Esempio n. 1
0
def _do_recover(request):
    _ = request.getText
    form = request.form
    if not request.cfg.mail_enabled:
        return _("""This wiki is not enabled for mail processing.
Contact the owner of the wiki, who can enable email.""")

    try:
        email = wikiutil.clean_input(form['email'].lower())
        if not email:
            # continue if email not given
            raise KeyError

        u = user.get_by_email_address(request, email)

        return _do_email(request, u)
    except KeyError:
        pass

    try:
        username = wikiutil.clean_input(form['name'])
        if not username:
            # continue if name not given
            raise KeyError

        u = user.User(request, user.getUserId(request, username))

        return _do_email(request, u)
    except KeyError:
        pass

    # neither succeeded, give error message
    return _("Please provide a valid email address or a username!")
Esempio n. 2
0
def _do_recover(request):
    _ = request.getText
    form = request.form
    if not request.cfg.mail_enabled:
        return _("""This wiki is not enabled for mail processing.
Contact the owner of the wiki, who can enable email.""")

    try:
        email = wikiutil.clean_input(form['email'].lower())
        if not email:
            # continue if email not given
            raise KeyError

        u = user.get_by_email_address(request, email)

        return _do_email(request, u)
    except KeyError:
        pass

    try:
        username = wikiutil.clean_input(form['name'])
        if not username:
            # continue if name not given
            raise KeyError

        u = user.User(request, user.getUserId(request, username))

        return _do_email(request, u)
    except KeyError:
        pass

    # neither succeeded, give error message
    return _("Please provide a valid email address or a username!")
Esempio n. 3
0
    def do_action(self):
        """ Load """
        status = False
        _ = self._
        form = self.form
        request = self.request

        comment = form.get('comment', [u''])[0]
        comment = wikiutil.clean_input(comment)

        filename = form.get('file__filename__')
        rename = form.get('rename', [''])[0].strip()
        if rename:
            target = rename
        else:
            target = filename

        target = AttachFile.preprocess_filename(target)
        target = wikiutil.clean_input(target)

        if target:
            filecontent = form['file'][0]
            if hasattr(filecontent, 'read'): # a file-like object
                filecontent = filecontent.read() # XXX reads complete file into memory!
            filecontent = wikiutil.decodeUnknownInput(filecontent)

            self.pagename = target
            pg = PageEditor(request, self.pagename)
            try:
                msg = pg.saveText(filecontent, 0, comment=comment)
                status = True
            except pg.EditConflict, e:
                msg = e.message
            except pg.SaveError, msg:
                msg = unicode(msg)
Esempio n. 4
0
    def do_action(self):
        form = values_to_form(self.request.values)

        template = form.get('template', [''])[0]
        template = wikiutil.clean_input(template).strip().split(',')
        new_template = old_template = None
        if len(template) > 0:
            new_template = template[0]
            if len(template) > 1:
                old_template = template[1]

        email = form.get('email', [u''])[0]
        email = wikiutil.clean_input(email).strip()
        if len(email) == 0:
            return False, "Please specify an email address."

        pagename = self.pagename
        try:
            if wikiutil.isGroupPage(pagename, self.request.cfg):
                myuser = invite_user_to_wiki(self.request, pagename, email,
                                             new_template, old_template)
                mygrouppage = pagename
            else:
                myuser = invite_user_to_page(self.request, pagename, email,
                                             new_template, old_template)
                mygrouppage = getattr(self.request.cfg, GROUP_DEFAULT_VARIABLE,
                                      GROUP_DEFAULT_DEFAULT)

            if mygrouppage:
                mycomment = "invited {0}.".format(myuser.email)
                try:
                    add_user_to_group(self.request,
                                      myuser,
                                      mygrouppage,
                                      comment=mycomment)
                except GroupException, ge:
                    tmp = "User invitation mail sent to address '%s', but could not add the user to group '%s': %s"
                    if myuser.email != email:
                        tmp += " Please note that the email address was converted to lowercase!"
                    return True, wikiutil.escape(
                        tmp % (email, mygrouppage, unicode(ge)))

                tmp = "User invitation mail sent to address '%s' and the user was added to group '%s'."
                if myuser.email != email:
                    tmp += " Please note that the email address was converted to lowercase!"

                return True, wikiutil.escape(tmp % (email, mygrouppage))

        except InviteException, ie:
            return False, wikiutil.escape(unicode(ie).encode(config.charset))
Esempio n. 5
0
    def do_action(self):
        """ Delete pagename """
        form = self.form
        comment = form.get('comment', [u''])[0]
        comment = wikiutil.clean_input(comment)

        # Create a page editor that does not do editor backups, because
        # delete generates a "deleted" version of the page.
        self.page = PageEditor(self.request, self.pagename, do_editor_backup=0)
        success, msgs = self.page.deletePage(comment)

        delete_subpages = 0
        if 'delete_subpages' in form:
            try:
                delete_subpages = int(form['delete_subpages'][0])
            except:
                pass

        if delete_subpages and self.subpages:
            for name in self.subpages:
                self.page = PageEditor(self.request, name, do_editor_backup=0)
                success_i, msg = self.page.deletePage(comment)
                msgs = "%s %s" % (msgs, msg)

        return success, msgs
Esempio n. 6
0
    def do_action(self):
        """ Rename this page to "pagename" """
        _ = self._
        form = self.form
        newpagename = form.get('newpagename', [u''])[0]
        newpagename = self.request.normalizePagename(newpagename)
        comment = form.get('comment', [u''])[0]
        comment = wikiutil.clean_input(comment)

        self.page = PageEditor(self.request, self.pagename)
        success, msgs = self.page.renamePage(newpagename, comment)

        rename_subpages = 0
        if 'rename_subpages' in form:
            try:
                rename_subpages = int(form['rename_subpages'][0])
            except:
                pass

        if rename_subpages and self.subpages:
            for name in self.subpages:
                self.page = PageEditor(self.request, name)
                new_subpagename = name.replace(self.pagename, newpagename, 1)
                success_i, msg = self.page.renamePage(new_subpagename, comment)
                msgs = "%s %s" % (msgs, msg)

        self.newpagename = newpagename # keep there for finish
        return success, msgs
Esempio n. 7
0
    def do_action(self):
        """ copy this page to "pagename" """
        _ = self._
        # Currently we only check TextCha for upload (this is what spammers ususally do),
        # but it could be extended to more/all attachment write access
        if not TextCha(self.request).check_answer_from_form():
            return status, _('TextCha: Wrong answer! Go back and try again...')

        form = self.form
        newpagename = form.get('newpagename', u'')
        newpagename = wikiutil.normalize_pagename(newpagename, self.cfg)
        comment = form.get('comment', u'')
        comment = wikiutil.clean_input(comment)

        self.page = PageEditor(self.request, self.pagename)
        success, msgs = self.page.copyPage(newpagename, comment)

        copy_subpages = 0
        try:
            copy_subpages = int(form['copy_subpages'])
        except:
            pass

        if copy_subpages and self.subpages or (not self.users_subpages
                                               and self.subpages):
            for name in self.subpages:
                self.page = PageEditor(self.request, name)
                new_subpagename = name.replace(self.pagename, newpagename, 1)
                success_i, msg = self.page.copyPage(new_subpagename, comment)
                msgs = "%s %s" % (msgs, msg)

        self.newpagename = newpagename  # keep there for finish
        return success, msgs
Esempio n. 8
0
    def do_action(self):
        """ copy this page to "pagename" """
        _ = self._
        # Currently we only check TextCha for upload (this is what spammers ususally do),
        # but it could be extended to more/all attachment write access
        if not TextCha(self.request).check_answer_from_form():
            return status, _('TextCha: Wrong answer! Go back and try again...')

