Esempio n. 1
0
def send_twitter(room, token, limit=None):
	conn = sqlite3.connect('../dbs/twitter.db')
	c = conn.cursor()
	cmd = "SELECT tweeter_name, tweeter_href, tweet_href, summary, display_pic FROM twitter WHERE timestamp = ?"
	count = c.execute(cmd, (timestamp,))
	if count.fetchone() == None or count.fetchone()[0] == 0:
		print "No new records to push @ " + timestamp
	else:
		data = c.execute(cmd, (timestamp,))
		rows = data.fetchall()
		print rows
		count = 0
		for row in rows:
			description = textwrap.wrap(utils.escape(row[3]), width=75)[0] + " [...]"
			try:
				message = "<img src=\"{0}\"></img> &#8226; {1}<br> <a href=\"{2}\">{3}</a> &#8226; <a href=\"{4}\">Permalink</a>".format(
				"https://static.shubh.am/wsw/twitter_small.png", description.encode("utf-8"), utils.escape(row[1]).encode("utf-8"),
				utils.escape(row[0]).encode("utf-8"), utils.escape(row[2]).encode("utf-8"))
			except:
				message = "error in encoding"
			print message
			if limit!= None and count != limit:
				send_message(room, message, "green", token)
				count += 1
			elif limit == None:
				send_message(room, message, "green", token)
Esempio n. 2
0
def topic_browser_tree(tree, level=0):
    s = ""
    class_name = "topline"
    for child in tree.children:
        href = "#%s" % escape(child.id)
        if not child.children:
            if level == 0:
                s += "<li class='solo'><a href='%s' class='menulink'>%s</a></li>" % (href, escape(child.title))
            else:
                s += "<li class='%s'><a href='%s'>%s</a></li>" % (class_name, href, escape(child.title))
        else:
            if level > 0:
                class_name += " sub"
            s += ("<li class='%s'>"
                        "<a href='%s'>%s</a>"
                            "<ul>" % (class_name, href, escape(child.title)))
            s += topic_browser_tree(child, level=level + 1)
            s += "</ul></li>"

        class_name = ""

    if level == 2:
        s = "<span class='mobile-only'>%s</span>" % s

    return s
Esempio n. 3
0
def do_xmlattr(_eval_ctx, d, autospace=True):
    """Create an SGML/XML attribute string based on the items in a dict.
    All values that are neither `none` nor `undefined` are automatically
    escaped:

    .. sourcecode:: html+jinja

        <ul{{ {'class': 'my_list', 'missing': none,
                'id': 'list-%d'|format(variable)}|xmlattr }}>
        ...
        </ul>

    Results in something like this:

    .. sourcecode:: html

        <ul class="my_list" id="list-42">
        ...
        </ul>

    As you can see it automatically prepends a space in front of the item
    if the filter returned something unless the second parameter is false.
    """
    rv = u' '.join(
        u'%s="%s"' % (escape(key), escape(value))
        for key, value in iteritems(d)
        if value is not None and not isinstance(value, Undefined)
    )
    if autospace and rv:
        rv = u' ' + rv
    if _eval_ctx.autoescape:
        rv = Markup(rv)
    return rv
Esempio n. 4
0
def user_edit(request):
    user_id = request.POST.get("user_id")
    user_name = request.POST.get("user_name")
    user_password = request.POST.get("user_password")
    user_email = request.POST.get("user_email")
    user_group_id = request.POST.get("user_group_id")
    if not user_name or not user_email or not user_group_id:
        return redirect("add_a_user")
    user_id = int(user_id)
    user_name = utils.escape(user_name)
    user_email = utils.escape(user_email)
    hashed_password = None
    if user_password:
        hashed_password = hashers.make_password(password=user_password,
                                                salt=settings.SALT)
    user_group_id = int(user_group_id)
    update_dict = {
        "name": user_name,
        "email": user_email,
        "user_group_id": user_group_id
    }
    if hashed_password:
        update_dict["password"] = hashed_password
    User.objects.filter(id=user_id).update(**update_dict)
    return redirect("add_a_user")
Esempio n. 5
0
def register():
    from flask import request
    if request.method == 'POST':
        name = str(utils.escape(request.json['name']))
        email = str(utils.escape(request.json['email']))
        password = pbkdf2_sha256.hash(request.json['pass'])
        if len(name) != 0 and len(email) != 0 and len(password) != 0:
            if email_validator(email):
                conn = mysql.connect()
                cursor = conn.cursor()
                cursor.execute("SELECT * FROM User WHERE username = '******'")
                data = cursor.fetchone()
                if data is None:
                    cursor.execute(
                        'INSERT INTO User(username,email,password) VALUES(%s,%s,%s)',
                        [name, email, password])
                    conn.commit()
                    return "登録できました!"
                else:
                    return "すでに同じユーザーネームのユーザーが存在します"
            else:
                return "正しいメールアドレスではありません"
        else:
            return "空のフィールドが存在します"
Esempio n. 6
0
def topic_browser_tree(tree, level=0):
    s = ""
    class_name = "topline"
    for child in tree.children:

        if not child.has_children_of_type(["Topic", "Video", "Url"]):
            continue

        if not child.children or child.id in topic_models.Topic._super_topic_ids:
            # special cases
            if child.id == "new-and-noteworthy":
                continue
            elif child.standalone_title == "California Standards Test: Algebra I" and child.id != "algebra-i":
                child.id = "algebra-i"
            elif child.standalone_title == "California Standards Test: Geometry" and child.id != "geometry-2":
                child.id = "geometry-2"

