def urlunquote_plus(quoted_url):
"""
A wrapper for Python's ``urllib.unquote_plus()`` function that can operate
on unicode strings.
"""
if six.PY3:
return unquote_plus(quoted_url)
else:
return latin_to_unicode(unquote_plus(force_bytes(quoted_url)))
def _parse_param(raw_string):
""" Parse one input or output item. """
items = (item.partition('=') for item in raw_string.split("@"))
attr = {}
id_, dlm, data = next(items)
id_ = unquote_plus(id_)
data = unquote_plus(data) if dlm else None
for key, dlm, value in items:
attr[unquote_plus(key)] = unquote_plus(value) if dlm else None
return id_, data, attr
def parse_query_string(query_string):
""" Parse URL query string preserving the URL-encoded
DataInputs, ResponseDocument, and RawDataOutput WPS Execute parameters.
Note that the standard parser URL-decodes the parameter values and, in cases
when, e.g., a data input contains an percent-encoded separator
('%40' vs. '@') the encoded and non-encoded delimiters cannot
be distinguished ('@' vs. '@') and the correct parsing cannot be guaranteed.
"""
unescaped = set(('datainputs', 'responsedocument', 'rawdataoutput'))
return dict(
(key, value if key.lower() in unescaped else unquote_plus(value))
for key, value in ((unquote_plus(key), value) for key, _, value in (
item.partition('=') for item in query_string.split('&'))))
def config(default=None):
"""
:return: dict
"""
try:
redis_connection_url = os.getenv('REDIS_SESSION_URL', default)
match = re.match(
r'redis://(:(?P<password>[^@]*)@)?(?P<host>[^:]+):(?P<port>\d+)(/(?P<index>\d+))?',
redis_connection_url)
if not match:
raise Exception()
if match.group('password') is None:
password = None
else:
password = unquote_plus(match.group('password'))
redis_connection_dict = {
'host': match.group('host'),
'port': match.group('port'),
'db': match.group('index') or 0,
'password': password,
'prefix': os.getenv('REDIS_SESSION_PREFIX', 'session'),
'socket_timeout': os.getenv('REDIS_SESSION_SOCKET_TIMEOUT', 1),
}
return redis_connection_dict
except Exception as e:
raise Exception(
"Could not parse Redis session URL. Please verify 'REDIS_SESSION_URL' value"
)
def get_wordpress_user(request):
cookie_hash = hashlib.md5(force_bytes(get_site_url())).hexdigest()
cookie = request.COOKIES.get('wordpress_logged_in_' + cookie_hash)
if cookie:
cookie = unquote_plus(cookie)
return _validate_auth_cookie(cookie)
def save_metadata(metadata_dict, document, create=False):
"""
Take a dictionary of metadata type & value and associate it to a
document
"""
if create:
# Use matched metadata now to create document metadata
document_metadata, created = DocumentMetadata.objects.get_or_create(
document=document,
metadata_type=get_object_or_404(
MetadataType,
pk=metadata_dict['id'])
)
else:
try:
document_metadata = DocumentMetadata.objects.get(
document=document,
metadata_type=get_object_or_404(
MetadataType,
pk=metadata_dict['id']
),
)
except DocumentMetadata.DoesNotExist:
# TODO: Maybe return warning to caller?
document_metadata = None
# Handle 'plus sign as space' in the url
# unquote_plus handles utf-8?!?
# http://stackoverflow.com/questions/4382875/handling-iri-in-django
# .decode('utf-8')
if document_metadata:
document_metadata.value = unquote_plus(metadata_dict['value'])
document_metadata.save()
def save_metadata(metadata_dict, document, create=False):
"""
Take a dictionary of metadata type & value and associate it to a
document
"""
if create:
# Use matched metadata now to create document metadata
document_metadata, created = DocumentMetadata.objects.get_or_create(
document=document,
metadata_type=get_object_or_404(MetadataType,
pk=metadata_dict['id']))
else:
try:
document_metadata = DocumentMetadata.objects.get(
document=document,
metadata_type=get_object_or_404(MetadataType,
pk=metadata_dict['id']),
)
except DocumentMetadata.DoesNotExist:
# TODO: Maybe return warning to caller?
document_metadata = None
# Handle 'plus sign as space' in the url
# unquote_plus handles utf-8?!?
# http://stackoverflow.com/questions/4382875/handling-iri-in-django
# .decode('utf-8')
if document_metadata:
document_metadata.value = unquote_plus(metadata_dict['value'])
document_metadata.save()
def get_wordpress_user(request):
cookie_hash = hashlib.md5(force_bytes(get_site_url())).hexdigest()
cookie = request.COOKIES.get("wordpress_logged_in_" + cookie_hash)
if cookie:
cookie = unquote_plus(cookie)
return _validate_auth_cookie(cookie)
def __init__(self, url):
if isinstance(url, string_types):
parsed = urlparse(url)
self.parsed = parsed._replace(query=frozenset(
parse_qsl(parsed.query)),
path=unquote_plus(parsed.path))
else: # It's already a URL.