        form = self.form
        newpagename = form.get('newpagename', u'')
        newpagename = wikiutil.normalize_pagename(newpagename, self.cfg)
        comment = form.get('comment', u'')
        comment = wikiutil.clean_input(comment)

        self.page = PageEditor(self.request, self.pagename)
        success, msgs = self.page.copyPage(newpagename, comment)

        copy_subpages = 0
        try:
            copy_subpages = int(form['copy_subpages'])
        except:
            pass

        if copy_subpages and self.subpages or (not self.users_subpages and self.subpages):
            for name in self.subpages:
                self.page = PageEditor(self.request, name)
                new_subpagename = name.replace(self.pagename, newpagename, 1)
                success_i, msg = self.page.copyPage(new_subpagename, comment)
                msgs = "%s %s" % (msgs, msg)

        self.newpagename = newpagename # keep there for finish
        return success, msgs
Esempio n. 9
0
def _create_user(request):
    collab_mode = getattr(request.cfg, 'collab_mode', False)
    _ = request.getText
    form = request.form

    if request.method != 'POST':
        return

    if not wikiutil.checkTicket(request, form.get('ticket', '')):
        return

    if not TextCha(request).check_answer_from_form():
        return _('TextCha: Wrong answer! Go back and try again...')

    # Create user profile
    theuser = user.User(request, auth_method="new-user")

    # Require non-empty name
    try:
        if collab_mode:
            name = wikiutil.clean_input(form.get('email', ['']))
            theuser.name = name.strip()
        else:
            theuser.name = form['name']
    except KeyError:
        return _("Empty user name. Please enter a user name.")

    # Don't allow creating users with invalid names
    if not user.isValidName(request, theuser.name):
        return _("""Invalid user name {{{'%s'}}}.
Name may contain any Unicode alpha numeric character, with optional one
space between words. Group page name is not allowed.""", wiki=True) % wikiutil.escape(theuser.name)

    # Name required to be unique. Check if name belong to another user.
    if user.getUserId(request, theuser.name):
        return _("This user name already belongs to somebody else.")

    # try to get the password and pw repeat
    password = form.get('password1', '')
    password2 = form.get('password2', '')

    # Check if password is given and matches with password repeat
    if password != password2:
        return _("Passwords don't match!")
    if not password:
        return _("Please specify a password!")

    pw_checker = request.cfg.password_checker
    if pw_checker:
        pw_error = pw_checker(request, theuser.name, password)
        if pw_error:
            return _("Password not acceptable: %s") % wikiutil.escape(pw_error)

    # Encode password
    try:
        theuser.enc_password = user.encodePassword(request.cfg, password)
    except UnicodeError, err:
        # Should never happen
        return "Can't encode password: %s" % wikiutil.escape(str(err))
Esempio n. 10
0
 def testCleanInput(self):
     tests = [(u"", u""), # empty
              (u"aaa\r\n\tbbb", u"aaa   bbb"), # ws chars -> blanks
              (u"aaa\x00\x01bbb", u"aaabbb"), # strip weird chars
              (u"a"*500, u""), # too long
             ]
     for instr, outstr in tests:
         assert wikiutil.clean_input(instr) == outstr
Esempio n. 11
0
    def do_action(self):
        form = values_to_form(self.request.values)

        template = form.get('template', [''])[0]
        template = wikiutil.clean_input(template).strip().split(',')
        new_template = old_template = None
        if len(template) > 0:
            new_template = template[0]
            if len(template) > 1:
                old_template = template[1]

        email = form.get('email', [u''])[0]
        email = wikiutil.clean_input(email).strip()
        if len(email) == 0:
            return False, "Please specify an email address."

        pagename = self.pagename
        try:
            if wikiutil.isGroupPage(pagename, self.request.cfg):
                myuser = invite_user_to_wiki(self.request, pagename, email, new_template, old_template)
                mygrouppage = pagename
            else:
                myuser = invite_user_to_page(self.request, pagename, email, new_template, old_template)
                mygrouppage = getattr(self.request.cfg, GROUP_DEFAULT_VARIABLE, GROUP_DEFAULT_DEFAULT)

            if mygrouppage:
                mycomment = "invited {0}.".format(myuser.email)
                try:
                    add_user_to_group(self.request, myuser, mygrouppage, comment=mycomment)
                except GroupException, ge:
                    tmp = "User invitation mail sent to address '%s', but could not add the user to group '%s': %s"
                    if myuser.email != email:
                        tmp += " Please note that the email address was converted to lowercase!"
                    return True, wikiutil.escape(tmp % (email, mygrouppage, unicode(ge)))

                tmp = "User invitation mail sent to address '%s' and the user was added to group '%s'."
                if myuser.email != email:
                    tmp += " Please note that the email address was converted to lowercase!"

                return True, wikiutil.escape(tmp % (email, mygrouppage))

        except InviteException, ie:
            return False, wikiutil.escape(unicode(ie).encode(config.charset))
Esempio n. 12
0
File: Load.py Progetto: aahlad/soar
    def do_action(self):
        """ Load """
        status = False
        _ = self._
        form = self.form
        request = self.request
        # Currently we only check TextCha for upload (this is what spammers ususally do),
        # but it could be extended to more/all attachment write access
        if not TextCha(request).check_answer_from_form():
            return status, _('TextCha: Wrong answer! Go back and try again...')

        comment = form.get('comment', u'')
        comment = wikiutil.clean_input(comment)

        file_upload = request.files.get('file')
        if not file_upload:
            # This might happen when trying to upload file names
            # with non-ascii characters on Safari.
            return False, _("No file content. Delete non ASCII characters from the file name and try again.")

        filename = file_upload.filename
        rename = form.get('rename', '').strip()
        if rename:
            target = rename
        else:
            target = filename

        target = wikiutil.clean_input(target)

        if target:
            filecontent = file_upload.stream.read() # XXX reads complete file into memory!
            filecontent = wikiutil.decodeUnknownInput(filecontent)

            self.pagename = target
            pg = PageEditor(request, self.pagename)
            try:
                msg = pg.saveText(filecontent, 0, comment=comment)
                status = True
            except pg.EditConflict, e:
                msg = e.message
            except pg.SaveError, msg:
                msg = unicode(msg)
Esempio n. 13
0
    def do_action(self):
        """ Load """
        status = False
        _ = self._
        form = self.form
        request = self.request
        # Currently we only check TextCha for upload (this is what spammers ususally do),
        # but it could be extended to more/all attachment write access
        if not TextCha(request).check_answer_from_form():
            return status, _('TextCha: Wrong answer! Go back and try again...')

        comment = form.get('comment', u'')
        comment = wikiutil.clean_input(comment)

        file_upload = request.files.get('file')
        if not file_upload:
            # This might happen when trying to upload file names
            # with non-ascii characters on Safari.
            return False, _("No file content. Delete non ASCII characters from the file name and try again.")