            # show leaf node as a link
            href = "#%s" % escape(slugify(child.id))

            if level == 0:
                s += "<li class='solo'><a href='%s' data-tag='TopicBrowser' class='menulink'>%s</a></li>" % (href, escape(child.title))
            else:
                s += "<li class='%s'><a href='%s' data-tag='TopicBrowser'>%s</a></li>" % (class_name, href, escape(child.title))

        else:
            if level > 0:
                class_name += " sub"

            s += "<li class='%s'>%s <ul>%s</ul></li>" % (class_name, escape(child.title), topic_browser_tree(child, level=level + 1))

        class_name = ""

    return s
Esempio n. 7
0
def send_fulldisclosure(room, token, limit=None):
	conn = sqlite3.connect('../dbs/fulldisclosure.db')
	c = conn.cursor()
	cmd = "SELECT title, link, date, description FROM fulldisclosure WHERE timestamp = ?"
	count = c.execute(cmd, (timestamp,))
	if count.fetchone() == None or count.fetchone()[0] == 0:
		print "No new records to push @ " + timestamp
	else:
		data = c.execute(cmd, (timestamp,))
		rows = data.fetchall()
		print rows
		count = 0
		for row in rows:
			description = textwrap.wrap(utils.escape(row[3]), width=25)[0] + " [...]"
			try:
				message = "<img src=\"{0}\"></img> New Mail: <a href=\"{1}\">{2}</a> &#8226; Posted on {3}: {4}".format(
				"https://static.shubh.am/wsw/seclists_small.png", str(utils.escape(row[1])), str(utils.escape(row[0])), row[2], description)
			except:
				message = "error in encoding"
			print message
			if limit!= None and count != limit:
				send_message(room, message, "purple", token)
				count += 1
			elif limit == None:
				send_message(room, message, "purple", token)
Esempio n. 8
0
def update(request):
    import json
    if request.method == 'POST':
        response_data = {}

        film = Film.objects.get(pk=request.POST.get('film'))
        name = str(utils.escape(request.POST.get('name')))
        year = str(utils.escape(request.POST.get('year')))
        discript = str(utils.escape(request.POST.get('discription')))

        if name:
            film.f_name = name
        if year:
            film.f_year_creation = year
        if discript:
            film.f_discription = discript
        film.save()

        response_data['name'] = film.f_name
        response_data['year'] = film.f_year_creation
        response_data['discription'] = film.f_discription

        return HttpResponse(json.dumps(response_data),
                            content_type="application/json")
    else:
        return HttpResponse(json.dumps({"result": "nothing has happened"}),
                            content_type="application/json")
Esempio n. 9
0
def format_message_explicit_emotes(message, emotes, size="1.0"):
	if not emotes:
		return Markup(urlize(message).replace('<a ', '<a target="_blank" '))

	# emotes format is
	# <emoteid>:<start>-<end>[,<start>-<end>,...][/<emoteid>:<start>-<end>,.../...]
	# eg:
	# 123:0-2/456:3-6,7-10
	# means that chars 0-2 (inclusive, 0-based) are emote 123,
	# and chars 3-6 and 7-10 are two copies of emote 456
	parsed_emotes = []
	for emote in emotes.split('/'):
		emoteid, positions = emote.split(':')
		emoteid = int(emoteid)
		for position in positions.split(','):
			start, end = position.split('-')
			start = int(start)
			end = int(end) + 1 # make it left-inclusive, to be more consistent with how Python does things
			parsed_emotes.append((start, end, emoteid))
	parsed_emotes.sort(key=lambda x:x[0])

	bits = []
	prev = 0
	for start, end, emoteid in parsed_emotes:
		if prev < start:
			bits.append(urlize(message[prev:start]).replace('<a ', '<a target="_blank" '))
		url = escape("http://static-cdn.jtvnw.net/emoticons/v1/%d/%s" % (emoteid, size))
		command = escape(message[start:end])
		bits.append('<img src="%s" alt="%s" title="%s">' % (url, command, command))
		prev = end
	if prev < len(message):
		bits.append(urlize(message[prev:]).replace('<a ', '<a target="_blank" '))
	return Markup(''.join(bits))
Esempio n. 10
0
def send_stackoverflow(room, token, limit=None):
	conn = sqlite3.connect('../dbs/stackoverflow.db')
	c = conn.cursor()
	cmd = "SELECT title, link, answers, date, summary FROM stackoverflow WHERE timestamp = ?"
	count = c.execute(cmd, (timestamp,))
	if count.fetchone() == None or count.fetchone()[0] == 0:
		print "No new records to push @ " + timestamp
	else:
		data = c.execute(cmd, (timestamp,))
		rows = data.fetchall()
		print rows
		count = 0
		for row in rows:
			description = textwrap.wrap(utils.escape(row[4]), width=25)[0] + " [...]"
			try:
				message = "<img src=\"{0}\"></img> <a href=\"{1}\">{2}</a><br> {3} answers &#8226; {4}".format(
				"https://static.shubh.am/wsw/stackoverflow_small.png", utils.escape(row[1]).encode("utf-8"), utils.escape(row[0]).encode("utf-8"),
				utils.escape(row[2]).encode("utf-8"), utils.escape(row[3]).encode("utf-8"))
			except:
				message = "error in encoding"
			print message
			if limit!= None and count != limit:
				send_message(room, message, "red", token)	
				count += 1
			elif limit == None:
				send_message(room, message, "red", token)
Esempio n. 11
0
def label_badge(label, cls="", remove_from_ticket=None):
    """Return HTML markup rendering a label badge.

    Additional HTML classes can be passed via the `cls` parameter.

    If a Ticket is passed in `remove_from_ticket`, a removal button will also
    be rendered for removing the label from given ticket.
    """
    name = escape(label.name)
    color = escape(label.text_color)
    bg_color = escape(label.color)
    html_class = escape(f"label {cls}".strip())

    style = f"color: {color}; background-color: {bg_color}"
    search_url = urls.label_search_url(label)

    if remove_from_ticket:
        remove_url = urls.label_remove_url(label, remove_from_ticket)
        remove_form = f"""
            <form method="POST" action="{remove_url}">
              {csrf_token()}
              <button type="submit" class="btn btn-link">
                {icon('times')}
              </button>
            </form>
        """
    else:
        remove_form = ""

