Exemple #1
0
def _tweet_for_template(tweet, https=False):
    """Return the dict needed for tweets.html to render a tweet + replies."""
    data = json.loads(tweet.raw_json)

    parsed_date = parsedate(data["created_at"])
    date = datetime(*parsed_date[0:6])

    # Recursively fetch replies.
    if settings.CC_SHOW_REPLIES:
        # If ever slow, optimize to do fewer queries.
        replies = _get_tweets(limit=0, reply_to=tweet, https=https)
    else:
        replies = None

    if https:
        img = bleach.clean(data["profile_image_url_https"])
    else:
        img = bleach.clean(data["profile_image_url"])

    return {
        "profile_img": img,
        "user": bleach.clean(data["from_user"]),
        "text": bleach.clean(data["text"]),
        "id": tweet.pk,
        "date": date,
        "reply_count": len(replies) if replies else 0,
        "replies": replies,
        "reply_to": tweet.reply_to and tweet.reply_to.pk,
        "hidden": tweet.hidden,
    }
Exemple #2
0
def _tweet_for_template(tweet, https=False):
    """Return the dict needed for tweets.html to render a tweet + replies."""
    data = json.loads(tweet.raw_json)
    parsed_date = parsedate(data['created_at'])
    date = datetime(*parsed_date[0:6])

    # Recursively fetch replies.
    if settings.CC_SHOW_REPLIES:
        # If ever slow, optimize to do fewer queries.
        replies = _get_tweets(limit=0, reply_to=tweet, https=https)
    else:
        replies = None

    if 'from_user' in data:  # For tweets collected using v1 API
        user_data = data
        from_user = data['from_user']
    else:
        user_data = data['user']
        from_user = user_data['screen_name']

    if https:
        img = bleach.clean(user_data['profile_image_url_https'])
    else:
        img = bleach.clean(user_data['profile_image_url'])

    return {'profile_img': img,
            'user': from_user,
            'text': bleach.clean(data['text']),
            'id': tweet.pk,
            'date': date,
            'reply_count': len(replies) if replies else 0,
            'replies': replies,
            'reply_to': tweet.reply_to and tweet.reply_to.pk,
            'hidden': tweet.hidden}
def get_player_opponents(player_id, tournament_id, same_wins=True):
    """Returns a player's id possible opponents.

    Args:
      player_id: the player's id.
      tournament_id: the tournament' id.
      same_wins: if should search opponents with same number of wins or not

    Returns:
      opponents: the player's possible opponents ids.
    """
    conn = connect()
    c = conn.cursor()
    if same_wins is True:
        query = "SELECT a.p_id AS a_id, b.p_id AS b_id, b.name AS b_name, " \
                "a.wins FROM standings AS a LEFT JOIN standings AS b " \
                "ON a.p_id <> b.p_id AND a.t_id = b.t_id " \
                "WHERE a.wins = b.wins AND a.p_id = %s AND a.t_id = %s;"
    else:  # Get opponents with one win less than player
        query = "SELECT a.p_id AS a_id, b.p_id AS b_id, b.name AS b_name, " \
                "b.wins FROM standings AS a LEFT JOIN standings AS b " \
                "ON a.p_id <> b.p_id AND a.t_id = b.t_id " \
                "WHERE b.wins = a.wins-1 AND a.p_id = %s AND a.t_id = %s;"
    c.execute(query, (bleach.clean(player_id), bleach.clean(tournament_id),))
    opponents = [(row[1], row[2]) for row in c.fetchall()]
    conn.commit()
    conn.close()
    return opponents
Exemple #4
0
def registerPlayer(name, tournament=1):
    """Adds a player to the tournament database.

    The database assigns a unique serial id number for the player.  (This
    should be handled by your SQL database schema, not in your Python code.)

    Args:
      name: the player's full name (need not be unique).
    """
    ##Added support for multiple tournaments; players not assigned
    ##Will be added to tournament id 1 (generic pool)

    ##Ensure db data stays clean in case of future web enablement
    bleach.clean(name)
    DB = psycopg2.connect("dbname = tournament")
    c = DB.cursor()
    if tournament is not 1:
        c.execute("INSERT INTO players (name,tid)\
                   VALUES (%s,%s) returning pid;", (name, tournament,))
        DB.commit()
        pid = c.fetchone()[0]
        DB.close()
        return pid
    if tournament is 1:
        c.execute("INSERT INTO players (name,tid) \
                   VALUES (%s,%s);", (name, tournament,))
        DB.commit()
        DB.close()
Exemple #5
0
	def hydrate(self, bundle):
		# 요청이 POST일 때만 로그인아이디 -> author로 지정
		# 요청이 PATCH일 때도 적용하면 다른 사람 노트를 수정할 수도 있음
		if "POST" in str(bundle.request):
			bundle.data['author'] = '/api/v1/user/' + str(bundle.request.user.id)

		if bundle.data['parent'] == None or bundle.data['parent'] == "#":
			bundle.data['parent'] = None
		else:
			bundle.data['parent'] = '/api/v1/note/' + str(bundle.data['parent'])

		# bleach.clean
		#제목
		bundle.data['text'] = bleach.clean(bundle.data['text'], strip=True)

		#본문
		if bundle.data['content']:
			bundle.data['content'] = bundle.data['content'].replace("\t","&nbsp;&nbsp;&nbsp;&nbsp;")
			bundle.data['content'] = bleach.clean(
				bundle.data['content'],
				tags=['br', 'div', 'span', 'p', 'pre', 'code', 'blockquote', 'a', 'img', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ul', 'ol', 'li', 'table', 'tr', 'td', 'b', 'strong', 'u', 'i', 'em'],
				attributes={
					'*': ['class', 'src', 'href'],
					# '*': ['class', 'style'],
				},
				# styles=['color', 'background', 'background-color', 'font-size', 'font-weight'],
				strip=True
			)
		return bundle
def test_unclosed_tag():
    eq_('&lt;script src="http://xx.com/xss.js&amp;lt;b"&gt;',
        clean('<script src=http://xx.com/xss.js<b>'))
    eq_('&lt;script src="http://xx.com/xss.js" &lt;b=""&gt;',
        clean('<script src="http://xx.com/xss.js"<b>'))
    eq_('&lt;script src="http://xx.com/xss.js" &lt;b=""&gt;',
        clean('<script src="http://xx.com/xss.js" <b>'))
Exemple #7
0
def notes_detail(key):
    """
    Retrieve, update or delete note instances.
    """
    note = Note.query.get(key)