        filename = file_upload.filename
        rename = form.get('rename', '').strip()
        if rename:
            target = rename
        else:
            target = filename

        target = wikiutil.clean_input(target)

        if target:
            filecontent = file_upload.stream.read() # XXX reads complete file into memory!
            filecontent = wikiutil.decodeUnknownInput(filecontent)

            self.pagename = target
            pg = PageEditor(request, self.pagename)
            try:
                msg = pg.saveText(filecontent, 0, comment=comment)
                status = True
            except pg.EditConflict, e:
                msg = e.message
            except pg.SaveError, msg:
                msg = unicode(msg)
Esempio n. 14
0
    def __init__(self, pagename, request, **kw):
        ActionBase.__init__(self, pagename, request)
        self.getText = request.getText
        self.request = request
        self.use_ticket = True
        self.form_trigger = 'requestinvite'
        self.form_trigger_label = wikiutil.escape(kw.get('button_text', [self.getText('Send Request')])[0], True)
        self.querytext = kw.get('text', [self.getText('Send invite request for collab')])[0]

        form = values_to_form(self.request.values)
        collab = form.get('collab', [u''])[0]
        self.collab = wikiutil.clean_input(collab).strip()
Esempio n. 15
0
    def do_action(self):
        _ = self.request.getText

        pdata = self.request.graphdata.getpage(self.pagename)
        oldpagename = self.pagename

        success, msgs = RenamePageBasic.do_action(self)

        form = values_to_form(self.request.values)

        rename_links = 0
        if 'rename_links' in form:
            try:
                rename_links = int(form['rename_links'][0])
            except:
                pass

        if rename_links and success:
            newpagename = form.get('newpagename', [u''])[0]
            newpagename = wikiutil.normalize_pagename(newpagename, self.cfg)

            comment = form.get('comment', [u''])[0]
            comment = wikiutil.clean_input(comment)
            comment = "%s (%s)" % (comment, _("changed links:") +
                                   " %s -> %s" % (self.pagename, newpagename))

            # List pages that link to the renamed page
            pages = set()
            inlinks = self.request.graphdata.get_in(self.pagename)
            for type in inlinks:
                pages.update(inlinks[type])

            # Update listed pages
            for page in pages:
                # User rights _ARE_ checked here!
                if not self.request.user.may.write(page):
                    continue

                # If inlink rename of a single page does not work,
                # continue but make sure to emit a warning
                success_single, msg = self._inlink_rename(page, newpagename,
                                                          oldpagename, comment)
                if not success_single:
                    success = False

                if msg:
                    msgs = self._add_msg(msgs, msg)

            if not success:
                msgs = self._add_msg(msgs,
                         _(u'Other pages with inlinks renamed successfully.'))

        return success, msgs
Esempio n. 16
0
def _do_upload(pagename, request):
    _ = request.getText
    # Currently we only check TextCha for upload (this is what spammers ususally do),
    # but it could be extended to more/all attachment write access
    if not TextCha(request).check_answer_from_form():
        return _('TextCha: Wrong answer! Go back and try again...')

    form = request.form
    overwrite = form.get('overwrite', [u'0'])[0]
    try:
        overwrite = int(overwrite)
    except:
        overwrite = 0

    if not request.user.may.write(pagename):
        return _('You are not allowed to attach a file to this page.')

    if overwrite and not request.user.may.delete(pagename):
        return _('You are not allowed to overwrite a file attachment of this page.')

    filename = form.get('file__filename__')
    rename = form.get('rename', [u''])[0].strip()
    if rename:
        target = rename
    else:
        target = filename

    target = preprocess_filename(target)
    target = wikiutil.clean_input(target)

    if not target:
        return _("Filename of attachment not specified!")

    # get file content
    filecontent = request.form.get('file', [None])[0]
    if filecontent is None:
        # This might happen when trying to upload file names
        # with non-ascii characters on Safari.
        return _("No file content. Delete non ASCII characters from the file name and try again.")

    # add the attachment
    try:
        target, bytes = add_attachment(request, pagename, target, filecontent, overwrite=overwrite)
        msg = _("Attachment '%(target)s' (remote name '%(filename)s')"
                " with %(bytes)d bytes saved.") % {
                'target': target, 'filename': filename, 'bytes': bytes}
    except AttachmentAlreadyExists:
        msg = _("Attachment '%(target)s' (remote name '%(filename)s') already exists.") % {
            'target': target, 'filename': filename}

    # return attachment list
    upload_form(pagename, request, msg)
Esempio n. 17
0
def _do_upload(pagename, request):
    _ = request.getText

    if not wikiutil.checkTicket(request, request.form.get('ticket', '')):
        return _('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'AttachFile.upload' }

    # Currently we only check TextCha for upload (this is what spammers ususally do),
    # but it could be extended to more/all attachment write access
    if not TextCha(request).check_answer_from_form():
        return _('TextCha: Wrong answer! Go back and try again...')

    form = request.form

    file_upload = request.files.get('file')
    if not file_upload:
        # This might happen when trying to upload file names
        # with non-ascii characters on Safari.
        return _("No file content. Delete non ASCII characters from the file name and try again.")

    try:
        overwrite = int(form.get('overwrite', '0'))
    except:
        overwrite = 0

    if not request.user.may.write(pagename):
        return _('You are not allowed to attach a file to this page.')

    if overwrite and not request.user.may.delete(pagename):
        return _('You are not allowed to overwrite a file attachment of this page.')

    target = form.get('target', u'').strip()
    if not target:
        target = file_upload.filename or u''

    target = wikiutil.clean_input(target)

    if not target:
        return _("Filename of attachment not specified!")

    # add the attachment
    try:
        target, bytes = add_attachment(request, pagename, target, file_upload.stream, overwrite=overwrite)
        msg = _("Attachment '%(target)s' (remote name '%(filename)s')"
                " with %(bytes)d bytes saved.") % {
                'target': target, 'filename': file_upload.filename, 'bytes': bytes}
    except AttachmentAlreadyExists:
        msg = _("Attachment '%(target)s' (remote name '%(filename)s') already exists.") % {
            'target': target, 'filename': file_upload.filename}

    # return attachment list
    upload_form(pagename, request, msg)
Esempio n. 18
0
    def add(self,
            request,
            mtime,
            rev,
            action,
            pagename,
            host=None,
            extra=u'',
            comment=u''):
        """ Generate (and add) a line to the edit-log.

        If `host` is None, it's read from request vars.
        """
        if request.cfg.log_remote_addr or self.force_ip:
            if host is None:
                host = request.remote_addr or ''

            if request.cfg.log_reverse_dns_lookups:
                import socket
                try:
                    hostname = socket.gethostbyaddr(host)[0]
                    hostname = unicode(hostname, config.charset)
                except (socket.error, UnicodeError):
                    hostname = host
            else:
                hostname = host
        else:
            host = ''
            hostname = ''

        comment = wikiutil.clean_input(comment)
        user_id = request.user.valid and request.user.id or ''

        if self.uid_override is not None:
            user_id = ''
            hostname = self.uid_override
            host = ''

        line = u"\t".join((
            str(long(mtime)),  # has to be long for py 2.2.x
            "%08d" % rev,
            action,
            wikiutil.quoteWikinameFS(pagename),
            host,
            hostname,
            user_id,
            extra,
            comment,
        )) + "\n"
        self._add(line)
Esempio n. 19
0
    def add(self, request, mtime, rev, action, pagename, host=None, extra=u"", comment=u""):
        """ Generate (and add) a line to the edit-log.