    return Markup(
        f"""<span style="{style}" class="{html_class}" href="{search_url}">
            <a href="{search_url}">{name}</a>
            {remove_form}
        </span>""")
Esempio n. 12
0
def send_hackerone_hacktivity(room, token, limit=None):
	conn = sqlite3.connect('../dbs/hackerone_hacktivity.db')
	c = conn.cursor()
	cmd = "SELECT company, company_href, hunter, hunter_href, bounty, time_ago FROM hacktivity WHERE timestamp = ?"
	count = c.execute(cmd, (timestamp,))
	if count.fetchone() == None or count.fetchone()[0] == 0:
		print "No new records to push @ " + timestamp
	else:
		data = c.execute(cmd, (timestamp,))
		rows = data.fetchall()
		print rows
		count = 0
		for row in rows:
			try:
				message = "<img src=\"{0}\"></img> <a href=\"{1}\">{2}</a> rewarded <a href=\"{3}\">{4}</a> with a {5} bounty. ({6})".format(
				"https://static.shubh.am/wsw/hackerone_small.png", str(utils.escape(row[1])), str(utils.escape(row[0])), str(utils.escape(row[3])),
				str(utils.escape(row[2])), str(utils.escape(row[4])), str(utils.escape(row[5])))
			except:
				message = "error in encoding"
			print message
			if limit!= None and count != limit:
				send_message(room, message, "gray", token)
				count += 1
			elif limit == None:
				send_message(room, message, "gray", token)
Esempio n. 13
0
def send_netsec(room, token, limit=None):
	conn = sqlite3.connect('../dbs/netsec.db')
	c = conn.cursor()
	cmd = "SELECT name, href, author, author_href, rep, comment_count, comment_href, domain FROM posts WHERE timestamp = ?"
	count = c.execute(cmd, (timestamp,))
	if count.fetchone() == None or count.fetchone()[0] == 0:
		print "No new records to push @ " + timestamp
	else:
		data = c.execute(cmd, (timestamp,))
		rows = data.fetchall()
		print rows
		count = 0
		for row in rows:
			try:
				message = "<img src=\"{0}\"></img> <a href=\"{1}\">{2}</a> submitted by <a href=\"{3}\">{4}</a><br>{5} upvotes &#8226; <a href=\"{6}\">{7}</a> &#8226; <a href=\"{8}\">{9}</a>.".format(
				"https://static.shubh.am/wsw/reddit_small.png", utils.escape(row[1]).encode("utf-8"), utils.escape(row[0]).encode("utf-8"), utils.escape(row[3]).encode("utf-8"),
				utils.escape(row[2]).encode("utf-8"), utils.escape(row[4]).encode("utf-8"), utils.escape(row[6]).encode("utf-8"), utils.escape(row[5]).encode("utf-8"), "http://" + utils.escape(row[7]).encode("utf-8"),utils.escape(row[7]).encode("utf-8"))
			except:
				message = "error in encoding"
			print message
			if limit!= None and count != limit:
				send_message(room, message, "green", token)	
				count += 1
			elif limit == None:
				send_message(room, message, "green", token)
Esempio n. 14
0
def do_xmlattr(_eval_ctx, d, autospace = True):
    rv = u' '.join((u'%s="%s"' % (escape(key), escape(value)) for key, value in d.iteritems() if value is not None and not isinstance(value, Undefined)))
    if autospace and rv:
        rv = u' ' + rv
    if _eval_ctx.autoescape:
        rv = Markup(rv)
    return rv
Esempio n. 15
0
def employee_attandance_save_viewlist_json(request):
    attandance_data_filepath = request.GET.get("filepath")
    attandance_list = {"total": 0, "rows": []}
    if not attandance_data_filepath:
        attandance_list["total"] = 1
        attandance_list["rows"].append({"employee_id": "-", "employee_name": "-", "employee_gender": "-", "employee_position": "-",
                                        "is_late": "-", "checktime": "-", "standardtime": "-"})
    else:
        if attandance_data_filepath.startswith(Employee._meta.app_label + "/files/") and attandance_data_filepath.endswith(".csv"):
            try:
                with open(attandance_data_filepath, encoding='UTF-8') as file_h:
                    standard_time_line = file_h.readline()
                    heading_line = file_h.readline()
                    data_line = file_h.readline()

                    standard_time = utils.escape(standard_time_line.split(",")[1])
                    attandance_list["total"] = 0
                    while data_line:
                        attandance_list["total"] += 1
                        data_line = data_line.strip()
                        attandance_item = data_line.split(",")
                        attandance_list["rows"].append(
                            {"employee_id": int(attandance_item[0]), "employee_name": utils.escape(attandance_item[1]),
                             "employee_gender": utils.escape(attandance_item[2]), "employee_position": utils.escape(attandance_item[3]),
                             "is_late": utils.escape(attandance_item[4]), "checktime": attandance_item[5], "standardtime": utils.escape(standard_time)})
                        data_line = file_h.readline()
            except Exception as e:
                logger.error(e)
                attandance_list["rows"].append(
                    {"employee_id": "-", "employee_name": "文件处理出错", "employee_gender": "-", "employee_position": "-",
                     "is_late": "-", "checktime": "-", "standardtime": "-"})
    return HttpResponse(json.dumps(attandance_list, ensure_ascii=False), content_type="application/json, charset=utf-8")
Esempio n. 16
0
def topic_browser_tree(tree, level=0):
    s = ""
    class_name = "topline"
    for child in tree.children:
        href = "#%s" % escape(child.id)
        if not child.children:
            if level == 0:
                s += "<li class='solo'><a href='%s' class='menulink'>%s</a></li>" % (href, escape(child.title))
            else:
                s += "<li class='%s'><a href='%s'>%s</a></li>" % (class_name, href, escape(child.title))
        else:
            if level > 0:
                class_name += " sub"
            s += ("<li class='%s'>"
                        "<a href='%s'>%s</a>"
                            "<ul>" % (class_name, href, escape(child.title)))
            s += topic_browser_tree(child, level=level + 1)
            s += "</ul></li>"

        class_name = ""