self.parsed = url.parsed
def __init__(self, staging_folder, filename=None, encoded_filename=None):
self.staging_folder = staging_folder
if encoded_filename:
self.encoded_filename = str(encoded_filename)
self.filename = base64.urlsafe_b64decode(
unquote_plus(self.encoded_filename)).decode('utf8')
else:
self.filename = filename
self.encoded_filename = quote_plus(
base64.urlsafe_b64encode(filename.encode('utf8')))
def get_wordpress_user(request):
if WORDPRESS_COOKIEHASH is None:
cookie_hash = hashlib.md5(force_bytes(get_site_url())).hexdigest()
else:
cookie_hash = WORDPRESS_COOKIEHASH
cookie = request.COOKIES.get('wordpress_logged_in_' + cookie_hash)
if cookie:
cookie = unquote_plus(cookie)
return _validate_auth_cookie(cookie)
def __init__(self, staging_folder, filename=None, encoded_filename=None):
self.staging_folder = staging_folder
if encoded_filename:
self.encoded_filename = str(encoded_filename)
self.filename = base64.urlsafe_b64decode(
unquote_plus(self.encoded_filename)
).decode('utf8')
else:
self.filename = filename
self.encoded_filename = quote_plus(base64.urlsafe_b64encode(
filename.encode('utf8')
))
def get(self, request, *args, **kwargs):
def unwhitespace(val):
return " ".join(val.split())
if 'ps_q' in request.GET:
# Keeping Unicode in URL, replacing space with '+'.
query = uri_to_iri(urlquote_plus(unwhitespace(
request.GET['ps_q'])))
params = {'query': query} if query else None
return HttpResponseRedirect(reverse_lazy('search', kwargs=params))
query = kwargs['query'] or '' # Avoiding query=None
self.query = unwhitespace(unquote_plus(query))
return super().get(request, *args, **kwargs)
def get(self, request, *args, **kwargs):
def unwhitespace(val):
return " ".join(val.split())
if 'ps_q' in request.GET:
# Keeping Unicode in URL, replacing space with '+'.
query = uri_to_iri(urlquote_plus(unwhitespace(request.GET['ps_q'])))
params = {'query': query} if query else None
return HttpResponseRedirect(reverse_lazy('search', kwargs=params))
query = kwargs['query'] or '' # Avoiding query=None
self.query = unwhitespace(unquote_plus(query))
# Exclude places whose owner blocked unauthenticated viewing.
if not request.user.is_authenticated:
self.queryset = self.queryset.exclude(owner__pref__public_listing=False)
return super().get(request, *args, **kwargs)
def get(self, request, *args, **kwargs):
if 'ps_q' in request.GET:
# Keeping Unicode in URL, replacing space with '+'
query = uri_to_iri(urlquote_plus(request.GET['ps_q']))
params = {'query': query} if query else None
return HttpResponseRedirect(reverse_lazy('search', kwargs=params))
query = kwargs['query'] or '' # Avoiding query=None
self.query = unquote_plus(query)
if self.query:
try:
geocoder = geopy.geocoders.OpenCage(settings.OPENCAGE_KEY, timeout=5)
self.locations = geocoder.geocode(self.query, language=lang, exactly_one=False)
except (GeocoderTimedOut, GeocoderServiceError) as e:
self.locations = []
return super(SearchView, self).get(request, *args, **kwargs)
def get(self, request, *args, **kwargs):
if 'ps_q' in request.GET:
# Keeping Unicode in URL, replacing space with '+'
query = uri_to_iri(urlquote_plus(request.GET['ps_q']))
params = {'query': query} if query else None
return HttpResponseRedirect(reverse_lazy('search', kwargs=params))
query = kwargs['query'] or '' # Avoiding query=None
self.query = unquote_plus(query)
if self.query:
try:
geocoder = geopy.geocoders.OpenCage(settings.OPENCAGE_KEY, timeout=5)
self.locations = geocoder.geocode(self.query, language=lang, exactly_one=False)
except (GeocoderTimedOut, GeocoderServiceError) as e:
self.locations = []
return super(SearchView, self).get(request, *args, **kwargs)
def __init__(self, url):
if isinstance(url, string_types):
parsed = urlparse(url)
self.parsed = parsed._replace(query=frozenset(parse_qsl(parsed.query)), path=unquote_plus(parsed.path))
else: # It's already a URL.