        If `host` is None, it's read from request vars.
        """
        if request.cfg.log_remote_addr or self.force_ip:
            if host is None:
                host = request.remote_addr or ""

            if request.cfg.log_reverse_dns_lookups:
                import socket

                try:
                    hostname = socket.gethostbyaddr(host)[0]
                    hostname = unicode(hostname, config.charset)
                except (socket.error, UnicodeError):
                    hostname = host
            else:
                hostname = host
        else:
            host = ""
            hostname = ""

        comment = wikiutil.clean_input(comment)
        user_id = request.user.valid and request.user.id or ""

        if self.uid_override is not None:
            user_id = ""
            hostname = self.uid_override
            host = ""

        line = (
            u"\t".join(
                (
                    str(long(mtime)),  # has to be long for py 2.2.x
                    "%08d" % rev,
                    action,
                    wikiutil.quoteWikinameFS(pagename),
                    host,
                    hostname,
                    user_id,
                    extra,
                    comment,
                )
            )
            + "\n"
        )
        self._add(line)
Esempio n. 20
0
    def do_action(self):
        """ revert pagename """
        form = self.form
        comment = form.get('comment', u'')
        comment = wikiutil.clean_input(comment)

        if self.request.method != 'POST':
            return False, u''

        rev = self.request.rev
        pg = PageEditor(self.request, self.pagename)

        try:
            msg = pg.revertPage(rev, comment)
            # make it show the current version...
            self.request.rev = None
        except PageEditor.SaveError, error:
            msg = unicode(error)
Esempio n. 21
0
    def do_action(self):
        """ revert pagename """
        form = self.form
        comment = form.get('comment', [u''])[0]
        comment = wikiutil.clean_input(comment)

        if self.request.request_method != 'POST':
            return False, u''

        rev = self.request.rev
        pg = PageEditor(self.request, self.pagename)

        try:
            msg = pg.revertPage(rev, comment)
            # make it show the current version...
            self.request.rev = None
        except PageEditor.RevertError, error:
            msg = unicode(error)
Esempio n. 22
0
    def do_action(self):
        """ Rename this page to "pagename" """
        _ = self._
        form = self.form
        newpagename = form.get('newpagename', u'')
        newpagename = wikiutil.normalize_pagename(newpagename, self.cfg)
        comment = form.get('comment', u'')
        comment = wikiutil.clean_input(comment)
        try:
            rename_subpages = int(self.request.form.get('rename_subpages', '0'))
        except ValueError:
            rename_subpages = 0

        self.page = PageEditor(self.request, self.pagename)
        success, msgs = self.page.renamePage(newpagename, comment)

        if not success:
            return success, msgs

        msgs = [msgs]

        if rename_inlinks:
            success, msgs = self.rename_inlinks(newpagename, comment, msgs)

        if self.show_redirect and self.rename_redirect:
            self.page = PageEditor(self.request, self.pagename)
            self.page.saveText('#redirect %s' % newpagename, 0)

        if rename_subpages and self.subpages:
            for name in self.subpages:
                self.page = PageEditor(self.request, name)
                new_subpagename = name.replace(self.pagename, newpagename, 1)
                success_i, msg = self.page.renamePage(new_subpagename, comment)
                msgs.append(msg)

                if self.show_redirect and self.rename_redirect and success_i:
                    self.page = PageEditor(self.request, name)
                    self.page.saveText('#redirect %s' % new_subpagename, 0)
            msgs = ' '.join([msg for msg in msgs if msg])

        self.newpagename = newpagename # keep there for finish
        return success, msgs
Esempio n. 23
0
    def do_action(self):
        form = values_to_form(self.request.values)
        days = form.get('days', [u''])[0]
        days = wikiutil.clean_input(days)

        try:
            days = int(days)
        except ValueError:
            return False, "Invalid number: %s" % days

        fake = FakeXmlrpcObj()
        fake.request = self.request
        cookie = generateCookie(fake, str(self.pagename), days * SECONDS_IN_DAY)
        if isinstance(cookie, xmlrpclib.Fault):
            return False, cookie.faultString

        default_filename = self.pagename + ".cookie"
        filename = form.get('filename', [default_filename])[0]

        self.filename = filename.encode("ascii", "ignore")
        self.cookie = cookie.data

        return True, ""
Esempio n. 24
0
    def do_action(self):
        """ Delete pagename """
        form = self.form
        comment = form.get('comment', u'')
        comment = wikiutil.clean_input(comment)

        ngowikiutil = NgoWikiUtil(self.request)
        ngowikiutil.open_database()
        try:

            # Create a page editor that does not do editor backups, because
            # delete generates a "deleted" version of the page.
            self.page = PageEditor(self.request,
                                   self.pagename,
                                   do_editor_backup=0)
            success, msgs = self.page.deletePage(comment)
            ngowikiutil.remove_page_by_path(self.pagename)

            delete_subpages = 0
            try:
                delete_subpages = int(form['delete_subpages'])
            except:
                pass

            if delete_subpages and self.subpages:
                for name in self.subpages:
                    self.page = PageEditor(self.request,
                                           name,
                                           do_editor_backup=0)
                    success_i, msg = self.page.deletePage(comment)
                    ngowikiutil.remove_page_by_path(name)
                    msgs = "%s %s" % (msgs, msg)
        finally:
            ngowikiutil.close_database(True)

        return success, msgs
Esempio n. 25
0
    def do_action(self):
        """ Delete pagename """
        form = self.form
        comment = form.get('comment', u'')
        comment = wikiutil.clean_input(comment)

        # Create a page editor that does not do editor backups, because
        # delete generates a "deleted" version of the page.
        self.page = PageEditor(self.request, self.pagename, do_editor_backup=0)
        success, msgs = self.page.deletePage(comment)

        delete_subpages = 0
        try:
            delete_subpages = int(form['delete_subpages'])
        except:
            pass

        if delete_subpages and self.subpages:
            for name in self.subpages:
                self.page = PageEditor(self.request, name, do_editor_backup=0)
                success_i, msg = self.page.deletePage(comment)
                msgs = "%s %s" % (msgs, msg)

        return success, msgs
Esempio n. 26
0
    def do_action(self):
        """ Load """
        status = False
        _ = self._
        form = self.form
        request = self.request
        # Currently we only check TextCha for upload (this is what spammers ususally do),
        # but it could be extended to more/all attachment write access
        if not TextCha(request).check_answer_from_form():
            return status, _('TextCha: Wrong answer! Go back and try again...')

        comment = form.get('comment', u'')
        comment = wikiutil.clean_input(comment)

        file_upload = request.files.get('file')
        if not file_upload:
            # This might happen when trying to upload file names
            # with non-ascii characters on Safari.
            return False, _("No file content. Delete non ASCII characters from the file name and try again.")

        filename = file_upload.filename
        rename = form.get('rename', '').strip()
        if rename:
            target = rename
        else:
            target = filename

        target = wikiutil.clean_input(target)

        if target:
            tmpdir = tempfile.mkdtemp()
            swsfile = os.path.join(tmpdir,'worksheet.sws')
            fff = open(swsfile, 'wb')
            fff.write(file_upload.stream.read())
            fff.close()
            swstarfile = tarfile.open(swsfile)
            swstarfile.extractall(path=tmpdir)
            swstarfile.close()
            txtfile = codecs.open(os.path.join(tmpdir, 'sage_worksheet/worksheet.txt'), 'r', encoding='latin-1')
            l = txtfile.readlines()
            txtfile.close()
            shutil.rmtree(tmpdir)
            l.pop(0)
            l.pop(0)
            bloques = []
            cadena = u''
            i = 0
            while l:
                lin = l.pop(0)
                if lin[:3] == '{{{':
                    bloques.append(cadena)
                    cadena = u'\n{{{#!sagecell\n'
                    i += 1
                    lin = l.pop(0)
                    while lin[:3] != '///':
                       try:
                            cadena+=lin.decode('utf-8')
                        except:
                            for letra in lin:
                                try:
                                    cadena += letra.decode('utf-8')
                                except:
                                    pass
                        lin = l.pop(0)
                        i += 1
                    cadena += u'}}}\n'
                    bloques.append(cadena)
                    cadena = u''
                    while lin[:3] != '}}}':
                        lin = l.pop(0)
                        i+=1
                else:
                    try:
                        cadena+=lin.decode('utf-8')
                    except:
                        for letra in lin:
                            try:
                                cadena += letra.decode('utf-8')
                            except:
                                pass
            bloques2=[]
            p = HTML2MoinMoin()
            for l in bloques:
                if l[:14] == '\n{{{#!sagecell':
                    bloques2.append(p.parsed())
                    p.clear()
                    bloques2.append(l)
                else:
                    p.feed(l)
            filecontent = u''
            for l in bloques2:
                filecontent += l
            self.pagename = target
            oldtext = Page(request, self.pagename).get_raw_body()
            pg = PageEditor(request, self.pagename)
            try:
                msg = pg.saveText(oldtext + filecontent, 0, comment=comment)
                status = True
            except pg.EditConflict, e:
                msg = e.message
Esempio n. 27
0
def execute(pagename, request):
    """ edit a page """
    _ = request.getText