    if level == 2:
        s = "<span class='mobile-only'>%s</span>" % s

    return s
Esempio n. 17
0
 def _url_args(d, append=u'?', filter=[]):
     from jinja2.utils import escape
     rv = append + u'&'.join(u'%s=%s' % (escape(key), escape(value))
                             for key, value in d.iteritems(True)
                             if value is not None and key not in filter
                             # and not isinstance(value, Undefined)
                             )
     return rv
Esempio n. 18
0
def employee_attandance(request):
    def check_file(file_h):
        try:
            standard_time_line = file_h.readline()
            if len(standard_time_line.split(",")) != 2 or len(standard_time_line.split(",")[1].split(":")) != 2:
                raise Exception("基准时间行格式错误")
            heading_line = file_h.readline()
            if len(heading_line.split(",")) != 6:
                raise Exception("表头格式错误")
            data_line = file_h.readline()
            if not data_line:
                raise EOFError()
            line_no = 3
            while data_line:
                data_line = data_line.strip()
                data_item = data_line.split(",")
                if len(data_item) != 6:
                    raise Exception("数据行%s格式错误" % line_no)
                try:
                    time.strptime(data_item[5].strip(), "%Y-%m-%d %H:%M:%S")
                except Exception as e:
                    raise Exception("数据行%s日期格式错误: %s" % (line_no, data_item[5]))
                data_line = file_h.readline()
                line_no += 1
        except EOFError:
            return "数据缺失"
        except Exception as e:
            return str(e)
        return ""
    context = {}
    error_msg = request.GET.get("error_msg")
    ok_msg = request.GET.get("ok_msg")
    filename = ""
    if request.method == 'POST':
        file_handler = request.FILES.get('upload_file')
        if file_handler:
            filename = Employee._meta.app_label + '/files/attandance-%s.csv' % uuid.uuid1()
            with open(filename, 'wb') as destination:
                for chunk in file_handler.chunks():
                    destination.write(chunk)
            with open(filename, 'r', encoding='UTF-8') as f:
                error_msg = check_file(f)
            if error_msg:
                os.remove(filename)
        else:
            error_msg = "提交文件不能为空"
    if error_msg:
        context["error_msg"] = utils.escape(error_msg)
    if ok_msg:
        context["ok_msg"] = utils.escape(ok_msg)
    if filename and not error_msg:
        context["grid_url"] = reverse("employee_attandance_save_viewlist_json") + "?filepath=" + filename
        context["save_btn_redirect"] = reverse("employee_attandance_save") + "?filepath=" + filename
    else:
        context["grid_url"] = reverse("employee_attandance_save_viewlist_json")
        context["save_btn_redirect"] = "not-allowed"
    return render(request, "employee_attandance.html", context)
Esempio n. 19
0
def do_xmlattr(_eval_ctx, d, autospace=True):
    rv = u' '.join((u'%s="%s"' % (escape(key), escape(value))
                    for key, value in d.iteritems()
                    if value is not None and not isinstance(value, Undefined)))
    if autospace and rv:
        rv = u' ' + rv
    if _eval_ctx.autoescape:
        rv = Markup(rv)
    return rv
Esempio n. 20
0
 def _url_args(d, append=u'?', filter=[]):
     from jinja2.utils import escape
     rv = append + u'&'.join(
         u'%s=%s' % (escape(key), escape(value))
         for key, value in d.iteritems(True)
         if value is not None and key not in filter
         # and not isinstance(value, Undefined)
     )
     return rv
Esempio n. 21
0
def build_message_html(time, source, target, message, specialuser, usercolor,
                       emoteset, emotes, displayname):
    if source.lower() == config['notifyuser']:
        return '<div class="notification line" data-timestamp="%d">%s</div>' % (
            time.timestamp(), escape(message))

    if message[:4].lower() in (".me ", "/me "):
        is_action = True
        message = message[4:]
    else:
        is_action = False

    ret = []
    ret.append('<div class="line" data-timestamp="%d">' % time.timestamp())
    if 'staff' in specialuser:
        ret.append('<span class="badge staff"></span> ')
    if 'admin' in specialuser:
        ret.append('<span class="badge admin"></span> ')
    if "#" + source.lower() == target.lower():
        ret.append('<span class="badge broadcaster"></span> ')
    if 'mod' in specialuser:
        ret.append('<span class="badge mod"></span> ')
    if 'turbo' in specialuser:
        ret.append('<span class="badge turbo"></span> ')
    if 'subscriber' in specialuser:
        ret.append('<span class="badge subscriber"></span> ')
    ret.append('<span class="nick"')
    if usercolor:
        ret.append(' style="color:%s"' % escape(usercolor))
    ret.append('>%s</span>' % escape(displayname or
                                     (yield from get_display_name(source))))

    if is_action:
        ret.append(' <span class="action"')
        if usercolor:
            ret.append(' style="color:%s"' % escape(usercolor))
        ret.append('>')
    else:
        ret.append(": ")

    if 'cleared' in specialuser:
        ret.append('<span class="deleted">&lt;message deleted&gt;</span>')
        # Use escape() rather than urlize() so as not to have live spam links
        # either for users to accidentally click, or for Google to see
        ret.append('<span class="message cleared">%s</span>' % escape(message))
    else:
        messagehtml = yield from format_message(message,
                                                emotes,
                                                emoteset,
                                                cheer='cheer' in specialuser)
        ret.append('<span class="message">%s</span>' % messagehtml)

    if is_action:
        ret.append('</span>')
    ret.append('</div>')
    return ''.join(ret)
Esempio n. 22
0
def post(request):
    message = Message(body=escape(request.POST.get('body', '')),
                      author=escape(request.POST.get('author', '')))
    if message.is_valid():
        message.save()
        body = {'status': 'SUCCESS'}
    else:
        body = dict(message.errors)
        body.update({'status': 'FAILED'})
    return Response(body=json.dumps(body))
Esempio n. 23
0
def remove():
    from flask import request, jsonify
    if request.method == 'POST':
        name = str(utils.escape(request.json['name']))
        title = str(utils.escape(request.json['title']))
        print(title)
        conn = mysql.connect()
        cursor = conn.cursor()
        cursor.execute("DELETE FROM Task WHERE username ='******'AND title ='" + title + "'")
        conn.commit()
        return "タスクは削除されました"
Esempio n. 24
0
def generate_report(results):
    """Generates HTML report from test results in JSON format."""
    tests = []
    for i, name in enumerate(sorted(results["test_cases"])):
        test = results["test_cases"][name]
        if "tags" in test:
            name = "%(name)s [%(tags)s]" % {
                "name": name,
                "tags": ", ".join(test["tags"])
            }
        if "traceback" in test:
            output = utils.escape(test["traceback"])
        elif "reason" in test:
            matcher = SKIP_RE.match(test["reason"])
            if matcher:
                href = LAUNCHPAD_BUG_LINK.format(matcher.group("bug_number"))
                output = re.sub(matcher.group("bug_number"), href,
                                test["reason"])
            else:
                output = utils.escape(test["reason"])
        else:
            output = ""

