def run(context): """ Run a context trough the application. """ context.clock.start('run') request = context.request # preliminary access checks (forbidden, bots, surge protection) try: try: check_forbidden(context) check_surge_protect(context) action_name = context.action # handle XMLRPC calls if action_name == 'xmlrpc': response = xmlrpc.xmlrpc(XMLRPCContext(request)) elif action_name == 'xmlrpc2': response = xmlrpc.xmlrpc2(XMLRPCContext(request)) else: response = dispatch(request, context, action_name) context.cfg.session_service.finalize(context, context.session) return response except MoinMoinFinish: return request finally: context.finish() context.clock.stop('run')
def login(self, request, user_obj, **kw): username = kw.get('username') password = kw.get('password') # simply continue if something else already logged in successfully if user_obj and user_obj.valid: return ContinueLogin(user_obj) if not username and not password: return ContinueLogin(user_obj) _ = request.getText logging.debug("%s: performing login action" % self.name) if username and not password: return ContinueLogin(user_obj, _('Missing password. Please enter user name and password.')) if not username and password: return ContinueLogin(user_obj, _('Missing user name. Please enter user name and password.')) check_surge_protect(request, action='auth-ip') check_surge_protect(request, action='auth-name', username=username) u = user.User(request, name=username, password=password, auth_method=self.name) if u.valid: logging.debug("%s: successfully authenticated user %r (valid)" % (self.name, u.name)) log_attempt("auth/login (moin)", True, request, username) return ContinueLogin(u) else: logging.debug("%s: could not authenticate user %r (not valid)" % (self.name, username)) log_attempt("auth/login (moin)", False, request, username) return ContinueLogin(user_obj, _("Invalid username or password."))
def execute(pagename, request, fieldname='value', titlesearch=0, statistic=0): _ = request.getText titlesearch = checkTitleSearch(request) if titlesearch < 0: check_surge_protect(request, kick=True) # get rid of spammer return if 'metasearch' in request.values: form = MultiDict(request.values) form['action'] = 'MetaSearch' val = form.get('value', '') form['q'] = val request.values = CombinedMultiDict([MultiDict(form)]) return ms_execute(pagename, request) advancedsearch = isAdvancedSearch(request) form = request.values # context is relevant only for full search if titlesearch: context = 0 elif advancedsearch: context = 180 # XXX: hardcoded context count for advancedsearch else: context = int(form.get('context', 0)) # Get other form parameters needle = form.get(fieldname, '') case = int(form.get('case', 0)) regex = int(form.get('regex', 0)) # no interface currently hitsFrom = int(form.get('from', 0)) highlight_titles = int(form.get('highlight_titles', 1)) highlight_pages = int(form.get('highlight_pages', 1)) mtime = None msg = '' historysearch = 0 # if advanced search is enabled we construct our own search query if advancedsearch: and_terms = form.get('and_terms', '').strip() or_terms = form.get('or_terms', '').strip() not_terms = form.get('not_terms', '').strip() #xor_terms = form.get('xor_terms', '').strip() categories = form.getlist('categories') or [''] timeframe = form.get('time', '').strip() language = form.getlist('language') or [''] mimetype = form.getlist('mimetype') or [0] excludeunderlay = form.get('excludeunderlay', 0) nosystemitems = form.get('nosystemitems', 0) historysearch = form.get('historysearch', 0) mtime = form.get('mtime', '') if mtime: mtime_parsed = None # get mtime from known date/time formats for fmt in (request.user.datetime_fmt, request.cfg.datetime_fmt, request.user.date_fmt, request.cfg.date_fmt): try: mtime_parsed = time.strptime(mtime, fmt) except ValueError: continue else: break if mtime_parsed: mtime = time.mktime(mtime_parsed) else: # didn't work, let's try parsedatetime cal = Calendar() mtime_parsed, parsed_what = cal.parse(mtime) # XXX it is unclear if usage of localtime here and in parsedatetime module is correct. # time.localtime is the SERVER's local time and of no relevance to the user (being # somewhere in the world) # mktime is reverse function for localtime, so this maybe fixes it again!? if parsed_what > 0 and mtime_parsed <= time.localtime(): mtime = time.mktime(mtime_parsed) else: mtime_parsed = None # we don't use invalid stuff # show info if mtime_parsed: # XXX mtime_msg is not shown in some cases mtime_msg = _("(!) Only pages changed since '''%s''' are being displayed!", wiki=True) % request.user.getFormattedDateTime(mtime) else: mtime_msg = _('/!