    if 'button_preview' in request.form and 'button_spellcheck' in request.form:
        # multiple buttons pressed at once? must be some spammer/bot
        check_surge_protect(request, kick=True)  # get rid of him
        return

    if not request.user.may.write(pagename):
        page = wikiutil.getLocalizedPage(request, 'PermissionDeniedPage')
        page.body = _('You are not allowed to edit this page.')
        page.page_name = pagename
        page.send_page(send_special=True)
        return

    valideditors = [
        'text',
        'gui',
    ]
    editor = ''
    if request.user.valid:
        editor = request.user.editor_default
    if editor not in valideditors:
        editor = request.cfg.editor_default

    editorparam = request.values.get('editor', editor)
    if editorparam == "guipossible":
        lasteditor = editor
    elif editorparam == "textonly":
        editor = lasteditor = 'text'
    else:
        editor = lasteditor = editorparam

    if request.cfg.editor_force:
        editor = request.cfg.editor_default

    # if it is still nothing valid, we just use the text editor
    if editor not in valideditors:
        editor = 'text'

    rev = request.rev or 0
    savetext = request.form.get('savetext')
    comment = request.form.get('comment', u'')
    category = request.form.get('category')
    rstrip = int(request.form.get('rstrip', '0'))
    trivial = int(request.form.get('trivial', '0'))
    ideastatus = int(request.form.get('ideastatus', '0'))

    if 'button_switch' in request.form:
        if editor == 'text':
            editor = 'gui'
        else:  # 'gui'
            editor = 'text'

    # load right editor class
    if editor == 'gui':
        from MoinMoin.PageGraphicalEditor import PageGraphicalEditor
        pg = PageGraphicalEditor(request, pagename)
    else:  # 'text'
        from MoinMoin.PageEditor import PageEditor
        pg = PageEditor(request, pagename)

    # is invoked without savetext start editing
    if savetext is None or 'button_load_draft' in request.form:
        pg.sendEditor()
        return

    # did user hit cancel button?
    cancelled = 'button_cancel' in request.form

    from MoinMoin.error import ConvertError
    try:
        if lasteditor == 'gui':
            # convert input from Graphical editor
            format = request.form.get('format', 'wiki')
            if format == 'wiki':
                converter_name = 'text_html_text_moin_wiki'
            else:
                converter_name = 'undefined'  # XXX we don't have other converters yet
            convert = wikiutil.importPlugin(request.cfg, "converter",
                                            converter_name, 'convert')
            savetext = convert(request, pagename, savetext)

        # IMPORTANT: normalize text from the form. This should be done in
        # one place before we manipulate the text.
        savetext = pg.normalizeText(savetext, stripspaces=rstrip)
    except ConvertError:
        # we don't want to throw an exception if user cancelled anyway
        if not cancelled:
            raise

    if cancelled:
        pg.sendCancel(savetext or "", rev)
        pagedir = pg.getPagePath(check_create=0)
        import os
        if not os.listdir(pagedir):
            os.removedirs(pagedir)
        return

    comment = wikiutil.clean_input(comment)

    # Add category

    # TODO: this code does not work with extended links, and is doing
    # things behind your back, and in general not needed. Either we have
    # a full interface for categories (add, delete) or just add them by
    # markup.

    if category and category != _('<No addition>'):  # opera 8.5 needs this
        # strip trailing whitespace
        savetext = savetext.rstrip()

        # Add category separator if last non-empty line contains
        # non-categories.
        lines = [line for line in savetext.splitlines() if line]
        if lines:

            #TODO: this code is broken, will not work for extended links
            #categories, e.g ["category hebrew"]
            categories = lines[-1].split()

            if categories:
                confirmed = wikiutil.filterCategoryPages(request, categories)
                if len(confirmed) < len(categories):
                    # This was not a categories line, add separator
                    savetext += u'\n----\n'

        # Add new category
        if savetext and savetext[-1] != u'\n':
            savetext += ' '
        savetext += category + u'\n'  # Should end with newline!

    if (request.cfg.edit_ticketing and
            not wikiutil.checkTicket(request, request.form.get('ticket', ''))):
        request.theme.add_msg(
            _('Please use the interactive user interface to use action %(actionname)s!'
              ) % {'actionname': 'edit'}, "error")
        pg.sendEditor(preview=savetext, comment=comment, staytop=1)

    # Preview, spellcheck or spellcheck add new words
    elif ('button_preview' in request.form
          or 'button_spellcheck' in request.form
          or 'button_newwords' in request.form):
        pg.sendEditor(preview=savetext, comment=comment)

    # Preview with mode switch
    elif 'button_switch' in request.form:
        pg.sendEditor(preview=savetext, comment=comment, staytop=1)

    # Save new text
    else:
        try:
            from MoinMoin.security.textcha import TextCha
            if not TextCha(request).check_answer_from_form():
                raise pg.SaveError(
                    _('TextCha: Wrong answer! Try again below...'))
            if request.cfg.comment_required and not comment:
                raise pg.SaveError(
                    _('Supplying a comment is mandatory.  Write a comment below and try again...'
                      ))
            savemsg = pg.saveText(savetext,
                                  rev,
                                  trivial=trivial,
                                  comment=comment)
        except pg.EditConflict, e:
            msg = e.message

            # Handle conflict and send editor
            pg.set_raw_body(savetext, modified=1)

            pg.mergeEditConflict(rev)
            # We don't send preview when we do merge conflict
            pg.sendEditor(msg=msg, comment=comment)
            return

        except pg.SaveError, msg:
            # Show the error message
            request.theme.add_msg(unicode(msg), "error")
            # And show the editor again
            pg.sendEditor(preview=savetext, comment=comment, staytop=1)
            return
Esempio n. 28
0
def _do_upload(pagename, request):
    _ = request.getText

    if not wikiutil.checkTicket(request, request.form.get('ticket', '')):
        return _(
            'Please use the interactive user interface to use action %(actionname)s!'
        ) % {
            'actionname': 'AttachFile.upload'
        }

    # Currently we only check TextCha for upload (this is what spammers ususally do),
    # but it could be extended to more/all attachment write access
    if not TextCha(request).check_answer_from_form():
        return _('TextCha: Wrong answer! Go back and try again...')

    form = request.form

    file_upload = request.files.get('file')
    if not file_upload:
        # This might happen when trying to upload file names
        # with non-ascii characters on Safari.
        return _(
            "No file content. Delete non ASCII characters from the file name and try again."
        )

    try:
        overwrite = int(form.get('overwrite', '0'))
    except:
        overwrite = 0

    if not request.user.may.write(pagename):
        return _('You are not allowed to attach a file to this page.')

    if overwrite and not request.user.may.delete(pagename):
        return _(
            'You are not allowed to overwrite a file attachment of this page.')

    target = form.get('target', u'').strip()
    if not target:
        target = file_upload.filename or u''

    target = wikiutil.clean_input(target)

    if not target:
        return _("Filename of attachment not specified!")