    if request.method == 'PUT':
        text = str(request.data.get('text', ''))
        if note:
            note.text = bleach.clean(text)
        else:
            note = Note(
                text=bleach.clean(text)
            )
        db.session.add(note)
        db.session.commit()
        return note.to_json()

    elif request.method == 'DELETE':
        note.deleted = True
        db.session.add(note)
        db.session.commit()
        return '', status.HTTP_204_NO_CONTENT

    # request.method == 'GET'
    if not note:
        raise exceptions.NotFound()
    return note.to_json()
def AddPost(content):
    conn = psycopg2.connect("dbname=forum")
    cur = conn.cursor()
    bleach.clean(content)
    cur.execute("INSERT INTO posts (content) VALUES (%s)", (content,))
    conn.commit()
    conn.close()
Exemple #9
0
def parse():
    my_text = codecs.decode(get_text(), 'windows-1255').splitlines()
    root, chapter, titles = [], [], []
    found_beginning = False
    for line in my_text:

        if re.search(u'^ ?<b>', line):
            if found_beginning:
                root.append([u'{}.'.format(i) if not re.search(u':(>)?$', i) else i for i in chapter])
                chapter = []
            else:
                found_beginning = True
            chapter.append(bleach.clean(line, tags=['b'], strip=True))
            titles.append(bleach.clean(line, tags=[], strip=True))

        elif found_beginning:
            my_line = bleach.clean(line, tags=[], strip=True)
            if my_line.isspace() or len(my_line) == 0:
                continue
            my_line = re.sub(u'(\n|\r)', u'', my_line)
            chapter.extend(filter(lambda x: x if len(x) > 0 else None, my_line.split(u'.')))

        else:
            continue
    else:
        root.append(chapter)  # don't forget to add last chapter
    assert (len(root) == len(titles))
    return {
        'text': root,
        'titles': titles
    }
Exemple #10
0
def itemDelete():
    """
    Deletes an item owned by the current user
    """
    state = request.values.get('state')
    if not check_nonce(state):
        return bad_request_error()

    cat_name = bleach.clean(request.values.get("item_delete_parent"))
    cat = dal.get_category_by_name(cat_name)
    if not cat:
        return not_found_error()

    active_user = get_active_user()
    if not active_user:
        return not_authenticated_error()

    item_name = bleach.clean(request.values.get("item_delete_name"))
    item = dal.get_item_by_name(cat.cat_id, item_name)
    if not item:
        return not_found_error()

    if active_user.user_id != item.creator_id:
        return not_authorized_error()

    # All checks passed
    generate_nonce()
    dal.delete_item(item.item_id)
    return redirect("/")
def get_job_links(job, max_sites=3):
    if hasattr(job, 'is_approved') and not job.is_approved:
        return ''

    locations = job.locations.all()

    sites = job.on_sites()
    domains = [site.domain for site in sites]

    title_slug = bleach.clean(slugify(job.title))

    base_url = 'http://{domain}/{loc_slug}/{title_slug}/{guid}/job/'
    href_tag = '<a href="{url}">{domain}</a>'
    urls = []
    for domain in domains:
        for location in locations:
            loc_slug = bleach.clean(slugify(u'{city}, {state}'.format(
                city=location.city, state=location.state_short)))
            job_url = base_url.format(domain=domain, loc_slug=loc_slug,
                                      title_slug=title_slug, guid=location.guid)

            urls.append(href_tag.format(url=job_url, domain=domain))
    url_html = mark_safe("<br/>".join(urls[:max_sites]))
    if max_sites and len(urls) > max_sites:
        url_html = mark_safe("%s <br/>..." % url_html)
    return url_html
Exemple #12
0
def editItem(id):
    """
    Logged in User attempts to edit an item

    :param id: unique identifier of the item
    :return: GET : Renders Edit Item form
             POST: Adds item to database and redirects user
    """
    item = Item.query.filter_by(id=id).first()

    # Abort if logged in user is not the owner of the page
    if int(current_user.get_id()) != item.owner_id:
        abort(403);

    form = EditForm(id=id, name=item.name, description=item.description)
    if form.validate_on_submit():
        item.name = bleach.clean(form.name.data)
        item.description = bleach.clean(form.description.data)

        db.session.add(item)
        db.session.commit()

        return redirect(url_for('main.dashboard'))

    return render_template('main/editItem.html', form=form)
Exemple #13
0
def test_valid_css():
    """The sanitizer should fix missing CSS values."""
    styles = ['color', 'float']
    eq_('<p style="float: left;">foo</p>',
        clean('<p style="float: left; color: ">foo</p>', styles=styles))
    eq_('<p style="">foo</p>',
        clean('<p style="color: float: left;">foo</p>', styles=styles))
def registerPlayer(tournament_name, player_name):
    """
    Adds a player to the tournament database.
    Args:
        tournament_name: name of the tournament player belongs
        player_name: the player's full name (need not be unique).
    """
    # sql statement
    sql = "SELECT tournament_id FROM tournament WHERE tournament_name=%(tournament_name)s;"