\\ The modification date you entered was not ' 'recognized and is therefore not considered for the ' 'search results!', wiki=True) else: mtime_msg = None word_re = re.compile(r'(\"[\w\s]+"|\w+)', re.UNICODE) needle = '' if categories[0]: needle += 'category:%s ' % ','.join(categories) if language[0]: needle += 'language:%s ' % ','.join(language) if mimetype[0]: needle += 'mimetype:%s ' % ','.join(mimetype) if excludeunderlay: needle += '-domain:underlay ' if nosystemitems: needle += '-domain:system ' if and_terms: needle += '(%s) ' % and_terms if not_terms: needle += '(%s) ' % ' '.join(['-%s' % t for t in word_re.findall(not_terms)]) if or_terms: needle += '(%s) ' % ' or '.join(word_re.findall(or_terms)) # check for sensible search term stripped = needle.strip() if len(stripped) == 0: request.theme.add_msg(_('Please use a more selective search term instead ' 'of {{{"%s"}}}', wiki=True) % wikiutil.escape(needle), "error") Page(request, pagename).send_page() return needle = stripped # Setup for type of search if titlesearch: title = _('Title Search: "%s"') sort = 'page_name' else: if advancedsearch: title = _('Advanced Search: "%s"') else: title = _('Full Text Search: "%s"') sort = 'weight' # search the pages from MoinMoin.search import searchPages, QueryParser, QueryError try: query = QueryParser(case=case, regex=regex, titlesearch=titlesearch).parse_query(needle) except QueryError: # catch errors in the search query request.theme.add_msg(_('Your search query {{{"%s"}}} is invalid. Please refer to ' 'HelpOnSearching for more information.', wiki=True, percent=True) % wikiutil.escape(needle), "error") Page(request, pagename).send_page() return results = searchPages(request, query, sort, mtime, historysearch) # directly show a single hit for title searches # this is the "quick jump" functionality if you don't remember # the pagename exactly, but just some parts of it if titlesearch and len(results.hits) == 1: page = results.hits[0] if not page.attachment: # we did not find an attachment page = Page(request, page.page_name) querydict = {} if highlight_pages: highlight = query.highlight_re() if highlight: querydict.update({'highlight': highlight}) url = page.url(request, querystr=querydict) request.http_redirect(url) return if not results.hits: # no hits? f = request.formatter querydict = wikiutil.parseQueryString(request.query_string).to_dict() querydict.update({'titlesearch': 0}) request.theme.add_msg(_('Your search query {{{"%s"}}} didn\'t return any results. ' 'Please change some terms and refer to HelpOnSearching for ' 'more information.%s', wiki=True, percent=True) % (wikiutil.escape(needle), titlesearch and ''.join([ '<br>', _('(!) Consider performing a', wiki=True), ' ', f.url(1, href=request.page.url(request, querydict, escape=0)), _('full-text search with your search terms'), f.url(0), '.', ]) or ''), "error") Page(request, pagename).send_page() return # This action generates data using the user language request.setContentLanguage(request.lang) request.theme.send_title(title % needle, pagename=pagename) # Start content (important for RTL support) request.write(request.formatter.startContent("content")) # Hints f = request.formatter hints = [] if titlesearch: querydict = wikiutil.parseQueryString(request.query_string).to_dict() querydict.update({'titlesearch': 0}) hints.append(''.join([ _("(!) You're performing a title search that might not include" ' all related results of your search query in this wiki. <<BR>>', wiki=True), ' ', f.url(1, href=request.page.url(request, querydict, escape=0)), f.text(_('Click here to perform a full-text search with your ' 'search terms!')), f.url(0), ])) if advancedsearch and mtime_msg: hints.append(mtime_msg) if hints: request.write(searchHints(f, hints)) # Search stats request.write(results.stats(request, request.formatter, hitsFrom)) # Then search results info = not titlesearch if context: output = results.pageListWithContext(request, request.formatter, info=info, context=context, hitsFrom=hitsFrom, hitsInfo=1, highlight_titles=highlight_titles, highlight_pages=highlight_pages) else: output = results.pageList(request, request.formatter, info=info, hitsFrom=hitsFrom, hitsInfo=1, highlight_titles=highlight_titles, highlight_pages=highlight_pages) request.write(output) request.write(request.formatter.endContent()) request.theme.send_footer(pagename) request.theme.send_closing_html()