    # add the attachment
    try:
        target, bytes = add_attachment(request,
                                       pagename,
                                       target,
                                       file_upload.stream,
                                       overwrite=overwrite)
        msg = _("Attachment '%(target)s' (remote name '%(filename)s')"
                " with %(bytes)d bytes saved.") % {
                    'target': target,
                    'filename': file_upload.filename,
                    'bytes': bytes
                }
    except AttachmentAlreadyExists:
        msg = _(
            "Attachment '%(target)s' (remote name '%(filename)s') already exists."
        ) % {
            'target': target,
            'filename': file_upload.filename
        }

    # return attachment list
    upload_form(pagename, request, msg)
Esempio n. 29
0
 def do_action(self):
     description = wikiutil.clean_input(self.form.get('activity', u''))
     return True, self.start_activity(description)
Esempio n. 30
0
    pw_checker = request.cfg.password_checker
    if pw_checker:
        pw_error = pw_checker(request, theuser.name, password)
        if pw_error:
            return _("Password not acceptable: %s") % pw_error

    # Encode password
    if password and not password.startswith('{SHA}'):
        try:
            theuser.enc_password = user.encodePassword(password)
        except UnicodeError, err:
            # Should never happen
            return "Can't encode password: %s" % str(err)

    # try to get the email, for new users it is required
    email = wikiutil.clean_input(form.get('email', [''])[0])
    theuser.email = email.strip()
    if not theuser.email and 'email' not in request.cfg.user_form_remove:
        return _("Please provide your email address. If you lose your"
                 " login information, you can get it by email.")

    # Email should be unique - see also MoinMoin/script/accounts/moin_usercheck.py
    if theuser.email and request.cfg.user_email_unique:
        if user.get_by_email_address(request, theuser.email):
            return _("This email already belongs to somebody else.")

    # save data
    theuser.save()

    result = _("User account created! You can use this account to login now...")
    if _debug:
Esempio n. 31
0
    def _save_user_prefs(self):
        _ = self._
        form = self.request.form
        request = self.request

        if not 'name' in request.user.auth_attribs:
            # Require non-empty name
            new_name = wikiutil.clean_input(form.get('name', request.user.name)).strip()

            # Don't allow changing the name to an invalid one
            if not user.isValidName(request, new_name):
                return 'error', _("""Invalid user name {{{'%s'}}}.
Name may contain any Unicode alpha numeric character, with optional one
space between words. Group page name is not allowed.""", wiki=True) % wikiutil.escape(new_name)

            # Is this an existing user trying to change information or a new user?
            # Name required to be unique. Check if name belong to another user.
            existing_id = user.getUserId(request, new_name)
            if existing_id is not None and existing_id != request.user.id:
                return 'error', _("This user name already belongs to somebody else.")

            if not new_name:
                return 'error', _("Empty user name. Please enter a user name.")

            # done sanity checking the name, set it
            request.user.name = new_name


        if not 'email' in request.user.auth_attribs:
            # try to get the email
            new_email = wikiutil.clean_input(form.get('email', request.user.email)).strip()

            # Require email
            if not new_email and 'email' not in request.cfg.user_form_remove:
                return 'error', _("Please provide your email address. If you lose your"
                                  " login information, you can get it by email.")

            # Email should be unique - see also MoinMoin/script/accounts/moin_usercheck.py
            if new_email and request.cfg.user_email_unique:
                other = user.get_by_email_address(request, new_email)
                if other is not None and other.id != request.user.id:
                    return 'error', _("This email already belongs to somebody else.")

            # done checking the email, set it
            request.user.email = new_email


        if not 'jid' in request.user.auth_attribs:
            # try to get the jid
            new_jid = wikiutil.clean_input(form.get('jid', '')).strip()

            jid_changed = request.user.jid != new_jid
            previous_jid = request.user.jid

            if new_jid and request.cfg.user_jid_unique:
                other = user.get_by_jabber_id(request, new_jid)
                if other is not None and other.id != request.user.id:
                    return 'error', _("This jabber id already belongs to somebody else.")

            if jid_changed:
                set_event = events.JabberIDSetEvent(request, new_jid)
                unset_event = events.JabberIDUnsetEvent(request, previous_jid)
                events.send_event(unset_event)
                events.send_event(set_event)

            # done checking the JID, set it
            request.user.jid = new_jid


        if not 'aliasname' in request.user.auth_attribs:
            # aliasname
            request.user.aliasname = wikiutil.clean_input(form.get('aliasname', '')).strip()

        # editor size
        request.user.edit_rows = util.web.getIntegerInput(request, 'edit_rows',
                                                          request.user.edit_rows, 0, 999)

        # try to get the editor
        request.user.editor_default = wikiutil.clean_input(form.get('editor_default', self.cfg.editor_default))
        request.user.editor_ui = wikiutil.clean_input(form.get('editor_ui', self.cfg.editor_ui))

        # time zone
        request.user.tz_offset = util.web.getIntegerInput(request, 'tz_offset',
                                                          request.user.tz_offset, -84600, 84600)

        # datetime format
        try:
            dt_d_combined = Settings._date_formats.get(form['datetime_fmt'], '')
            request.user.datetime_fmt, request.user.date_fmt = dt_d_combined.split(' & ')
        except (KeyError, ValueError):
            request.user.datetime_fmt = '' # default
            request.user.date_fmt = '' # default

        # try to get the (optional) theme
        theme_name = wikiutil.clean_input(form.get('theme_name', self.cfg.theme_default))
        if theme_name != request.user.theme_name:
            # if the theme has changed, load the new theme
            # so the user has a direct feedback
            # WARNING: this should be refactored (i.e. theme load
            # after userform handling), cause currently the
            # already loaded theme is just replaced (works cause
            # nothing has been emitted yet)
            request.user.theme_name = theme_name
            if load_theme_fallback(request, theme_name) > 0:
                theme_name = wikiutil.escape(theme_name)
                return 'error', _("The theme '%(theme_name)s' could not be loaded!") % locals()

        # try to get the (optional) preferred language
        request.user.language = wikiutil.clean_input(form.get('language', ''))
        if request.user.language == u'': # For language-statistics
            from MoinMoin import i18n
            request.user.real_language = i18n.get_browser_language(request)
        else:
            request.user.real_language = ''

        # I want to handle all inputs from user_form_fields, but
        # don't want to handle the cases that have already been coded
        # above.
        # This is a horribly fragile kludge that's begging to break.
        # Something that might work better would be to define a
        # handler for each form field, instead of stuffing them all in
        # one long and inextensible method.  That would allow for
        # plugins to provide methods to validate their fields as well.
        already_handled = ['name', 'email',
                           'aliasname', 'edit_rows', 'editor_default',
                           'editor_ui', 'tz_offset', 'datetime_fmt',
                           'theme_name', 'language', 'real_language', 'jid']
        for field in self.cfg.user_form_fields:
            key = field[0]
            if ((key in self.cfg.user_form_disable)
                or (key in already_handled)):
                continue
            default = self.cfg.user_form_defaults[key]
            value = form.get(key, default)
            value = wikiutil.clean_input(value)
            setattr(request.user, key, value)

        # checkbox options
        for key, label in self.cfg.user_checkbox_fields:
            if key not in self.cfg.user_checkbox_disable and key not in self.cfg.user_checkbox_remove:
                value = form.get(key, "0")
                try:
                    value = int(value)
                except ValueError:
                    # value we got is crap, do not setattr this value, just pass
                    pass
                else:
                    setattr(request.user, key, value)

        # quicklinks for navibar
        request.user.quicklinks = self._decode_pagelist('quicklinks')

        # save data
        request.user.save()
        if request.user.disabled:
            # set valid to false so the current request won't
            # show the user as logged-in any more
            request.user.valid = False

        result = _("User preferences saved!")
        return result
Esempio n. 32
0
class PluginScript(MoinScript):
    """Purpose:
========
This script imports the wiki page from given file into the wiki.