    # use bleach to
    # escapes or strips markup and attributes
    tournament_name = bleach.clean(tournament_name)

    # execute sql to get tournament_id
    tournament_id = int(_exeSql(sql, {'tournament_name': tournament_name})[0][0])

    # use bleach to
    # escapes or strips markup and attributes
    player_name = bleach.clean(player_name)

    # sql statement
    sql = "INSERT INTO player(tournament_id, player_name) VALUES(%(tournament_id)s, %(player_name)s);"

    # execute sql
    _exeSql(sql, {'tournament_id': tournament_id, 'player_name': player_name})
def editItem(category_id, item_id):
    if 'username' not in login_session:
        return redirect('/login')
    category = session.query(Category).filter_by(id=category_id).one()
    editedItem = session.query(Item).filter_by(id=item_id).one()
    if request.method == 'POST':
        file = request.files['image']
        if file and allowed_file(file.filename):
            filename = secure_filename(file.filename)
            file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
        if request.form['name']:
            editedItem.name = bleach.clean(request.form['name'])
        if request.form['image']:
            editedItem.image = url_for('uploaded_file', filename=filename)
        if request.form['description']:
            editedItem.image = bleach.clean(request.form['description'])
        if request.form['date']:
            editedItem.date = bleach.clean(request.form['date'])
        session.add(editedItem)
        flash('Item successfully edited!')
        session.commit()
        return redirect(url_for('showItems', category_id=category_id))
    return render_template('editItem.html',
                           item=editedItem,
                           category_id=category_id)
Exemple #16
0
def post_link():
	'''
	Performed when a link is POSTed.
	Inserts the (sanitized) data into the database. The description is parsed as Markdown
	and saved in HTML, while allowing a few attributes
	------------------
	NOTE: `request` is global and is implicitly passed as a parameter. It would probably
	be better to pass the data as a param for testing purposes.
	------------------
	NOTE: Maybe save the raw data as Markdown and only render it once needed ? Makes editing 
	posts easier, but puts more load on the server.
	'''
	allowed_tags = ("p", "h1", "h2", "h3", "h4", "h5", "h6", "b", "em", "small", "code", "i", "pre", "strong", "table", 'thead', 'tbody', 'th', 'tr', 'td', 'ul', 'ol', 'li', 'input')
	allowed_attrs = ('type', 'disabled', 'checked')

	title = bleach.clean(request.form['title'])
	desc  = bleach.clean(request.form['desc'], tags=allowed_tags, attributes=allowed_attrs)
	url   = bleach.clean(request.form["url"])
	timestamp  = time.time()
	tags = []

	post = Link(title, url, desc, timestamp)
	post.set_tags(bleach.clean(request.form['tags']))

	post.write()
	return redirect("/")
Exemple #17
0
def context_dict(revision):
    """Return a dict that fills in the blanks in KB notification templates."""
    document = revision.document
    if revision.document.current_revision is not None:
        fromfile = u'[%s] %s #%s' % (revision.document.locale,
                                     revision.document.title,
                                     revision.document.current_revision.id)
        tofile = u'[%s] %s #%s' % (revision.document.locale,
                                   revision.document.title,
                                   revision.id)

        diff = clean(u''.join(difflib.unified_diff(
                                 revision.document.current_revision.\
                                    content.splitlines(1),
                                 revision.content.splitlines(1),
                                 fromfile=fromfile, tofile=tofile)),
                    ALLOWED_TAGS, ALLOWED_ATTRIBUTES)
    else:
        diff = ''  # No based_on, so diff wouldn't make sense.

    return {
        'document_title': document.title,
        'creator': revision.creator,
        'host': Site.objects.get_current().domain,
        'diff': diff,
        'fulltext': clean(revision.content, ALLOWED_TAGS, ALLOWED_ATTRIBUTES)}
Exemple #18
0
def userUpdateSettings():
  if request.method == 'POST':
    form = UserSettingsForm(request.form)
    if form.validate():
      user = current_user
      user.firstName = bleach.clean(form.firstName.data)
      user.lastName = bleach.clean(form.lastName.data)
      if form.email.data == "None":
        user.email = None
      else:
        user.email = bleach.clean(form.email.data)

      f = request.files.getlist('photo')[0]
      if len(f.filename) > 0:
        if user.photoName != None:
          #Remove the existing photo
          os.remove(getUserPhotoPath(user))
        #We have to upload a new photo
        photoName = secure_filename(f.filename)
        name, extension = os.path.splitext(photoName)
        ensurePathExists(getUserPhotoDir())
        f.save(os.path.join(getUserPhotoDir(), str(g.user.id)+extension))
        user.photoName = str(g.user.id)+extension

      user.save()
      flash("Updated user information", "success")
      return redirect(url_for('userSettings'))
Exemple #19
0
 def wrapper(request, *args, **kwargs):
     request.GET = request.GET.copy()  #  see https://stackoverflow.com/questions/18930234/django-modifying-the-request-object/18931697
     for k, v in request.GET.items():
         request.GET[k] = bleach.clean(v)
     args = map(lambda a: bleach.clean(a) if isinstance(a, basestring) else a, args)  # while we're at it, clean any other vars passed
     result = func(request, *args, **kwargs)
     return result
Exemple #20
0
 def compile(self, text_start, text_end, target_element_id):
     brief = self.escape_braces(text_start)
     text_end = self.escape_braces(text_end)
     brief = bleach.clean(brief, tags=self.ALLOWED_ELEMENTS, attributes=self.ALLOWED_ATTRIBUTES, strip=True)
     text_end = bleach.clean(text_end, tags=self.ALLOWED_ELEMENTS, attributes=self.ALLOWED_ATTRIBUTES, strip=True)
     full = self.concatenate_full(brief, text_end, target_element_id)
     return brief, full
def registerPlayer(name, email):
    """Adds a player to the tournament database.
    The database assigns a unique serial id number for the player.  (This
    should be handled by your SQL database schema, not in your Python code.)
    *   Arguments:
            *   name: the player's full name (need not be unique).
            *   email: the email address of the player.
    """
    try:
        DB = connect()
        player_cursor = DB.cursor()
        name = bleach.clean(name)
        email = bleach.clean(email)
        player_cursor.execute(
            """insert into players (player_name,player_email)
            values (%s, %s) RETURNING player_id;;""",
            (name, email),
        )
        player_id = player_cursor.fetchone()[0]
        DB.commit()
        DB.close()
        return player_id
    except:
        printErrorDetails(
            sys.exc_info(),
            """There was an error registerPlayer player
             [registerPlayer]!""",
        )
        DB.rollback()
        DB.close()
Exemple #22
0
def upload_form(request):
	#if not request.user.is_authenticated():
	#	return HttpResponseRedirect('/login/')
	form = News_form()
	usr = request.user
	groups = getGroupsWithUser(usr)
	if request.method == 'POST':
		form = News_form(request.POST)
		if form.is_valid():
			# process the data in form.cleaned_data
			ni = News_item()
			ni.headline = form.cleaned_data['headline']
			ni.date = form.cleaned_data['date']
			ni.shortdesc = bleach.clean(form.cleaned_data['shortdesc'], tags=settings.BLEACH_ALLOWED_TAGS)
			ni.content = bleach.clean(form.cleaned_data['content'], tags=settings.BLEACH_ALLOWED_TAGS)
			ni.group = form.cleaned_data['group']
			ni.save()
			