        tests.append({
            "id": i,
            "time": test["time"],
            "name": name,
            "output": output,
            "status": test["status"]
        })

    template = ui_utils.get_template("verification/report.mako")
    return template.render(
        report={
            "tests":
            tests,
            "total":
            results["tests"],
            "time":
            "{0} ({1} s)".format(
                datetime.timedelta(
                    seconds=round(float(results["time"]))), results["time"]),
            "success":
            results["success"],
            "failures":
            results["failures"],
            "skipped":
            results["skipped"],
            "expected_failures":
            results["expected_failures"],
            "unexpected_success":
            results["unexpected_success"]
        })
Esempio n. 25
0
def build_message_html(time, source, target, message, specialuser, usercolor, emoteset, emotes, displayname):
	if source.lower() == config['notifyuser']:
		return '<div class="notification line" data-timestamp="%d">%s</div>' % (time.timestamp(), escape(message))

	if message[:4].lower() in (".me ", "/me "):
		is_action = True
		message = message[4:]
	else:
		is_action = False

	ret = []
	ret.append('<div class="line" data-timestamp="%d">' % time.timestamp())
	if 'staff' in specialuser:
		ret.append('<span class="badge staff"></span> ')
	if 'admin' in specialuser:
		ret.append('<span class="badge admin"></span> ')
	if "#" + source.lower() == target.lower():
		ret.append('<span class="badge broadcaster"></span> ')
	if 'mod' in specialuser:
		ret.append('<span class="badge mod"></span> ')
	if 'turbo' in specialuser:
		ret.append('<span class="badge turbo"></span> ')
	if 'subscriber' in specialuser:
		ret.append('<span class="badge subscriber"></span> ')
	ret.append('<span class="nick"')
	if usercolor:
		ret.append(' style="color:%s"' % escape(usercolor))
	ret.append('>%s</span>' % escape(displayname or (yield from get_display_name(source))))

	if is_action:
		ret.append(' <span class="action"')
		if usercolor:
			ret.append(' style="color:%s"' % escape(usercolor))
		ret.append('>')
	else:
		ret.append(": ")

	if 'cleared' in specialuser:
		ret.append('<span class="deleted">&lt;message deleted&gt;</span>')
		# Use escape() rather than urlize() so as not to have live spam links
		# either for users to accidentally click, or for Google to see
		ret.append('<span class="message cleared">%s</span>' % escape(message))
	elif emotes is not None:
		messagehtml = format_message_explicit_emotes(message, emotes)
		ret.append('<span class="message">%s</span>' % messagehtml)
	else:
		messagehtml = format_message(message, (yield from get_filtered_emotes(emoteset)))
		ret.append('<span class="message">%s</span>' % messagehtml)

	if is_action:
		ret.append('</span>')
	ret.append('</div>')
	return ''.join(ret)
Esempio n. 26
0
def thumbnail_link_dict(video=None, exercise=None, thumb_url=None):

    link_dict = None

    if video:
        link_dict = {
            "href": "/video/%s" % video.readable_id,
            "thumb_urls":
            models.Video.youtube_thumbnail_urls(video.youtube_id),
            "title": video.title,
            "desc_html": templatetags.video_name_and_progress(video),
            "teaser_html": video.description,
            "youtube_id": video.youtube_id,
            "marquee": ("marquee" in video.keywords),
            "selected": False,
            "key": video.key(),
            "type": "video-thumb",
        }

    if exercise:
        link_dict = {
            "href":
            exercise.relative_url,
            "thumb_urls": {
                "hq": thumb_url,
                "sd": thumb_url
            },
            "desc_html":
            escape(exercise.display_name),
            "teaser_html":
            "Exercise your <em>%s</em> skills" % escape(exercise.display_name),
            "youtube_id":
            "",
            "marquee":
            False,
            "selected":
            False,
            "key":
            exercise.key(),
            "type":
            "exercise-thumb",
        }

    if link_dict:

        if len(link_dict["teaser_html"]) > 60:
            link_dict[
                "teaser_html"] = link_dict["teaser_html"][:60] + "&hellip;"

        return link_dict

    return None
Esempio n. 27
0
def update():
    from flask import request, jsonify
    if request.method == 'POST':
        name = str(utils.escape(request.json['name']))
        title = str(utils.escape(request.json['title']))
        status = request.json["status"]
        conn = mysql.connect()
        cursor = conn.cursor()
        cursor.execute("UPDATE "
                       "Task SET status ='" + status + "'WHERE username ='******'AND title ='" + title + "'")
        conn.commit()
        return "タスクは完了しました"
Esempio n. 28
0
def group_add(request):
    group_name = request.POST.get("group_name")
    group_remark = request.POST.get("group_remark")
    if not group_name:
        return redirect("add_a_usergroup")
    group_name = utils.escape(group_name)
    if group_remark:
        group_remark = utils.escape(group_remark)
    else:
        group_remark = ""
    new_usergroup = UserGroup(name=group_name, remark=group_remark)
    new_usergroup.save()
    return redirect("add_a_usergroup")
Esempio n. 29
0
File: GTW.py Progetto: Tapyr/tapyr
    def xmlattr (self, * ds, ** kw) :
        """Convert (sorted) items of dict `d` to SGML/XML attribute string.