def execute(pagename, request, fieldname='value', titlesearch=0, statistic=0): _ = request.getText titlesearch = checkTitleSearch(request) if titlesearch < 0: check_surge_protect(request, kick=True) # get rid of spammer return advancedsearch = isAdvancedSearch(request) form = request.values # context is relevant only for full search if titlesearch: context = 0 elif advancedsearch: context = 180 # XXX: hardcoded context count for advancedsearch else: context = int(form.get('context', 0)) # Get other form parameters needle = form.get(fieldname, '') case = int(form.get('case', 0)) regex = int(form.get('regex', 0)) # no interface currently hitsFrom = int(form.get('from', 0)) mtime = None msg = '' historysearch = 0 # if advanced search is enabled we construct our own search query if advancedsearch: and_terms = form.get('and_terms', '').strip() or_terms = form.get('or_terms', '').strip() not_terms = form.get('not_terms', '').strip() #xor_terms = form.get('xor_terms', '').strip() categories = form.getlist('categories') or [''] timeframe = form.get('time', '').strip() language = form.getlist('language') or [''] mimetype = form.getlist('mimetype') or [0] excludeunderlay = form.get('excludeunderlay', 0) nosystemitems = form.get('nosystemitems', 0) historysearch = form.get('historysearch', 0) mtime = form.get('mtime', '') if mtime: mtime_parsed = None # get mtime from known date/time formats for fmt in (request.user.datetime_fmt, request.cfg.datetime_fmt, request.user.date_fmt, request.cfg.date_fmt): try: mtime_parsed = time.strptime(mtime, fmt) except ValueError: continue else: break if mtime_parsed: mtime = time.mktime(mtime_parsed) else: # didn't work, let's try parsedatetime cal = Calendar() mtime_parsed, parsed_what = cal.parse(mtime) # XXX it is unclear if usage of localtime here and in parsedatetime module is correct. # time.localtime is the SERVER's local time and of no relevance to the user (being # somewhere in the world) # mktime is reverse function for localtime, so this maybe fixes it again!? if parsed_what > 0 and mtime_parsed <= time.localtime(): mtime = time.mktime(mtime_parsed) else: mtime_parsed = None # we don't use invalid stuff # show info if mtime_parsed: # XXX mtime_msg is not shown in some cases mtime_msg = _( "(!) Only pages changed since '''%s''' are being displayed!", wiki=True) % request.user.getFormattedDateTime(mtime) else: mtime_msg = _( '/!\\ The modification date you entered was not ' 'recognized and is therefore not considered for the ' 'search results!', wiki=True) else: mtime_msg = None word_re = re.compile(r'(\"[\w\s]+"|\w+)') needle = '' if categories[0]: needle += 'category:%s ' % ','.join(categories) if language[0]: needle += 'language:%s ' % ','.join(language) if mimetype[0]: needle += 'mimetype:%s ' % ','.join(mimetype) if excludeunderlay: needle += '-domain:underlay ' if nosystemitems: needle += '-domain:system ' if and_terms: needle += '(%s) ' % and_terms if not_terms: needle += '(%s) ' % ' '.join( ['-%s' % t for t in word_re.findall(not_terms)]) if or_terms: needle += '(%s) ' % ' or '.join(word_re.findall(or_terms)) # check for sensible search term stripped = needle.strip() if len(stripped) == 0: request.theme.add_msg( _( 'Please use a more selective search term instead ' 'of {{{"%s"}}}', wiki=True) % wikiutil.escape(needle), "error") Page(request, pagename).send_page() return needle = stripped # Setup for type of search if titlesearch: title = _('Title Search: "%s"') sort = 'page_name' else: if advancedsearch: title = _('Advanced Search: "%s"') else: title = _('Full Text Search: "%s"') sort = 'weight' # search the pages from MoinMoin.search import searchPages, QueryParser, QueryError try: query = QueryParser(case=case, regex=regex, titlesearch=titlesearch).parse_query(needle) except QueryError: # catch errors in the search query request.theme.add_msg( _( 'Your search query {{{"%s"}}} is invalid. Please refer to ' 'HelpOnSearching for more information.', wiki=True, percent=True) % wikiutil.escape(needle), "error") Page(request, pagename).send_page() return results = searchPages(request, query, sort, mtime, historysearch) # directly show a single hit for title searches # this is the "quick jump" functionality if you don't remember # the pagename exactly, but just some parts of it if titlesearch and len(results.hits) == 1: page = results.hits[0] if not page.attachment: # we did not find an attachment page = Page(request, page.page_name) highlight = query.highlight_re() if highlight: querydict = {'highlight': highlight} else: querydict = {} url = page.url(request, querystr=querydict) request.http_redirect(url) return if not results.hits: # no hits? f = request.formatter querydict = dict(wikiutil.parseQueryString(request.query_string)) querydict.update({'titlesearch': 0}) request.theme.add_msg( _( 'Your search query {{{"%s"}}} didn\'t return any results. ' 'Please change some terms and refer to HelpOnSearching for ' 'more information.