			return render_to_response('news/upload-show.html', {
				'headline':form.cleaned_data['headline'],
				'date':form.cleaned_data['date'],
				'shortdesc':form.cleaned_data['shortdesc'],
				'content':form.cleaned_data['content']
			}, context_instance=RequestContext(request))
	else:
		form = News_form()
		gids = [user_group.id for user_group in groups if usr.has_group_perm(user_group, 'Can add gus_news')]
		form.fields['group'].queryset = gus_group.objects.filter(pk__in=gids)
	return render_to_response('news/upload.html', {
		'form':form
	}, context_instance=RequestContext(request))
Exemple #23
0
 def on_changed_body(target, value, oldvalue, initiator):
     allowed_tags = ['a', 'abbr', 'b', 'blockquote', 'code', 'em', 'i', 'li', 'ol',
                     'ul', 'pre', 'strong', 'h1', 'h2', 'h3', 'p']
     target.body_html = bleach.linkify(bleach.clean(markdown(value, output_format='html'),
                                                    tags=allowed_tags, strip=True))
     target.body_abstract = bleach.linkify(bleach.clean(markdown(value, output_format='html'),
                                                     tags=['p'], strip=True))
Exemple #24
0
def _parse_offer_form(request, game):
    commodity_hand = commodities_in_hand(game, request.user)
    rule_hand = rules_in_hand(game, request.user) # include rules reserved for another trade as they are errors that have to be detected

    offer_form = OfferForm(request.POST, commodities = commodity_hand, rulecards = rule_hand)
    offer_valid = offer_form.is_valid() # fill the cleaned_data array

    errors = offer_form.non_field_errors()

    selected_commodities = {}
    for cih in commodity_hand:
        nb_selected_cards = offer_form.cleaned_data['commodity_{0}'.format(cih.commodity_id)]
        selected_commodities[cih] = nb_selected_cards
        if nb_selected_cards > cih.nb_tradable_cards():
            errors.append(u"A commodity card in a pending trade can not be offered in another trade.")

    selected_rules = []
    for rih in rule_hand:
        if offer_form.cleaned_data['rulecard_{0}'.format(rih.id)]:
            selected_rules.append(rih)
            if rih.is_in_a_pending_trade():
                errors.append(u"A rule card in a pending trade can not be offered in another trade.")

    offer = Offer(free_information = bleach.clean(offer_form.cleaned_data['free_information'], tags = [], strip = True) or None, # 'or None' necessary to insert null (not empty) values
                  comment          = bleach.clean(offer_form.cleaned_data['comment'], tags = [], strip = True) or None)

    if not offer_valid or errors:
        raise FormInvalidException({'offer': offer,
                                    'selected_commodities': selected_commodities,
                                    'selected_rules': selected_rules,
                                    'offer_errors': errors})

    return offer, selected_commodities, selected_rules
Exemple #25
0
def render_input(v, use_markdown=False):
    """Tidy up user input and insert breaks for empty lines."""
    tags = ALLOWED_TAGS + config.getlist('general', 'extra_tags')
    attrs = ALLOWED_ATTRIBUTES

    # Drop any trailing empty lines.
    v = v.rstrip()

    if not v:
        return v

    if use_markdown:
        return bleach.clean(
            markdown.markdown(v, output_format='html5'),
            tags=tags, attributes=attrs)
    else:
        v = bleach.clean(v, tags=tags, attributes=attrs)
        out = ''

        for line in v.split('\n'):
            if not line.strip():
                out += '<br/>\n'
            else:
                out += line + '\n'

        return out
def task_add():
    try:
        name = bleach.clean(request.form['task-name'], tags=[])
        desc = bleach.clean(request.form['task-desc'], tags=descAllowedTags)
        category = int(request.form['task-category'])
        hint = request.form['task-hint']
        flag = request.form['task-flag']
        if not flag:
            return jsonify({'message': 'No flag set'}), 400
    except KeyError:
        return jsonify({'message': 'Form incorrect filled'}), 400
    else:
        tasks = db['tasks']
        task = dict(
                name=name,
                desc=desc,
                category=category,
                hint=hint,
                flag=flag)
        file = request.files['task-file']

        if file:
            task['file'] = store_file(file)
            #tasks.update(task, ['id'])

        task_id = tasks.insert(task)

        task = tasks.find_one(id=task_id)
        return jsonify(task), 200
def task_edit():
    try:
        tid = request.form['task-id']
        name = bleach.clean(request.form['task-name'], tags=[])
        desc = bleach.clean(request.form['task-desc'], tags=descAllowedTags)
        category = int(request.form['task-category'])
        hint = request.form['task-hint']
        flag = request.form['task-flag']
        if not flag:
            return jsonify({ 'message': 'No flag set' }), 400
    except KeyError:
        return jsonify({ 'message': 'Form incorrect filled' }), 400
    else:
        tasks = db['tasks']
        task = tasks.find_one(id=tid)
        task['name'] = name
        task['desc'] = desc
        task['category'] = category
        task['hint'] = hint
        task['flag'] = flag

        file = request.files['task-file']

        if file:
            filename = store_file(file)