Detailed Instructions:
======================
General syntax: moin [options] import wikipage [wikipage-options]

[options] usually should be:
    --config-dir=/path/to/cfg --wiki-url=http://wiki.example.org/ --page=Page
"""

    def __init__(self, argv, def_values):
        MoinScript.__init__(self, argv, def_values)
        self.parser.add_option('--acl', dest='acl', default='', metavar='ACL',
                help='Set a specific ACL for the wiki page')
        self.parser.add_option('--author', dest='author', metavar='AUTHOR',
                default='PageImporter',
                help='Use AUTHOR for edit history / RecentChanges')
        self.parser.add_option('--comment', dest='comment', metavar='COMMENT',
                default='', help='COMMENT for edit history / RecentChanges')
        self.parser.add_option('--file', dest='file', default='',
                metavar='FILE', help='Read the wiki page from the given file')
        self.parser.add_option('--no-backup', dest='revision_backup',
                default=True, action='store_false',
                help="Suppress making a page backup per revision")
        self._update_option_help('--page',
                'Name of the wiki page which should be imported')

    def mainloop(self):
        self.init_request()
        request = self.request
        request.user.may = IAmRoot()

        if not self.options.page:
            fatal('You must specify a wiki page name (--page=Page)!')
        if not self.options.file:
            fatal('You must specify a FILE to read from (--file=FILE)!')

        try:
            fileObj = open(self.options.file, 'rb')
        except IOError, err:
            fatal(str(err))
        page_content = decodeUnknownInput(fileObj.read()).rstrip()
        fileObj.close()

        if not self.options.acl:
            acl = ''
        else:
            acl = '#acl %s\n' % self.options.acl
        comment = clean_input(self.options.comment)

        pe = PageEditor(request, self.options.page, do_editor_backup=0,
                        uid_override=self.options.author,
                        do_revision_backup=int(self.options.revision_backup))
        try:
            pe.saveText(acl + page_content, 0, comment=comment)
        except PageEditor.Unchanged:
            log("info: wikipage was not modified - ignored update.")
        except PageEditor.SaveError, err:
            log("error: %r" % err)
Esempio n. 33
0
    pw_checker = request.cfg.password_checker
    if pw_checker:
        pw_error = pw_checker(request, theuser.name, password)
        if pw_error:
            return _("Password not acceptable: %s") % pw_error

    # Encode password
    if password and not password.startswith('{SHA}'):
        try:
            theuser.enc_password = user.encodePassword(password)
        except UnicodeError, err:
            # Should never happen
            return "Can't encode password: %s" % str(err)

    # try to get the email, for new users it is required
    email = wikiutil.clean_input(form.get('email', ''))
    theuser.email = email.strip()
    if not theuser.email and 'email' not in request.cfg.user_form_remove:
        return _("Please provide your email address. If you lose your"
                 " login information, you can get it by email.")

    # Email should be unique - see also MoinMoin/script/accounts/moin_usercheck.py
    if theuser.email and request.cfg.user_email_unique:
        if user.get_by_email_address(request, theuser.email):
            return _("This email already belongs to somebody else.")

    # save data
    theuser.save()

    result = _(
        "User account created! You can use this account to login now...")
Esempio n. 34
0
    pw_checker = request.cfg.password_checker
    if pw_checker:
        pw_error = pw_checker(request, theuser.name, password)
        if pw_error:
            return _("Password not acceptable: %s") % wikiutil.escape(pw_error)

    # Encode password
    try:
        theuser.enc_password = user.encodePassword(request.cfg, password)
    except UnicodeError, err:
        # Should never happen
        return "Can't encode password: %s" % wikiutil.escape(str(err))

    # try to get the email, for new users it is required
    email = wikiutil.clean_input(form.get('email', ''))
    theuser.email = email.strip()
    if not theuser.email and 'email' not in request.cfg.user_form_remove:
        return _("Please provide your email address. If you lose your"
                 " login information, you can get it by email.")

    # Email should be unique - see also MoinMoin/script/accounts/moin_usercheck.py
    if theuser.email and request.cfg.user_email_unique:
        if user.get_by_email_address(request, theuser.email):
            return _("This email already belongs to somebody else.")

    # save data
    theuser.save()

    result = _("User account created! You can use this account to login now...")
    return result
Esempio n. 35
0
def execute(pagename, request):
    """ edit a page """
    _ = request.getText

    if 'button_preview' in request.form and 'button_spellcheck' in request.form:
        # multiple buttons pressed at once? must be some spammer/bot
        check_surge_protect(request, kick=True) # get rid of him
        return

    if not request.user.may.write(pagename):
        page = wikiutil.getLocalizedPage(request, 'PermissionDeniedPage')
        page.body = _('You are not allowed to edit this page.')
        page.page_name = pagename
        page.send_page(send_special=True)
        return

    valideditors = ['text', 'gui', ]
    editor = ''
    if request.user.valid:
        editor = request.user.editor_default
    if editor not in valideditors:
        editor = request.cfg.editor_default

    editorparam = request.values.get('editor', editor)
    if editorparam == "guipossible":
        lasteditor = editor
    elif editorparam == "textonly":
        editor = lasteditor = 'text'
    else:
        editor = lasteditor = editorparam

    if request.cfg.editor_force:
        editor = request.cfg.editor_default

    # if it is still nothing valid, we just use the text editor
    if editor not in valideditors:
        editor = 'text'

    rev = request.rev or 0
    savetext = request.form.get('savetext')
    comment = request.form.get('comment', u'')
    category = request.form.get('category')
    rstrip = int(request.form.get('rstrip', '0'))
    trivial = int(request.form.get('trivial', '0'))

    if 'button_switch' in request.form:
        if editor == 'text':
            editor = 'gui'
        else: # 'gui'
            editor = 'text'

    # load right editor class
    if editor == 'gui':
        from MoinMoin.PageGraphicalEditor import PageGraphicalEditor
        pg = PageGraphicalEditor(request, pagename)
    else: # 'text'
        from MoinMoin.PageEditor import PageEditor
        pg = PageEditor(request, pagename)

    # is invoked without savetext start editing
    if savetext is None or 'button_load_draft' in request.form:
        pg.sendEditor()
        return

    # did user hit cancel button?
    cancelled = 'button_cancel' in request.form

    from MoinMoin.error import ConvertError
    try:
        if lasteditor == 'gui':
            # convert input from Graphical editor
            format = request.form.get('format', 'wiki')
            if format == 'wiki':
                converter_name = 'text_html_text_moin_wiki'
            else:
                converter_name = 'undefined' # XXX we don't have other converters yet
            convert = wikiutil.importPlugin(request.cfg, "converter", converter_name, 'convert')
            savetext = convert(request, pagename, savetext)

        # IMPORTANT: normalize text from the form. This should be done in
        # one place before we manipulate the text.
        savetext = pg.normalizeText(savetext, stripspaces=rstrip)
    except ConvertError:
        # we don't want to throw an exception if user cancelled anyway
        if not cancelled:
            raise

    if cancelled:
        pg.sendCancel(savetext or "", rev)
        pagedir = pg.getPagePath(check_create=0)
        import os
        if not os.listdir(pagedir):
            os.removedirs(pagedir)
        return

    comment = wikiutil.clean_input(comment)

    # Add category

    # TODO: this code does not work with extended links, and is doing
    # things behind your back, and in general not needed. Either we have
    # a full interface for categories (add, delete) or just add them by
    # markup.

    if category and category != _('<No addition>'): # opera 8.5 needs this
        # strip trailing whitespace
        savetext = savetext.rstrip()

        # Add category separator if last non-empty line contains
        # non-categories.
        lines = [line for line in savetext.splitlines() if line]
        if lines:

            #TODO: this code is broken, will not work for extended links
            #categories, e.g ["category hebrew"]
            categories = lines[-1].split()

            if categories:
                confirmed = wikiutil.filterCategoryPages(request, categories)
                if len(confirmed) < len(categories):
                    # This was not a categories line, add separator
                    savetext += u'\n----\n'

