            val = f(val)

        if have_arg('size'):
            size = args['size']
            try:
                size = int(size)
            except:
                raise ValueError, (
                    '''a <code>size</code> attribute was used in a <code>var</code>
                tag with a non-integer value.''')
            if len(val) > size:
                val = val[:size]
                l = val.rfind(' ')
                if l > size / 2:
                    val = val[:l + 1]
                if have_arg('etc'): l = args['etc']
                else: l = '...'
                val = val + l

        if isinstance(val, TaintedString):
            val = val.quoted()

        return val
Exemple #4
0
    def render(self, md):
        args=self.args
        have_arg=args.has_key
        name=self.__name__

        val=self.expr

        if val is None:
            if md.has_key(name):
                if have_arg('url'):
                    val=md.getitem(name,0)
                    val=val.absolute_url()
                else:
                    val = md[name]
            else:
                if have_arg('missing'):
                    return args['missing']
                else:
                    raise KeyError, name
        else:
            val=val.eval(md)
            if have_arg('url'): val=val.absolute_url()

        __traceback_info__=name, val, args

        if have_arg('null') and not val and val != 0:
            # check for null (false but not zero, including None, [], '')
            return args['null']


        # handle special formats defined using fmt= first
        if have_arg('fmt'):
            _get = getattr(md, 'guarded_getattr', None)
            if _get is None:
                _get = getattr

            fmt=args['fmt']
            if have_arg('null') and not val and val != 0:
                try:
                    if hasattr(val, fmt):
                        val = _get(val, fmt)()
                    elif special_formats.has_key(fmt):
                        if fmt == 'html-quote' and \
                           isinstance(val, TaintedString):
                            # TaintedStrings will be quoted by default, don't
                            # double quote.
                            pass
                        else:
                            val = special_formats[fmt](val, name, md)
                    elif fmt=='': val=''
                    else:
                        if isinstance(val, TaintedString):
                            val = TaintedString(fmt % val)
                        else:
                            val = fmt % val
                except:
                    t, v= sys.exc_type, sys.exc_value
                    if hasattr(sys, 'exc_info'): t, v = sys.exc_info()[:2]
                    if val is None or not str(val): return args['null']
                    raise t, v

            else:
                # We duplicate the code here to avoid exception handler
                # which tends to screw up stack or leak
                if hasattr(val, fmt):
                    val = _get(val, fmt)()
                elif special_formats.has_key(fmt):
                    if fmt == 'html-quote' and \
                        isinstance(val, TaintedString):
                        # TaintedStrings will be quoted by default, don't
                        # double quote.
                        pass
                    else:
                        val = special_formats[fmt](val, name, md)
                elif fmt=='': val=''
                else:
                    if isinstance(val, TaintedString):
                        val = TaintedString(fmt % val)
                    else:
                        val = fmt % val

        # finally, pump it through the actual string format...
        fmt=self.fmt
        if fmt=='s':
            # Keep tainted strings as tainted strings here.
            if not isinstance(val, TaintedString):
                val=ustr(val)
        else:
            # Keep tainted strings as tainted strings here.
            wastainted = 0
            if isinstance(val, TaintedString): wastainted = 1
            val = ('%'+self.fmt) % (val,)
            if wastainted and '<' in val:
                val = TaintedString(val)

        # next, look for upper, lower, etc
        for f in self.modifiers:
            if f.__name__ == 'html_quote' and isinstance(val, TaintedString):
                # TaintedStrings will be quoted by default, don't double quote.
                continue
            val=f(val)

        if have_arg('size'):
            size=args['size']
            try: size=int(size)
            except: raise ValueError,(
                '''a <code>size</code> attribute was used in a <code>var</code>
                tag with a non-integer value.''')
            if len(val) > size:
                val=val[:size]
                l=val.rfind(' ')
                if l > size/2:
                    val=val[:l+1]
                if have_arg('etc'): l=args['etc']
                else: l='...'
                val=val+l

        if isinstance(val, TaintedString):
            val = val.quoted()

        return val