            #remove old file
            if task['file']:
                delete_file(task['file'])

            task["file"] = filename

        tasks.update(task, ['id'])
        task = tasks.find_one(name = task["name"], flag = task["flag"])
        return jsonify(task), 200
Exemple #28
0
def addUser():
  '''
  Function Type: Callback-Redirect Function
  Purpose: Handle a CreateUserForm and create a new user in the course

  Inputs: None

  Forms Handled:
    CreateUserForm: Checks if the username exists. If it doesn't exist
    it will create a new user with the specified information.
  '''
  if request.method == "POST":
    form = CreateUserForm(request.form)
    if form.validate():
      try:
        u = User.objects.get(username=form.username.data)
        flash("Username already exists")
        return redirect(url_for('adminUsers'))
      except User.DoesNotExist:
        u = User()
        u.firstName = bleach.clean(form.firstName.data)
        u.lastName = bleach.clean(form.lastName.data)
        u.email = bleach.clean(form.email.data)
        u.username = form.username.data
        if form.password.data == "":
          u.setPassword("asdf")
        else:
          u.setPassword(form.password.data)
        u.save()
  return redirect(url_for('adminUsers'))
def competition_launch_submit(comp_id):
    """ Attempts to save competition and launch """
    competitions = db['competitions']
    competition = competitions.find_one(id=comp_id)
    if not competition:
        return redirect('/error/competition_not_found')

    try:
        name = bleach.clean(request.form['name'], tags=[])
        desc = bleach.clean(request.form['desc'], tags=descAllowedTags)
        date_start = request.form['date-start']
        date_end   = request.form['date-end']
    except KeyError:
        return jsonify({}), 400
    else:
        competition['name']       = name or competition['name']
        competition['desc']       = desc or competition['desc']
        competition['active']     = competition['active'] or ('launch-button' in request.form)
        competition['date_start'] = date_start or competition['date_start']
        competition['date_end']   = date_end   or competition['date_end']

        competitions.update(competition, ['id'])

        competition = competitions.find_one(id=comp_id)
        return jsonify(competition), 200

    return jsonify({}), 200
Exemple #30
0
def editCandy(candy_id):
    editCandy = session.query(Candy).filter_by(id=candy_id).one()
    cats = session.query(Category).all()

    if 'username' not in login_session:
        flash("You must be connected to edit a candy.")
        return redirect('/login')

    if request.method == 'POST':
        if request.form['name']:
            editCandy.name = bleach.clean(request.form['name'])
        if request.form['description']:
            editCandy.description = bleach.clean(request.form['description'])
        if request.form['cavity']:
            editCandy.cavity = request.form['cavity']
            return redirect(
                url_for('seeOneCandy', candy_id=editCandy.id))

    elif 'username' in login_session:
        return render_template('editCandy.html', candy=editCandy,
                               categories=cats)

    else:
        flash("You must be connected to edit a candy.")
        return redirect('/login') 
Exemple #31
0
 def on_changed_body(target, value, oldvalue, initiator):
     allowed_tags = ['a', 'abbr', 'acronym', 'b', 'code', 'em', 'i',
                     'strong']
     target.body_html = bleach.linkify(bleach.clean(
         markdown(value, output_format='html'),
         tags=allowed_tags, strip=True))
Exemple #32
0
def moderatechallenge():
    currentDayOfMonthIndex = datetime.date.today().day
    lateCheckinGracePeriodIsInEffect = currentDayOfMonthIndex <= 3
    global commentHashesAndComments
    global submission
    commentHashesAndComments = {}
    stringio = StringIO()
    stringio.write('<html>\n<head>\n</head>\n\n')

    # redditSession = loginAndReturnRedditSession()
    redditSession = loginOAuthAndReturnRedditSession()
    submission = getSubmissionForRedditSession(redditSession)
    flat_comments = getCommentsForSubmission(submission)
    retiredHashes = retiredCommentHashes()
    i = 1
    stringio.write(
        '<iframe name="invisibleiframe" style="display:none;"></iframe>\n')
    stringio.write("<h3>")
    stringio.write(os.getcwd())
    stringio.write("<br>\n")
    stringio.write(submission.title)
    stringio.write("</h3>\n\n")
    stringio.write(
        '<form action="copydisplaytoclipboard.html" method="post" target="invisibleiframe">'
    )
    stringio.write(
        '<input type="submit" name="actiontotake" value="Copy display.py stdout to clipboard">'
    )
    stringio.write(
        '<input type="submit" name="actiontotake" value="Automatically post display.py stdout">'
    )
    stringio.write('</form>')
    stringio.write(
        '<form action="updategooglechart.html" method="post" target="invisibleiframe">'
    )
    stringio.write('<input type="submit" value="update-google-chart.py">')
    stringio.write('</form>')
    for comment in flat_comments:
        # print comment.is_root
        # print comment.score
        i += 1
        commentHash = sha1()
        commentHash.update(comment.permalink)
        commentHash.update(comment.body.encode('utf-8'))
        commentHash = commentHash.hexdigest()
        if commentHash not in retiredHashes:
            commentHashesAndComments[commentHash] = comment
            authorName = str(
                comment.author
            )  # can be None if author was deleted.  So check for that and skip if it's None.
            participant = ParticipantCollection().participantNamed(authorName)
            stringio.write("<hr>\n")
            stringio.write('<font color="blue"><b>')
            stringio.write(authorName)
            stringio.write('</b></font><br>')
            if ParticipantCollection().hasParticipantNamed(authorName):
                stringio.write(
                    ' <small><font color="green">(member)</font></small>')
                if participant.isStillIn:
                    stringio.write(
                        ' <small><font color="green">(still in)</font></small>'
                    )
                else:
                    stringio.write(
                        ' <small><font color="red">(out)</font></small>')
                if participant.hasCheckedIn:
                    stringio.write(
                        ' <small><font color="green">(checked in)</font></small>'
                    )
                else:
                    stringio.write(
                        ' <small><font color="orange">(not checked in)</font></small>'
                    )
                if participant.hasRelapsed:
                    stringio.write(
                        ' <small><font color="red">(relapsed)</font></small>')
                else:
                    stringio.write(
                        ' <small><font color="green">(not relapsed)</font></small>'
                    )
            else:
                stringio.write(
                    ' <small><font color="red">(not a member)</font></small>')
            stringio.write(
                '<form action="takeaction.html" method="post" target="invisibleiframe">'
            )
            if lateCheckinGracePeriodIsInEffect:
                stringio.write(
                    '<input type="submit" name="actiontotake" value="Checkin">'
                )
                stringio.write(
                    '<input type="submit" name="actiontotake" value="Signup and checkin" style="color:white;background-color:green">'
                )
            else:
                stringio.write(
                    '<input type="submit" name="actiontotake" value="Checkin" style="color:white;background-color:green">'
                )
                stringio.write(
                    '<input type="submit" name="actiontotake" value="Signup and checkin">'
                )
            stringio.write(
                '<input type="submit" name="actiontotake" value="Relapse" style="color:white;background-color:red">'
            )
            stringio.write(
                '<input type="submit" name="actiontotake" value="Reinstate with automatic comment">'
            )
            stringio.write(
                '<input type="submit" name="actiontotake" value="Reply with sorry-too-late comment">'
            )
            stringio.write(
                '<input type="submit" name="actiontotake" value="Skip comment">'
            )
            stringio.write(
                '<input type="submit" name="actiontotake" value="Skip comment and don\'t upvote">'
            )
            stringio.write('<input type="hidden" name="username" value="' +
                           b64encode(authorName) + '">')
            stringio.write('<input type="hidden" name="commenthash" value="' +
                           commentHash + '">')
            stringio.write(
                '<input type="hidden" name="commentpermalink" value="' +
                comment.permalink + '">')
            stringio.write('</form>')
            stringio.write(
                bleach.clean(markdown.markdown(comment.body.encode('utf-8')),
                             tags=['p']))
            stringio.write("\n<br><br>\n\n")
    stringio.write('</html>')
    pageString = stringio.getvalue()
    stringio.close()
    return Response(pageString, mimetype='text/html')
Exemple #33
0
    def xml_cleaning_method(self, method='escape_xml', **clean_kwargs):
        """Context manager to control how XML data tags are cleaned (escaped) to
        remove potentially unsafe characters or constructs.