self.parsed = url.parsed
def urlunquote_plus(quoted_url):
"""
A wrapper for Python's urllib.unquote_plus() function that can operate on
the result of django.utils.http.urlquote_plus().
"""
return force_text(unquote_plus(force_str(quoted_url)))
def urlunquote_plus(quoted_url):
"""
A wrapper for Python's urllib.unquote_plus() function that can operate on
the result of django.utils.http.urlquote_plus().
"""
return force_text(unquote_plus(force_str(quoted_url)))
from __future__ import unicode_literals
def parse_query(self, query):
"""Parses the arguments of the uri, and modifies the
ReportConfig-object configuration.
:param query: a dict representing the argument-part of the uri
"""
## config is the configuration obtained from the configuration file
config = self.configuration
fields = {}
nott = {}
operator = {}
safere = re.compile("(select|drop|update|delete).*(from|where)", re.I)
for key, value in query.items():
if key == "sql" or key == "query":
#error("Access to make SQL-querys permitted")
pass
elif key == "title":
config.title = value
elif key == "order_by" or key == "sort":
config.order_by = value.split(",") + config.order_by
elif key == "skjul" or key == "hidden" or key == "hide":
config.hidden.extend(value.split(","))
elif key == "ekstra" or key == "extra":
config.extra.extend(value.split(","))
elif key == "sum" or key == "total":
config.sum.extend(value.split(","))
elif key == "offset":
config.offset = value
elif key == "limit":
config.limit = value
else:
pattern = re.compile(r"^(?P<group>\S+?)_(?P<groupkey>\S+?)$")
match = pattern.search(key)
if match:
group = unquote_plus(match.group('group'))
group_key = unquote_plus(match.group('groupkey'))
if group in ("navn", "name"):
config.name[group_key] = value
elif group in ("url", "uri"):
config.uri[group_key] = value
elif group in ("forklar", "explain", "description"):
config.explain[group_key] = value
elif group == "not":
nott[group_key] = value
elif group == "op":
operator[group_key] = value
else:
match = None
if not match:
if value:
fields[unquote_plus(key)] = unquote_plus(value)
for key, value in fields.items():
if not key in operator:
operator[key] = "eq"
# Set a default operator
operat = "="
if key in nott:
neg = "not "
else:
neg = ""
if value == "null":
if neg:
operat = "is not"
neg = ""
else:
operat = "is"
else:
if safere.search(value):
config.error = ("You are not allowed to make advanced sql"
" terms")
else:
if operator[key] == "eq":
if neg:
operat = "<>"
neg = ""
else:
operat = "="
value = intstr(value)
elif operator[key] == "like":
operat = "ilike"
value = intstr(value.replace("*", "%"))
elif operator[key] == "gt":
if neg:
operat = "<="
neg = ""
else:
operat = ">"
value = intstr(value)
elif operator[key] == "geq":
if neg:
operat = "<"
neg = ""
else:
operat = ">="
value = intstr(value)
elif operator[key] == "lt":
if neg:
operat = ">="
neg = ""
else:
operat = "<"
value = intstr(value)
elif operator[key] == "leq":
if neg:
operat = ">"
neg = ""
else:
operat = "<="
value = intstr(value)
elif operator[key] == "in":
operat = "in"
inlist = value.split(",")
if inlist:
value = "(%s)" % ",".join(intstr(a.strip())
for a in inlist)
else:
config.error = ("The arguments to 'in' must be "
"comma separated")
elif operator[key] == "between":
operat = "between"
between = value.split(",")
if not len(between) == 2:
between = value.split(":")
if len(between) == 2:
value = "%s and %s" % (intstr(between[0]),
intstr(between[1]))
else:
config.error = ("The arguments to 'between' must "
"be comma separated")
# query is now a unicode QueryDict to dict()...
# here be DRAGONS, cute shoulder dragons!
key = key.encode('UTF8')
config.where.append(key + " " + neg + operat + " " + value)
return fields, nott, operator
