def execute(pagename, request): _ = request.getText actname = __name__.split('.')[-1] page = PageEditor(pagename, request) msg = '' oldtext = page.get_raw_body() everything_is_okay = 0 # kinda lame spam protection, but it should work pghash = hash(pagename.lower()) # be extra paranoid if (actname in config.excluded_actions or not request.user.may.edit(page) or # bot checks request.form.has_key('button_dont1_%s' % pghash) or request.form.has_key('button_dont2_%s' % pghash) or request.form.has_key('button_dont3_%s' % pghash) or request.form.has_key('button_dont4_%s' % pghash) or request.form.has_key('comment_dont_%s' % pghash) or not request.isPOST()): msg = _('You are not allowed to edit this page. ' '(An account is needed in most cases)') # check whether page exists at all elif not page.exists(): msg = _('This page does not exist.') # check whether the user clicked the delete button elif request.form.has_key('button_do_%s' % pghash) and \ request.form.has_key('comment_text_%s' % pghash): # check whether this is a valid renaming request (make outside # attacks harder by requiring two full HTTP transactions) comment_text = request.form.get('comment_text_%s' % pghash)[0] if request.user.anonymous: userId = request.user.ip else: if config.user_page_prefix: userId = '["%s%s"]' % (config.user_page_prefix, request.user.propercased_name) else: userId = '["%s"]' % request.user.propercased_name now = time.time() now_formatted = request.user.getFormattedDateTime(now, global_time=True) formatted_comment_text = comment_text + " --" + userId newtext = (oldtext + "------" + "\n" + "''" + ''.join(now_formatted) + "'' [[nbsp]] " + formatted_comment_text) page.saveText(newtext, '0', comment="Comment added.", action="COMMENT_MACRO") msg = _('Your comment has been added.') return page.send_page(msg)
def execute(pagename, request): _ = request.getText actname = __name__.split('.')[-1] page = PageEditor(pagename, request) msg = '' oldtext = page.get_raw_body() everything_is_okay = 0 # kinda lame spam protection, but it should work pghash = hash(pagename.lower()) # be extra paranoid if (actname in config.excluded_actions or not request.user.may.edit(page) or # bot checks request.form.has_key('button_dont1_%s' % pghash) or request.form.has_key('button_dont2_%s' % pghash) or request.form.has_key('button_dont3_%s' % pghash) or request.form.has_key('button_dont4_%s' % pghash) or request.form.has_key('comment_dont_%s' % pghash) or not request.isPOST() ): msg = _('You are not allowed to edit this page. ' '(An account is needed in most cases)') # check whether page exists at all elif not page.exists(): msg = _('This page does not exist.') # check whether the user clicked the delete button elif request.form.has_key('button_do_%s' % pghash) and \ request.form.has_key('comment_text_%s' % pghash): # check whether this is a valid renaming request (make outside # attacks harder by requiring two full HTTP transactions) comment_text = request.form.get('comment_text_%s' % pghash)[0] if request.user.anonymous: userId = request.user.ip else: if config.user_page_prefix: userId = '["%s%s"]' % (config.user_page_prefix, request.user.propercased_name) else: userId = '["%s"]' % request.user.propercased_name now = time.time() now_formatted = request.user.getFormattedDateTime( now, global_time=True) formatted_comment_text = comment_text + " --" + userId newtext = (oldtext + "------" + "\n" + "''" + ''.join(now_formatted) + "'' [[nbsp]] " + formatted_comment_text) page.saveText(newtext, '0', comment="Comment added.", action="COMMENT_MACRO") msg = _('Your comment has been added.') return page.send_page(msg)
def _addLocalWords(request): import types from Sycamore.PageEditor import PageEditor # get the new words as a string (if any are marked at all) try: newwords = request.form['newwords'] except KeyError: # no new words checked return newwords = ' '.join(newwords) # get the page contents lsw_page = PageEditor(request.config.page_local_spelling_words, request) words = lsw_page.get_raw_body() # add the words to the page and save it if words and words[-1] != '\n': words = words + '\n' lsw_page.saveText(words + '\n' + newwords, '0')
def _addLocalWords(request): import types from Sycamore.PageEditor import PageEditor # get the new words as a string (if any are marked at all) try: newwords = request.form['newwords'] except KeyError: # no new words checked return newwords = ' '.join(newwords) # get the page contents lsw_page = PageEditor(request.config.page_local_spelling_words, request) words = lsw_page.get_raw_body() # add the words to the page and save it if words and words[-1] != '\n': words = words + '\n' lsw_page.saveText(words + '\n' + newwords, '0')