        The default (``method='escape_xml'``) applies brute-force escaping of
        certain key XML characters like ``<``, ``>``, and ``&`` to ensure that
        the output is not valid XML.

        In order to explicitly allow certain XML tags (e.g. link reference or
        emphasis tags), use ``method='bleach_clean'``.  This sanitizes the data
        string using the ``clean`` function of the
        `bleach <https://bleach.readthedocs.io/en/latest/clean.html>`_ package.
        Any additional keyword arguments will be passed directly to the
        ``clean`` function.

        Finally, use ``method='none'`` to disable any sanitization. This should
        be used sparingly.

        Example::

          w = writer.XMLWriter(ListWriter(lines))
          with w.xml_cleaning_method('bleach_clean'):
              w.start('td')
              w.data('<a href="https://google.com">google.com</a>')
              w.end()

        Parameters
        ----------
        method : str
            Cleaning method.  Allowed values are "escape_xml",
            "bleach_clean", and "none".

        **clean_kwargs : keyword args
            Additional keyword args that are passed to the
            bleach.clean() function.
        """
        current_xml_escape_cdata = self.xml_escape_cdata

        if method == 'bleach_clean':
            # NOTE: bleach is imported locally to avoid importing it when
            # it is not nocessary
            try:
                import bleach
            except ImportError:
                raise ValueError(
                    'bleach package is required when HTML escaping is disabled.\n'
                    'Use "pip install bleach".')

            if clean_kwargs is None:
                clean_kwargs = {}
            self.xml_escape_cdata = lambda x: bleach.clean(x, **clean_kwargs)
        elif method == "none":
            self.xml_escape_cdata = lambda x: x
        elif method != 'escape_xml':
            raise ValueError(
                'allowed values of method are "escape_xml", "bleach_clean", and "none"'
            )

        yield

        self.xml_escape_cdata = current_xml_escape_cdata
Exemple #34
0
def safe_vendor_description(value):
    if isinstance(value, Undefined):
        return value
    if not settings.SHUUP_ADMIN_ALLOW_HTML_IN_VENDOR_DESCRIPTION:
        value = bleach.clean(value, tags=[])
    return mark_safe(value)
Exemple #35
0
def strip_tags(value):
    """Strips provided text of html tags"""
    return bleach.clean(value, tags=[],
                        strip=True).strip() if u'<' in value else value
Exemple #36
0
def devilry_escape_html(html):
    """
    Escape all html in the given ``html``.
    """
    return bleach.clean(html)
Exemple #37
0
def bleach_tags(text):
    return bleach.clean(text, tags=[], strip=True).replace('&amp;', '&')
Exemple #38
0
def safe_clean(text):
    tags = ['b', 'i', 'font', 'br', 'blockquote', 'div', 'h2', 'a', 'p']
    attrs = {'*': ['style', 'id', 'class'], 'font': ['color'], 'a': ['href']}
    styles = ['color']
    return Markup(clean(text, tags=tags, attributes=attrs, styles=styles))
Exemple #39
0
def cleank(txt):
    """Clean and link some user-supplied text."""
    return jinja2.Markup(bleach.linkify(bleach.clean(txt)))
Exemple #40
0
def submit_upload(request):
	current_profile_info = request.user
	if (not current_profile_info.is_anonymous()):
		current_profile_info = ProfileInfo.objects.get(user = current_profile_info)
		print(current_profile_info)
	else:
		current_profile_info = None

	try:
		# get main data for the Protocol model
		protocol_title = bleach.clean(request.POST['title'])
		protocol_desc = bleach.clean(request.POST['description'])
		protocol_changes = bleach.clean(request.POST['change-log'])

		protocol = Protocol(change_log = protocol_changes, title = protocol_title, description = protocol_desc, author = current_profile_info)

		protocol_cat = ""
		try:
			# get category and associate it with protocol
			protocol_cat = bleach.clean(request.POST['category'])
			cat = Category.objects.get(title = protocol_cat)
			protocol.category = cat
		except:
			pass