           This is similar to jinja's `xmlattr` filter but ensures
           deterministic output by sorting by attribute name.
        """
        from jinja2.utils import escape
        d      = self.filtered_dict (* ds, ** kw)
        result = " ".join \
            ( '%s="%s"' % (escape (k), escape (v))
            for k, v in sorted (pyk.iteritems (d), key = TFL.Getter [0])
            )
        return (" " + result) if result else ""
Esempio n. 30
0
File: GTW.py Progetto: JPilarr/tapyr
    def xmlattr (self, * ds, ** kw) :
        """Convert (sorted) items of dict `d` to SGML/XML attribute string.

           This is similar to jinja's `xmlattr` filter but ensures
           deterministic output by sorting by attribute name.
        """
        from jinja2.utils import escape
        d      = self.filtered_dict (* ds, ** kw)
        result = " ".join \
            ( '%s="%s"' % (escape (k), escape (v))
            for k, v in sorted (pyk.iteritems (d), key = TFL.Getter [0])
            )
        return (" " + result) if result else ""
Esempio n. 31
0
def comment(pagename):
    if request.is_xhr is True:
      if not 0 < len(request.form["data"]) <= 500:
        return jsonify(res="error")

      comment = str(utils.escape(request.form["data"]))  # for xss filtering
      icon = str(utils.escape(request.form["icon"]))  # for xss filtering
      id = models.Comment().add(pagename=pagename, username=session["username"], comment=comment)  # コメントのIDを返す。このIDはMongoDBの備え付けのIDではない

      data = "<div class='comment' data-id='%s'><div class='pic'><img src='%s' style='width:45px;height:45px;' alt=''></div><div class='content'>\
              <div class='flright'><a href='#' data-gifId='%s' data-comId='%s'>x</a></div>\
              <a href='/%s'>%s</a><br>%s<p style='clear:both;float:none;'></p></div></div>"  % (id, icon, pagename, id, session["username"], session["username"], comment)
 
      return jsonify(res=data)
Esempio n. 32
0
def thumbnail_link_dict(video=None, exercise=None, thumb_url=None,
                        parent_topic=None):

    link_dict = None

    if video:
        if parent_topic:
            href = "/%s/v/%s" % (parent_topic.get_extended_slug(),
                                 video.readable_id)
        else:
            href = "/video/%s" % video.readable_id
        link_dict = {
            "href": href,
            "thumb_urls": (
                video_models.Video.youtube_thumbnail_urls(video.youtube_id)),
            "title": video.title,
            "desc_html": templatetags.video_name_and_progress(video),
            "teaser_html": unicode(video.description),
            "youtube_id": video.youtube_id,
            "marquee": ("marquee" in video.keywords),
            "selected": False,
            "key": unicode(video.key()),
            "type": "video-thumb",
        }

    if exercise:
        link_dict = {
            "href": exercise.relative_url,
            "thumb_urls": {"hq": thumb_url, "sd": thumb_url},
            "desc_html": escape(exercise.display_name),
            "teaser_html": ("Exercise your <em>%s</em> skills"
                            % escape(exercise.display_name)),
            "youtube_id": "",
            "marquee": False,
            "selected": False,
            "key": exercise.key(),
            "type": "exercise-thumb",
        }

    if link_dict:

        if link_dict["teaser_html"] and len(link_dict["teaser_html"]) > 60:
            link_dict["teaser_html"] = (link_dict["teaser_html"][:60]
                                        + "&hellip;")

        return link_dict

    return None
Esempio n. 33
0
    def post(self):
        subject = request.form.get("subject")
        message = request.form.get("message")
        name = request.form.get("name")
        email = request.form.get("email")

        subject = str(utils.escape(subject))
        message = str(utils.escape(message))
        name = str(utils.escape(name))
        email = str(utils.escape(email))

        smtp_server = current_app.config['MAIL_SERVER']
        port = current_app.config['MAIL_PORT']
        sender_email = current_app.config['MAIL_DEFAULT_SENDER']
        mail_username = current_app.config['MAIL_USERNAME']
        receiver_email = current_app.config['MAIL_DEFAULT_SENDER']
        password = current_app.config['MAIL_PASSWORD']

        msg = MIMEMultipart("alternative")
        msg["Subject"] = subject
        msg["From"] = sender_email
        msg["To"] = receiver_email

        text = "A message from the contact form: " + \
            message + ". From: " + name + "(" + email + ")"
        html = "<h2>A message from the contact form</h2><p>" + \
            message + "</p><p>From: " + name + "(" + email + ")"

        part1 = MIMEText(text, "plain")
        part2 = MIMEText(html, "html")
        msg.attach(part1)
        msg.attach(part2)

        context = ssl.create_default_context()

        with smtplib.SMTP(smtp_server, port=port,
                          local_hostname="127.0.0.1") as server:
            try:
                server.starttls(context=context)
                server.login(mail_username, password)
                server.send_message(msg, sender_email, receiver_email)
                message = "Thank you for your message. We'll get back to you as soon as possible. <a href=\"/\">Home</a>"
                flash(message, 'info')
            except Exception as e:
                error = "Sorry, your message could not be sent. Please try again later. <a href=\"/\">Home</a>"
                flash(error, 'error')

        return redirect(url_for('contact'))
Esempio n. 34
0
    def visit_Output(self, node, frame=None):
        if self.has_known_extends and frame.require_output_check:
            return

        outdent_later = False
        if frame.require_output_check:
            self.writeline("if (parentTemplate === undefined) {")
            outdent_later = True

        body = []
        for child in node.nodes:
            try:
                const = child.as_const()
            except nodes.Impossible:
                body.append(child)
                continue
            try:
                if self.environment.autoescape:
                    if hasattr(const, "__html__"):
                        const = const.__html__()
                    else:
                        const = escape(const)
                const = unicode(const)
            except Exception, e:
                # if something goes wrong here we evaluate the node
                # at runtime for easier debugging
                body.append(child)
                continue
            if body and isinstance(body[-1], list):
                body[-1].append(const)
            else:
                body.append([const])
Esempio n. 35
0
def do_join(eval_ctx, value, d=u""):
    """Return a string which is the concatenation of the strings in the
    sequence. The separator between elements is an empty string per
    default, you can define it with the optional parameter:

    .. sourcecode:: jinja

        {{ [1, 2, 3]|join('|') }}
            -> 1|2|3

        {{ [1, 2, 3]|join }}
            -> 123
    """
    # no automatic escaping?  joining is a lot eaiser then
    if not eval_ctx.autoescape:
        return unicode(d).join(imap(unicode, value))

    # if the delimiter doesn't have an html representation we check
    # if any of the items has.  If yes we do a coercion to Markup
    if not hasattr(d, "__html__"):
        value = list(value)
        do_escape = False
        for idx, item in enumerate(value):
            if hasattr(item, "__html__"):
                do_escape = True
            else:
                value[idx] = unicode(item)
        if do_escape:
            d = escape(d)
        else:
            d = unicode(d)
        return d.join(value)

    # no html involved, to normal joining
    return soft_unicode(d).join(imap(soft_unicode, value))
Esempio n. 36
0
    def _to_br(self, text):
        """ Replaces \n by <br />

        Inspired from http://jinja.pocoo.org/docs/dev/api/#custom-filters
        """
        result = '<br />'.join(p for p in self._TEXT_LINEBREAK_RE.split(escape(text)))
        return Markup(result)
Esempio n. 37
0
def employee_attandance_save(request):
    attandance_data_filepath = request.GET.get("filepath")
    msgs = {}
    attandance_list = []
    if attandance_data_filepath:
        if attandance_data_filepath.startswith(Employee._meta.app_label + "/files/") and attandance_data_filepath.endswith(".csv"):
            try:
                with open(attandance_data_filepath, encoding='UTF-8') as file_h:
                    standard_time_line = file_h.readline()
                    heading_line = file_h.readline()
                    data_line = file_h.readline()

                    standard_time = utils.escape(standard_time_line.split(",")[1])
                    while data_line:
                        data_line = data_line.strip()
                        attandance_item = data_line.split(",")
                        late_type = 0
                        if attandance_item[4] == "是":
                            late_type = 1
                        attandance_list.append(EmployeeAttendance(**{"employee_id": int(attandance_item[0]), "type": late_type,
                             "check_time": attandance_item[5].strip(), "standard_time": standard_time}))
                        data_line = file_h.readline()
                    EmployeeAttendance.objects.bulk_create(attandance_list)
                    msgs["ok_msg"] = "保存成功"
            except Exception as e:
                logger.error(e)
                msgs["error_msg"] = "保存失败, 请重新提交"
            if os.path.isfile(attandance_data_filepath):
                os.remove(attandance_data_filepath)
    return redirect("employee_attandance/?" + urlencode(msgs))
Esempio n. 38
0
    def __init__(self, verifications):
        self._runs = verifications
        self._uuids = list(verifications.keys())

        # NOTE(amaretskiy): make aggregated list of all tests
        tests = {}
        for uuid, verification in self._runs.items():
            for name, test in verification["tests"].items():
                if name not in tests:
                    # NOTE(amaretskiy): it is suitable to see resource id
                    #                   at first place in the report
                    tags = sorted(test["tags"], reverse=True,
                                  key=lambda tag: tag.startswith("id-"))
                    tests[name] = {"name": name,
                                   "tags": tags,
                                   "by_verification": {},
                                   "has_details": False}
                tests[name]["by_verification"][uuid] = {
                    "status": test["status"], "duration": test["duration"],
                    "details": test["details"]}

                if test["details"]:
                    tests[name]["has_details"] = True
                    match = self.SKIP_RE.match(test["details"])
                    if match:
                        href = self.LP_BUG_LINK.format(
                            match.group("bug_number"))
                        test["details"] = re.sub(
                            match.group("bug_number"), href, test["details"])

                    test["details"] = jinja_utils.escape(test["details"])
        self._tests = list(tests.values())
Esempio n. 39
0
def empty_and_escape(value):
    ''' returns '' for a None value else escapes the content useful for form
    elements. '''
    if value is None:
        return ''
    else:
        return escape(value)
Esempio n. 40
0
 def _send_mail(self, maybe_mistake=False):
     """
     Send mail
     :return: boolean
     """
     if len(self.content) == 0:
         logger.info('none content for send mail')
         return True
     if maybe_mistake:
         title = '〔GSIL〕MB_MT '
     else:
         title = '〔GSIL〕'
     subject = '{title}[{types}] [{rule_name}] {count}'.format(title=title, types=self.rule_object.types, rule_name=self.rule_object.corp, count=len(self.content))
     to = get('mail', 'to')
     html = '<h3>Rule: {rule_regex} Count: {count} Datetime: {datetime}</h3>'.format(rule_regex=self.rule_object.keyword, datetime=time.strftime("%Y-%m-%d %H:%M:%S"), count=len(self.content))
     for i, v in self.content.items():
         html += '<h3>({i})<a href="{url}">{hash}</a> {repository}/{path}</h3>'.format(i=i, url=v['url'], hash=v['hash'][:6], repository=v['repository'], path=v['path'])
         if len(v['match_codes']) > 0:
             code = ''
             for c in v['match_codes']:
                 code += '{c}<br>'.format(c=utils.escape(c))
             html += '<code>{code}</code><hr>'.format(code=code)
         self._save_file(v['hash'], v['code'])
     html += '</table></body>'
     return Notification(subject, to).notification(html)
Esempio n. 41
0
def empty_and_escape(value):
    """ returns '' for a None value else escapes the content useful for form
    elements. """
    if value is None:
        return ""
    else:
        return escape(value)
def set_user_passiv(gid, uid):
    game = Game.query.filter_by(UUID=gid).first()
    user = User.query.get_or_404(uid)
    if game is None:
        response = jsonify(Message='Game not found')
        response.status_code = 404
        return response
    data = request.get_json() or {}
    if 'userstate' in data:
        escapeduserstate = str(utils.escape(data['userstate']))
        val = escapeduserstate.lower() in ['true', '1']
        user.passive = val
        # # TODO: Wheren player needs to dice and check the box
        if game.move_user_id == user.id and val:
            print('Hier')
        db.session.add(user)
        db.session.commit()
        response = jsonify(Message='success')
        response.status_code = 201
        # needed ???
        emit('reload_game', game.to_dict(), room=gid, namespace='/game')
        return response
    else:
        response = jsonify(Message="Request must include userstate")
        response.status_code = 400
        return response
Esempio n. 43
0
    def _to_br(self, text):
        """ Replaces \n by <br />