def execute(pagename, request): _ = request.getText actname = __name__.split('.')[-1] page = PageEditor(pagename, request) msg = '' oldtext = page.get_raw_body().lower() events_page = Page("Events Board", request) # Do we want an RSS feed? if (request.form.has_key('rss') and request.form.get("rss")[0] == '1' and request.user.may.read(events_page)): request.http_headers(more_headers=[('Content-type', 'application/rss+xml')]) # added content-type header so the right mimetype goes out 2008/05/12 rtucker request.write(doRSS(request)) raise util.SycamoreNoFooter return # be extra paranoid elif (actname in config.excluded_actions or not request.user.valid or not request.user.may.edit(events_page) or not request.user.may.edit(page)): msg = _('You are not allowed to edit this page. ' '(You need an account in most cases)') # check to make sure the events macro is in the page elif string.find(oldtext,"[[events]]") == -1: msg = _('Not allowed to add an event') # check whether page exists at all elif not page.exists(): msg = _('This page does not exist.') # check whether the user filled out the form elif request.form.has_key('uid') and request.form.has_key('del'): if (request.form.get('del')[0] == "1" and request.user.may.admin(Page("Events Board", request))): # let's try and delete the event! uid = request.form.get('uid')[0] request.cursor.execute( "SELECT event_name from events where uid=%(uid)s", {'uid':uid}) name = request.cursor.fetchone()[0] request.cursor.execute( "DELETE from events where uid=%(uid)s", {'uid':uid}, isWrite=True) msg = 'Event "%s" <b>deleted</b>!' % name elif request.form.get('del')[0] == "1": uid = request.form.get('uid')[0] request.cursor.execute( "SELECT event_name from events where uid=%(uid)s", {'uid':uid}) name = request.cursor.fetchone()[0] request.cursor.execute( """DELETE from events where uid=%(uid)s and posted_by=%(username)s""", {'uid':uid, 'username':request.user.propercased_name}, isWrite=True) msg = 'Event "%s" <b>deleted</b>!' % name if config.memcache: request.mc.set("today_events", None) caching.updateRecentChanges(Page("Events Board", request)) elif (request.form.has_key('button') and request.form.has_key('event_text') and request.form.has_key('event_name') and request.form.has_key('event_location') and request.form.has_key('month') and request.form.has_key('day') and request.form.has_key('hour') and request.form.has_key('minute') and request.form.has_key('ticket')): # check whether this is a valid renaming request (make outside # attacks harder by requiring two full HTTP transactions) if not _checkTicket(request.form['ticket'][0]): msg = _('Please use the web interface to change the page!') else: event_text = request.form.get('event_text')[0] event_name = request.form.get('event_name')[0] event_location = request.form.get('event_location')[0] month = int(request.form.get('month')[0]) day = int(request.form.get('day')[0]) hour = int(request.form.get('hour')[0]) minute = int(request.form.get('minute')[0]) year = int(request.form.get('year')[0]) posted_by = request.user.propercased_name now = request.user.getFormattedDateTime(time.time(), global_time=True) # WE NEED TO VALIDATE THE TEXT AND THE OTHER FIELDS if (isValid(event_text, event_name, event_location, month, day, hour, minute, year) and not hasPassed(month, day, hour,minute, year, request)): event_time_unix = wikiutil.timeInTzToUTC( request.config.tz, (year, month, day, hour, minute, 0, 0)) writeEvent(request, event_text, event_name, event_location, event_time_unix, posted_by) msg = _('Your event has been added!') elif hasPassed(month,day,hour,minute,year,request): msg = _('Event time is in the past! ' 'Please choose a time in the future.') else: msg = _('Event <b>NOT</b> posted. ' 'You entered some invalid text into the form. ' 'No HTML is allowed.') else: msg = _('Please fill out all fields of the form.') return page.send_page(msg)
def execute(pagename, request): _ = request.getText actname = __name__.split('.')[-1] page = PageEditor(pagename, request) msg = '' oldtext = page.get_raw_body().lower() events_page = Page("Events Board", request) # Do we want an RSS feed? if (request.form.has_key('rss') and request.form.get("rss")[0] == '1' and request.user.may.read(events_page)): request.http_headers() request.write(doRSS(request)) raise util.SycamoreNoFooter return # be extra paranoid elif (actname in config.excluded_actions or not request.user.valid or not request.user.may.edit(events_page) or not request.user.may.edit(page)): msg = _('You are not allowed to edit this page. ' '(You need an account in most cases)') # check to make sure the events macro is in the page elif string.find(oldtext,"[[events]]") == -1: msg = _('Not allowed to add an event') # check whether page exists at all elif not page.exists(): msg = _('This page does not