		# associate new protocol with previous revision if necessary
		try:
			previous_protocol_id = bleach.clean(request.POST['BranchFrom'])

			if (previous_protocol_id != -1):
				# set up previous revisions and first revision for new protocol
				prev_protocol = Protocol.objects.get(id = previous_protocol_id)
				protocol.previous_revision = prev_protocol
				if (prev_protocol.first_revision != None):
					protocol.first_revision = prev_protocol.first_revision
				else:
					protocol.first_revision = prev_protocol
		except:
			pass
		protocol.save()


		# save the steps now
		num_steps = 0

		# go over each available step
		number_to_check = int(bleach.clean(request.POST['number_to_check']))
		for x in range(0, number_to_check + 1):
			try:
				prefix = 'step' + str(x)
				number = int(bleach.clean(request.POST[prefix + '[number]']))
				description = bleach.clean(request.POST[prefix + '[description]'])

				time = 0
				warning = ""
				title = ""

				# try to pick up each individual part of each step
				try:
					warning = bleach.clean(request.POST[prefix + '[warning]'])
					print('found warning')
				except:
					warning = ""

				try:
					time = int(bleach.clean(request.POST[prefix + '[time]']))
				except:
					time = -1
				print(warning)
				ps = ProtocolStep(action = description, warning = warning, step_number = number, time = time, protocol = protocol)
				try:
					title = bleach.clean(request.POST[prefix + '[title]'])
					ps.title = title
				except:
					pass

				ps.save()
				num_steps = num_steps + 1
			except:
				# Means that the name doesn't exist
				print('error1')
				pass

		protocol.num_steps = num_steps


		# get any written-in reagents and save them
		protocol_rea = ""
		try:
			protocol_rea = bleach.clean(request.POST['text-reagents'])
		except:
			pass

		protocol.materials = protocol_rea

		protocol.save()

	except Exception as e:
		print('error2')
		print(e)
		pass

	context = {
		'title': 'ProtoCat - Submit Upload',
		'current_profile_info': current_profile_info,
	}
	return HttpResponseRedirect('/')
Exemple #41
0
def render_markdown_as_safe_html(message):
    html = markdown.markdown(message)

    return bleach.clean(html, tags=allowed_tags, strip=True)
Exemple #42
0
 def format(self, text):
     return smile_it(self._parser.convert(bleach.clean(text)))
Exemple #43
0
def scrubemail_filter(data, css_junk=''):
    return Markup(
        scrubemail(unicode(bleach.linkify(bleach.clean(data))),
                   rot13=True,
                   css_junk=css_junk))
Exemple #44
0
def clean_html_all(text):
    return bleach.clean(text, tags=[], attributes={}, styles=[], strip=True)
Exemple #45
0
def textify(text):
    """return a plain text copy of a possible html text"""
    return bleach.clean(text, strip = True, tags = [])
Exemple #46
0
def item_posting():

    # cursor = db.cursor()
    print(request.form)
    formsLen = len(request.form)
    images_path = []

    if 'lazyRegistration' in session:
        print('session file is: ', session_file)
        insertItemPost(session['item_name'], session['item_category'],
                       session['item_desc'], session['item_price'],
                       session['is_tradable'], session['item_images'],
                       session['sessionUser'], True)
        session_file.clear()
        session.pop('lazyRegistration')
        session.pop('lazyPage')
        print('Rediret from lazy login to home')
        # return render_template('home.html', sessionUser=session['sessionUser'], id=-1,categoryName="Catogory")
        return redirect("/")

    sessionUser = "" if 'sessionUser' not in session else session['sessionUser']
    # print("Session user", sessionUser)

    if request.method == "POST":
        if request.form:
            print("printing request form", request.form)

        if formsLen > 0:
            item_name = str(bleach.clean(request.form['item_title']))
            item_category = request.form['category']
            item_desc = str(bleach.clean(request.form['item_desc']))
            item_price = request.form['item_price']
            is_tradable = '0' if 'isTradable' not in request.form else request.form[
                'isTradable']  #str(1) if 'isTradable' in request.form else str(0)
            item_images = []
            if sessionUser == "":
                session['item_images'] = []

            # store image in separate folder as per category
            UPLOAD_FOLDER = 'static/images/' + item_category
            session['UPLOAD_FOLDER'] = UPLOAD_FOLDER

            for file in request.files.getlist('file'):
                if file.filename == '':
                    print('No file selected for uploading')
                else:
                    # session['item_image'].append(base64.b64encode(file.read()).decode('ascii'))
                    if sessionUser == "":
                        # session_file.append(file)

                        if file and allowed_file(file.filename):

                            filename = secure_filename(file.filename)

                    # unique filename
                        uuid_val = uuid.uuid1()
                        filename = str(uuid_val) + '.' + \
                            filename.rsplit('.', 1)[1].lower()
                        print(os.path.curdir)
                        file_path = os.path.join(session['UPLOAD_FOLDER'],
                                                 filename)
                        print("file path from item-posting post req is:",
                              file_path)
                        # file = open(file,"wr")
                        file.save(file_path)
                        session['item_images'].append(file_path)
                    else:
                        item_images.append(file)

            if sessionUser == "":
                session['lazyRegistration'] = True
                session['lazyPage'] = 'item-posting'
                session['item_name'] = item_name
                session['item_category'] = item_category
                session['item_desc'] = item_desc
                session['item_price'] = item_price
                session['is_tradable'] = is_tradable
                # session['item_userid'] =
                # session['item_images'] = None #item_images

                print("going to login?")
                return redirect("/login")

            else:
                # sessionUser = session['sessionUser']
                insertItemPost(item_name, item_category, item_desc, item_price,
                               is_tradable, item_images, sessionUser, False)