        Inspired from http://jinja.pocoo.org/docs/dev/api/#custom-filters
        """
        result = '<br />'.join(p for p in self._TEXT_LINEBREAK_RE.split(escape(text)))
        return Markup(result)
Esempio n. 44
0
def do_replace(eval_ctx, s, old, new, count=None):
    """Return a copy of the value with all occurrences of a substring
    replaced with a new one. The first argument is the substring
    that should be replaced, the second is the replacement string.
    If the optional third argument ``count`` is given, only the first
    ``count`` occurrences are replaced:

    .. sourcecode:: jinja

        {{ "Hello World"|replace("Hello", "Goodbye") }}
            -> Goodbye World

        {{ "aaaaargh"|replace("a", "d'oh, ", 2) }}
            -> d'oh, d'oh, aaargh
    """
    if count is None:
        count = -1
    if not eval_ctx.autoescape:
        return text_type(s).replace(text_type(old), text_type(new), count)
    if hasattr(old, '__html__') or hasattr(new, '__html__') and \
       not hasattr(s, '__html__'):
        s = escape(s)
    else:
        s = soft_unicode(s)
    return s.replace(soft_unicode(old), soft_unicode(new), count)
Esempio n. 45
0
 def _send_mail(self, maybe_mistake=False):
     """
     Send mail
     :return: boolean
     """
     if len(self.content) == 0:
         logger.info('none content for send mail')
         return True
     if maybe_mistake:
         title = '〔GSIL〕MB_MT '
     else:
         title = '〔GSIL〕'
     subject = f'{title}[{self.rule_object.types}] [{self.rule_object.corp}] {len(self.content)}'
     to = get('mail', 'to')
     cc = get('mail', 'cc')
     html = '<h3>Rule: {rule_regex} Count: {count} Datetime: {datetime}</h3>'.format(
         rule_regex=self.rule_object.keyword,
         datetime=time.strftime("%Y-%m-%d %H:%M:%S"),
         count=len(self.content))
     for i, v in self.content.items():
         html += '<h3>({i})<a href="{url}">{hash}</a> {repository}/{path}</h3>'.format(
             i=i,
             url=v['url'],
             hash=v['hash'][:6],
             repository=v['repository'],
             path=v['path'])
         if len(v['match_codes']) > 0:
             code = ''
             for c in v['match_codes']:
                 code += '{c}<br>'.format(c=utils.escape(c))
             html += '<code>{code}</code><hr>'.format(code=code)
         self._save_file(v['hash'], v['code'])
     html += '</table></body>'
     return Notification(subject, to, cc).notification(html)
Esempio n. 46
0
def empty_and_escape(value):
    ''' returns '' for a None value else escapes the content useful for form
    elements. '''
    if value is None:
        return ''
    else:
        return escape(value)
Esempio n. 47
0
def do_join(environment, value, d=u''):
    """Return a string which is the concatenation of the strings in the
    sequence. The separator between elements is an empty string per
    default, you can define it with the optional parameter:

    .. sourcecode:: jinja

        {{ [1, 2, 3]|join('|') }}
            -> 1|2|3

        {{ [1, 2, 3]|join }}
            -> 123
    """
    # no automatic escaping?  joining is a lot eaiser then
    if not environment.autoescape:
        return unicode(d).join(imap(unicode, value))

    # if the delimiter doesn't have an html representation we check
    # if any of the items has.  If yes we do a coercion to Markup
    if not hasattr(d, '__html__'):
        value = list(value)
        do_escape = False
        for idx, item in enumerate(value):
            if hasattr(item, '__html__'):
                do_escape = True
            else:
                value[idx] = unicode(item)
        if do_escape:
            d = escape(d)
        else:
            d = unicode(d)
        return d.join(value)

    # no html involved, to normal joining
    return soft_unicode(d).join(imap(soft_unicode, value))
Esempio n. 48
0
def get_context(context):
	context.no_cache = 1
	if frappe.form_dict.q:
		frappe.form_dict.q = str(utils.escape(frappe.form_dict.q))
		context.title = _('Search Results for "{0}"').format(frappe.form_dict.q)
		context.update(get_search_results(frappe.form_dict.q))
	else:
		context.title = _('Search')
Esempio n. 49
0
 def test_xss(self):
     app = self.get_app()
     app.name = u"My app é <script>alert(5)</script>"
     app.save()
     self.make_mine()
     content = smart_unicode(self.client.get(self.url).content)
     ok_(not unicode(app.name) in content)
     ok_(unicode(escape(app.name)) in content)
Esempio n. 50
0
 def test_markup_leaks(self):
     counts = set()
     for count in range(20):
         for item in range(1000):
             escape("foo")
             escape("<foo>")
             escape(u"foo")
             escape(u"<foo>")
         counts.add(len(gc.get_objects()))
     assert len(counts) == 1, 'ouch, c extension seems to leak objects'
Esempio n. 51
0
    def test_markup_leaks(self):
        counts = set()
        for count in xrange(20):
            for item in xrange(1000):
                escape('foo')
                escape('<foo>')
                escape(u'foo')
                escape(u'<foo>')

            counts.add(len(gc.get_objects()))
Esempio n. 52
0
def do_escape(value, except_starts_with=None):
    if except_starts_with is not None:
        condition = lambda l: any(l.startswith(s) for s in except_starts_with)
    else:
        condition = lambda l: False
    return "\n".join(
        line if line == "" or condition(line) else escape(line)
        for line in value.split("\n")
    )
Esempio n. 53
0
def add_entry():
    if not session.get('logged_in'):
        abort(401)
    g.db.execute('insert into entries (username,title, text) values (?, ?, ?)',
                 [session.get('username'), request.form['title'], str(utils.escape(request.form['text']))])
    g.db.commit()
    flash('Nowa wiadomość została dodana.')
    session['info'] = None
    return redirect(url_for('show_entries'))