        # Add new category
        if savetext and savetext[-1] != u'\n':
            savetext += ' '
        savetext += category + u'\n' # Should end with newline!

    if (request.cfg.edit_ticketing and
        not wikiutil.checkTicket(request, request.form.get('ticket', ''))):
        request.theme.add_msg(_('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'edit' }, "error")
        pg.sendEditor(preview=savetext, comment=comment, staytop=1)

    # Preview, spellcheck or spellcheck add new words
    elif ('button_preview' in request.form or
        'button_spellcheck' in request.form or
        'button_newwords' in request.form):
        pg.sendEditor(preview=savetext, comment=comment)

    # Preview with mode switch
    elif 'button_switch' in request.form:
        pg.sendEditor(preview=savetext, comment=comment, staytop=1)

    # Save new text
    else:
        try:
            from MoinMoin.security.textcha import TextCha
            if not TextCha(request).check_answer_from_form():
                raise pg.SaveError(_('TextCha: Wrong answer! Try again below...'))
            if request.cfg.comment_required and not comment:
                raise pg.SaveError(_('Supplying a comment is mandatory.  Write a comment below and try again...'))
            savemsg = pg.saveText(savetext, rev, trivial=trivial, comment=comment)
        except pg.EditConflict, e:
            msg = e.message

            # Handle conflict and send editor
            pg.set_raw_body(savetext, modified=1)

            pg.mergeEditConflict(rev)
            # We don't send preview when we do merge conflict
            pg.sendEditor(msg=msg, comment=comment)
            return

        except pg.SaveError, msg:
            # Show the error message
            request.theme.add_msg(unicode(msg), "error")
            # And show the editor again
            pg.sendEditor(preview=savetext, comment=comment, staytop=1)
            return
Esempio n. 36
0
    def _save_user_prefs(self):
        _ = self._
        form = self.request.form
        request = self.request

        if request.request_method != 'POST':
            return

        if not 'name' in request.user.auth_attribs:
            # Require non-empty name
            new_name = form.get('name', [request.user.name])[0]

            # Don't allow changing the name to an invalid one
            if not user.isValidName(request, new_name):
                return 'error', _("""Invalid user name {{{'%s'}}}.
Name may contain any Unicode alpha numeric character, with optional one
space between words. Group page name is not allowed.""", wiki=True) % wikiutil.escape(new_name)

            # Is this an existing user trying to change information or a new user?
            # Name required to be unique. Check if name belong to another user.
            existing_id = user.getUserId(request, new_name)
            if existing_id is not None and existing_id != request.user.id:
                return 'error', _("This user name already belongs to somebody else.")

            if not new_name:
                return 'error', _("Empty user name. Please enter a user name.")

            # done sanity checking the name, set it
            request.user.name = new_name


        if not 'email' in request.user.auth_attribs:
            # try to get the email
            new_email = wikiutil.clean_input(form.get('email', [request.user.email])[0])
            new_email = new_email.strip()

            # Require email
            if not new_email and 'email' not in request.cfg.user_form_remove:
                return 'error', _("Please provide your email address. If you lose your"
                                  " login information, you can get it by email.")

            # Email should be unique - see also MoinMoin/script/accounts/moin_usercheck.py
            if new_email and request.cfg.user_email_unique:
                other = user.get_by_email_address(request, new_email)
                if other is not None and other.id != request.user.id:
                    return 'error', _("This email already belongs to somebody else.")

            # done checking the email, set it
            request.user.email = new_email


        if not 'jid' in request.user.auth_attribs:
            # try to get the jid
            new_jid = wikiutil.clean_input(form.get('jid', [''])[0]).strip()

            jid_changed = request.user.jid != new_jid
            previous_jid = request.user.jid

            if new_jid and request.cfg.user_jid_unique:
                other = user.get_by_jabber_id(request, new_jid)
                if other is not None and other.id != request.user.id:
                    return 'error', _("This jabber id already belongs to somebody else.")

            if jid_changed:
                set_event = events.JabberIDSetEvent(request, new_jid)
                unset_event = events.JabberIDUnsetEvent(request, previous_jid)
                events.send_event(unset_event)
                events.send_event(set_event)

            # done checking the JID, set it
            request.user.jid = new_jid


        if not 'aliasname' in request.user.auth_attribs:
            # aliasname
            request.user.aliasname = wikiutil.clean_input(form.get('aliasname', [''])[0])

        # editor size
        request.user.edit_rows = util.web.getIntegerInput(request, 'edit_rows',
                                                          request.user.edit_rows, 10, 60)

        # try to get the editor
        request.user.editor_default = form.get('editor_default', [self.cfg.editor_default])[0]
        request.user.editor_ui = form.get('editor_ui', [self.cfg.editor_ui])[0]

        # time zone
        request.user.tz_offset = util.web.getIntegerInput(request, 'tz_offset',
                                                          request.user.tz_offset, -84600, 84600)

        # datetime format
        try:
            dt_d_combined = Settings._date_formats.get(form['datetime_fmt'][0], '')
            request.user.datetime_fmt, request.user.date_fmt = dt_d_combined.split(' & ')
        except (KeyError, ValueError):
            request.user.datetime_fmt = '' # default
            request.user.date_fmt = '' # default

        # try to get the (optional) theme
        theme_name = form.get('theme_name', [self.cfg.theme_default])[0]
        if theme_name != request.user.theme_name:
            # if the theme has changed, load the new theme
            # so the user has a direct feedback
            # WARNING: this should be refactored (i.e. theme load
            # after userform handling), cause currently the
            # already loaded theme is just replaced (works cause
            # nothing has been emitted yet)
            request.user.theme_name = theme_name
            if request.loadTheme(theme_name) > 0:
                theme_name = wikiutil.escape(theme_name)
                return 'error', _("The theme '%(theme_name)s' could not be loaded!") % locals()

        # try to get the (optional) preferred language
        request.user.language = form.get('language', [''])[0]
        if request.user.language == u'': # For language-statistics
            from MoinMoin import i18n
            request.user.real_language = i18n.get_browser_language(request)
        else:
            request.user.real_language = ''

        # I want to handle all inputs from user_form_fields, but
        # don't want to handle the cases that have already been coded
        # above.
        # This is a horribly fragile kludge that's begging to break.
        # Something that might work better would be to define a
        # handler for each form field, instead of stuffing them all in
        # one long and inextensible method.  That would allow for
        # plugins to provide methods to validate their fields as well.
        already_handled = ['name', 'email',
                           'aliasname', 'edit_rows', 'editor_default',
                           'editor_ui', 'tz_offset', 'datetime_fmt',
                           'theme_name', 'language', 'real_language', 'jid']
        for field in self.cfg.user_form_fields:
            key = field[0]
            if ((key in self.cfg.user_form_disable)
                or (key in already_handled)):
                continue
            default = self.cfg.user_form_defaults[key]
            value = form.get(key, [default])[0]
            setattr(request.user, key, value)

        # checkbox options
        for key, label in self.cfg.user_checkbox_fields:
            if key not in self.cfg.user_checkbox_disable and key not in self.cfg.user_checkbox_remove:
                value = form.get(key, ["0"])[0]
                try:
                    value = int(value)
                except ValueError:
                    pass
                else:
                    setattr(request.user, key, value)

        # quicklinks for navibar
        request.user.quicklinks = self._decode_pagelist('quicklinks')

        # save data
        request.user.save()
        if request.user.disabled:
            # set valid to false so the current request won't
            # show the user as logged-in any more
            request.user.valid = False

        result = _("User preferences saved!")
        if _debug:
            result = result + util.dumpFormData(form)
        return result