    if request.method == "GET":
        cursor = getCursor()[1]
        cursor.execute(query().fetchAllCategories())
        allCategories = cursor.fetchall()
        cursor.close()
        categories = [allCategories[i][0] for i in range(len(allCategories))]
        return render_template("item-posting.html", categories=categories)

    flash("Item Posted Successfully")

    return redirect('/')
Exemple #47
0
 def clean_tags(self):
     tags = [bleach.clean(t) for t in self.cleaned_data['tags']]
     return tags
Exemple #48
0
 def sanitize_data(self):
     ret = super(CommentSerializer, self).sanitize_data()
     content = self.validated_data.get('get_content', None)
     if content:
         ret['get_content'] = bleach.clean(content)
     return ret
Exemple #49
0
 def clean_description(self):
     return bleach.clean(self.cleaned_data['description'])
 def as_text(self):
     "Returns the body of the post after stripping the HTML tags"
     text = bleach.clean(self.content, tags=[], attributes=[], styles={}, strip=True)
     return text
Exemple #51
0
 def save(self, *args, **kwargs):
     self.text = bleach.clean(self.text, tags=[], strip=True)
     super(URLSource, self).save(*args, **kwargs)
Exemple #52
0
 def clean_name(self):
     return bleach.clean(self.cleaned_data['name'])
Exemple #53
0
 def save(self, *args, **kwargs):
     if self.pk is None and self.date is None:
         self.date = timezone.now()
     self.note = bleach.clean(self.note, strip=True, strip_comments=True)
     super().save(*args, **kwargs)
Exemple #54
0
 def get_searchable_content(self, value, data):
     return bleach.clean(data or '', tags=[], strip=True)
Exemple #55
0
def db_update_note(note: Note):
    note_dict = note.dict()
    note_dict["content"] = bleach.clean(note_dict["content"])
    notes.put(note_dict, urlsafe_key(note.name))
    return Note(**note_dict)
Exemple #56
0
 def save(self, **kwargs):
     self.description = bleach.clean(self.description,
                                     strip=True,
                                     strip_comments=True)
     super().save(**kwargs)
Exemple #57
0
def bleach_value(value):
    return bleach.clean(value, **bleach_args)
def remove_tags(text):
    """Thanks to http://stackoverflow.com/a/35880312"""
    return bleach.clean(text, tags=[], attributes={}, styles=[], strip=True)
Exemple #59
0
 def clean_content(self):
     return bleach.clean(self.cleaned_data['content'],
                         tags=self.allowed_tags,
                         attributes=self.allowed_attributes,
                         strip=True)
def moderatesignups():
    global commentHashesAndComments
    commentHashesAndComments = {}
    stringio = StringIO()
    stringio.write('<html>\n<head>\n</head>\n\n')

    # redditSession = loginAndReturnRedditSession()
    redditSession = loginOAuthAndReturnRedditSession()
    submissions = getSubmissionsForRedditSession(redditSession)
    flat_comments = getCommentsForSubmissions(submissions)
    retiredHashes = retiredCommentHashes()
    i = 1
    stringio.write(
        '<iframe name="invisibleiframe" style="display:none;"></iframe>\n')
    stringio.write("<h3>")
    stringio.write(os.getcwd())
    stringio.write("<br>\n")
    for submission in submissions:
        stringio.write(submission.title)
        stringio.write("<br>\n")
    stringio.write("</h3>\n\n")
    stringio.write(
        '<form action="copydisplayduringsignuptoclipboard.html" method="post" target="invisibleiframe">'
    )
    stringio.write(
        '<input type="submit" value="Copy display-during-signup.py stdout to clipboard">'
    )
    stringio.write('</form>')
    for comment in flat_comments:
        # print comment.is_root
        # print comment.score
        i += 1
        commentHash = sha1()
        commentHash.update(comment.fullname)
        commentHash.update(comment.body.encode('utf-8'))
        commentHash = commentHash.hexdigest()
        if commentHash not in retiredHashes:
            commentHashesAndComments[commentHash] = comment
            authorName = str(
                comment.author
            )  # can be None if author was deleted.  So check for that and skip if it's None.
            stringio.write("<hr>\n")
            stringio.write('<font color="blue"><b>')
            stringio.write(
                authorName
            )  # can be None if author was deleted.  So check for that and skip if it's None.
            stringio.write('</b></font><br>')
            if ParticipantCollection().hasParticipantNamed(authorName):
                stringio.write(
                    ' <small><font color="green">(member)</font></small>')
                # if ParticipantCollection().participantNamed(authorName).isStillIn:
                #    stringio.write(' <small><font color="green">(in)</font></small>')
                # else:
                #    stringio.write(' <small><font color="red">(out)</font></small>')
            else:
                stringio.write(
                    ' <small><font color="red">(not a member)</font></small>')
            stringio.write(
                '<form action="takeaction.html" method="post" target="invisibleiframe">'
            )
            stringio.write(
                '<input type="submit" name="actiontotake" value="Signup" style="color:white;background-color:green">'
            )
            # stringio.write('<input type="submit" name="actiontotake" value="Signup and checkin">')
            # stringio.write('<input type="submit" name="actiontotake" value="Relapse">')
            # stringio.write('<input type="submit" name="actiontotake" value="Reinstate">')
            stringio.write(
                '<input type="submit" name="actiontotake" value="Skip comment">'
            )
            stringio.write(
                '<input type="submit" name="actiontotake" value="Skip comment and don\'t upvote">'
            )
            stringio.write('<input type="hidden" name="username" value="' +
                           b64encode(authorName) + '">')
            stringio.write('<input type="hidden" name="commenthash" value="' +
                           commentHash + '">')
            # stringio.write('<input type="hidden" name="commentpermalink" value="' + comment.permalink + '">')
            stringio.write('</form>')

            stringio.write(
                bleach.clean(markdown.markdown(comment.body.encode('utf-8')),
                             tags=['p']))
            stringio.write("\n<br><br>\n\n")

    stringio.write('</html>')
    pageString = stringio.getvalue()
    stringio.close()
    return Response(pageString, mimetype='text/html')