exist.') # check whether the user filled out the form elif request.form.has_key('uid') and request.form.has_key('del'): if (request.form.get('del')[0] == "1" and request.user.may.admin(Page("Events Board", request))): # let's try and delete the event! uid = request.form.get('uid')[0] request.cursor.execute( "SELECT event_name from events where uid=%(uid)s", {'uid':uid}) name = request.cursor.fetchone()[0] request.cursor.execute( "DELETE from events where uid=%(uid)s", {'uid':uid}, isWrite=True) msg = 'Event "%s" <b>deleted</b>!' % name elif request.form.get('del')[0] == "1": uid = request.form.get('uid')[0] request.cursor.execute( "SELECT event_name from events where uid=%(uid)s", {'uid':uid}) name = request.cursor.fetchone()[0] request.cursor.execute( """DELETE from events where uid=%(uid)s and posted_by=%(username)s""", {'uid':uid, 'username':request.user.propercased_name}, isWrite=True) msg = 'Event "%s" <b>deleted</b>!' % name if config.memcache: request.mc.set("today_events", None) caching.updateRecentChanges(Page("Events Board", request)) elif (request.form.has_key('button') and request.form.has_key('event_text') and request.form.has_key('event_name') and request.form.has_key('event_location') and request.form.has_key('month') and request.form.has_key('day') and request.form.has_key('hour') and request.form.has_key('minute') and request.form.has_key('ticket')): # check whether this is a valid renaming request (make outside # attacks harder by requiring two full HTTP transactions) if not _checkTicket(request.form['ticket'][0]): msg = _('Please use the web interface to change the page!') else: event_text = request.form.get('event_text')[0] event_name = request.form.get('event_name')[0] event_location = request.form.get('event_location')[0] month = int(request.form.get('month')[0]) day = int(request.form.get('day')[0]) hour = int(request.form.get('hour')[0]) minute = int(request.form.get('minute')[0]) year = int(request.form.get('year')[0]) posted_by = request.user.propercased_name now = request.user.getFormattedDateTime(time.time(), global_time=True) # WE NEED TO VALIDATE THE TEXT AND THE OTHER FIELDS if (isValid(event_text, event_name, event_location, month, day, hour, minute, year) and not hasPassed(month, day, hour,minute, year, request)): event_time_unix = wikiutil.timeInTzToUTC( request.config.tz, (year, month, day, hour, minute, 0, 0)) writeEvent(request, event_text, event_name, event_location, event_time_unix, posted_by) msg = _('Your event has been added!') elif hasPassed(month,day,hour,minute,year,request): msg = _('Event time is in the past! ' 'Please choose a time in the future.') else: msg = _('Event <b>NOT</b> posted. ' 'You entered some invalid text into the form. ' 'No HTML is allowed.') else: msg = _('Please fill out all fields of the form.') return page.send_page(msg)
def execute(pagename, request): _ = request.getText actname = __name__.split('.')[-1] page = PageEditor(pagename, request) pagetext = page.get_raw_body() msg = '' # be extra paranoid in dangerous actions if (actname in config.excluded_actions or not request.user.may.edit(page) or not request.user.may.delete(page)): msg = _('You are not allowed to rename pages in this wiki!') # check whether page exists at all elif not page.exists(): msg = _('This page is already deleted or was never created!') # check whether the user clicked the delete button elif (request.form.has_key('button') and request.form.has_key('newpagename') and request.form.has_key('ticket')): # check whether this is a valid renaming request (make outside # attacks harder by requiring two full HTTP transactions) if not _checkTicket(request.form['ticket'][0]): msg = _('Please use the interactive user ' 'interface to rename pages!') else: renamecomment = request.form.get('comment', [''])[0] # strip to ensure naming consistency newpagename = request.form.get('newpagename')[0].strip() if newpagename == pagename: return Page(pagename, request).send_page( msg="You can't rename a page to the name it already has!") try: newpage = PageEditor(newpagename, request) except Page.ExcessiveLength, msg: return Page(pagename, request).send_page(msg=msg) if len(renamecomment) > wikiaction.MAX_COMMENT_LENGTH: msg = _('Comments must be less than %s characters long.' % wikiaction.MAX_COMMENT_LENGTH) elif len(newpagename) > MAX_PAGENAME_LENGTH: msg = _('Page names must be less than %s characters long.' % MAX_PAGENAME_LENGTH) # check whether a page with the new name already exists elif (newpage.exists() and not (newpagename.lower() == pagename.lower())): msg = _('A page with the name "%s" already exists!') % ( newpagename) elif not wikiaction.isValidPageName(newpagename): msg = _('Invalid pagename: Only the characters A-Z, a-z, 0-9, ' '"$", "&", ",", ".", "!", "\'", ":", ";", " ", "/", ' '"-", "(", ")" are allowed in page names.') # we actually do a rename! else: if renamecomment: renamecomment = " (" + renamecomment + ")" if newpagename.lower() != pagename.lower(): page.saveText("#redirect %s" % newpagename, '0', comment='Renamed to "%s"' % newpagename, action='RENAME', force_save=True) # copy images over copy_files(pagename, newpagename, request) newpage.saveText(pagetext, '0', comment='Renamed from "%s"%s' % (pagename, renamecomment), action="RENAME", proper_name=newpagename) msg = _('Page "%s" was successfully renamed to "%s"!') % ( pagename, newpagename) if newpagename.lower() != pagename.lower(): # check favorites because the redirect will # process before the bookmarks get updated if request.user.valid: request.user.checkFavorites(page) request.http_redirect( '%s/%s?action=show&redirect=%s' % (request.getScriptname(), wikiutil.quoteWikiname(newpagename), urllib.quote_plus(pagename.encode(config.charset), ''))) request.req_cache['pagenames'][( newpagename.lower(), request.config.wiki_name)] = newpagename # we clear so the new page name appears caching.CacheEntry(newpagename.lower(), request).clear() return else: request.req_cache['pagenames'][( newpagename.lower(), request.config.wiki_name)] = newpagename # we clear so the new page name appears caching.CacheEntry(newpagename.lower(), request).clear() return newpage.send_page(msg)
def execute(pagename, request): _ = request.getText actname = __name__.split('.')[-1] page = PageEditor(pagename, request) pagetext = page.get_raw_body() msg = '' # be extra paranoid in dangerous actions if (actname in config.excluded_actions or not request.user.may.edit(page) or not request.user.may.delete(page)): msg = _('You are not allowed to rename pages in this wiki!') # check whether page exists at all elif not page.exists(): msg = _('This page is already deleted or was never created!') # check whether the user clicked the delete button elif (request.form.has_key('button') and request.form.has_key('newpagename') and request.form.has_key('ticket')): # check whether this is a valid renaming request (make outside # attacks harder by requiring two full HTTP transactions) if not _checkTicket(request.form['ticket'][0]): msg = _('Please use the interactive user ' 'interface to rename pages!') else: renamecomment = request.form.get('comment', [''])[0] # strip to ensure naming consistency newpagename = request.form.get('newpagename')[0].strip() if newpagename == pagename: return Page(pagename, request).send_page( msg="You can't rename a page to the name it already has!") try: newpage = PageEditor(newpagename, request) except Page.ExcessiveLength, msg: return Page(pagename, request).send_page(msg=msg) if len(renamecomment) > wikiaction.MAX_COMMENT_LENGTH: msg = _('Comments must be less than %s characters long.' % wikiaction.MAX_COMMENT_LENGTH) elif len(newpagename) > MAX_PAGENAME_LENGTH: msg = _('Page names must be less than %s characters long.' % MAX_PAGENAME_LENGTH) # check whether a page with the new name already exists elif (newpage.exists() and not (newpagename.lower() == pagename.lower())): msg = _('A page with the name "%s" already exists!') % ( newpagename) elif not wikiaction.isValidPageName(newpagename): msg = _('Invalid pagename: Only the characters A-Z, a-z, 0-9, ' '"$", "&", ",", ".", "!", "\'", ":", ";", " ", "/", ' '"-", "(", ")" are allowed in page names.') # we actually do a rename! else: if renamecomment: renamecomment = " (" + renamecomment + ")" if newpagename.lower() != pagename.lower(): page.saveText("#redirect %s" % newpagename, '0', comment='Renamed to "%s"' % newpagename, action='RENAME', force_save=True) # copy images over copy_files(pagename, newpagename, request) newpage.saveText(pagetext, '0', comment='Renamed from "%s"%s' % (pagename, renamecomment), action="RENAME", proper_name=newpagename) msg = _('Page "%s" was successfully renamed to "%s"!') % ( pagename,newpagename) if newpagename.lower() != pagename.lower(): # check favorites because the redirect will # process before the bookmarks get updated if request.user.valid: request.user.checkFavorites(page) request.http_redirect('%s/%s?action=show&redirect=%s' % ( request.getScriptname(), wikiutil.quoteWikiname(newpagename), urllib.quote_plus(pagename.encode(config.charset), ''))) request.req_cache['pagenames'][ (newpagename.lower(), request.config.wiki_name)] = newpagename # we clear so the new page name appears caching.CacheEntry(newpagename.lower(), request).clear() return else: request.req_cache['pagenames'][ (newpagename.lower(), request.config.wiki_name)] = newpagename # we clear so the new page name appears caching.CacheEntry(newpagename.lower(), request).clear() return newpage.send_page(msg)