%s', wiki=True, percent=True) % (wikiutil.escape(needle), titlesearch and ''.join([ '<br>', _('(!) Consider performing a', wiki=True), ' ', f.url(1, href=request.page.url(request, querydict, escape=0)), _('full-text search with your search terms'), f.url(0), '.', ]) or ''), "error") Page(request, pagename).send_page() return # This action generates data using the user language request.setContentLanguage(request.lang) request.theme.send_title(title % needle, pagename=pagename) # Start content (important for RTL support) request.write(request.formatter.startContent("content")) # Hints f = request.formatter hints = [] if titlesearch: querydict = dict(wikiutil.parseQueryString(request.query_string)) querydict.update({'titlesearch': 0}) hints.append(''.join([ _( "(!) You're performing a title search that might not include" ' all related results of your search query in this wiki. <<BR>>', wiki=True), ' ', f.url(1, href=request.page.url(request, querydict, escape=0)), f.text( _('Click here to perform a full-text search with your ' 'search terms!')), f.url(0), ])) if advancedsearch and mtime_msg: hints.append(mtime_msg) if hints: request.write(searchHints(f, hints)) # Search stats request.write(results.stats(request, request.formatter, hitsFrom)) # Then search results info = not titlesearch if context: output = results.pageListWithContext(request, request.formatter, info=info, context=context, hitsFrom=hitsFrom, hitsInfo=1) else: output = results.pageList(request, request.formatter, info=info, hitsFrom=hitsFrom, hitsInfo=1) request.write(output) request.write(request.formatter.endContent()) request.theme.send_footer(pagename) request.theme.send_closing_html()
def execute(pagename, request): """ edit a page """ _ = request.getText if 'button_preview' in request.form and 'button_spellcheck' in request.form: # multiple buttons pressed at once? must be some spammer/bot check_surge_protect(request, kick=True) # get rid of him return if not request.user.may.write(pagename): page = wikiutil.getLocalizedPage(request, 'PermissionDeniedPage') page.body = _('You are not allowed to edit this page.') page.page_name = pagename page.send_page(send_special=True) return valideditors = ['text', 'gui', ] editor = '' if request.user.valid: editor = request.user.editor_default if editor not in valideditors: editor = request.cfg.editor_default editorparam = request.values.get('editor', editor) if editorparam == "guipossible": lasteditor = editor elif editorparam == "textonly": editor = lasteditor = 'text' else: editor = lasteditor = editorparam if request.cfg.editor_force: editor = request.cfg.editor_default # if it is still nothing valid, we just use the text editor if editor not in valideditors: editor = 'text' rev = request.rev or 0 savetext = request.form.get('savetext') comment = request.form.get('comment', u'') category = request.form.get('category') rstrip = int(request.form.get('rstrip', '0')) trivial = int(request.form.get('trivial', '0')) if 'button_switch' in request.form: if editor == 'text': editor = 'gui' else: # 'gui' editor = 'text' # load right editor class if editor == 'gui': from MoinMoin.PageGraphicalEditor import PageGraphicalEditor pg = PageGraphicalEditor(request, pagename) else: # 'text' from MoinMoin.PageEditor import PageEditor pg = PageEditor(request, pagename) # is invoked without savetext start editing if savetext is None or 'button_load_draft' in request.form: pg.sendEditor() return # did user hit cancel button? cancelled = 'button_cancel' in request.form from MoinMoin.error import ConvertError try: if lasteditor == 'gui': # convert input from Graphical editor format = request.form.get('format', 'wiki') if format == 'wiki': converter_name = 'text_html_text_moin_wiki' else: converter_name = 'undefined' # XXX we don't have other converters yet convert = wikiutil.importPlugin(request.cfg, "converter", converter_name, 'convert') savetext = convert(request, pagename, savetext) # IMPORTANT: normalize text from the form. This should be done in # one place before we manipulate the text. savetext = pg.normalizeText(savetext, stripspaces=rstrip) except ConvertError: # we don't want to throw an exception if user cancelled anyway if not cancelled: raise if cancelled: pg.sendCancel(savetext or "", rev) pagedir = pg.getPagePath(check_create=0) import os if not os.listdir(pagedir): os.removedirs(pagedir) return comment = wikiutil.clean_input(comment) # Add category # TODO: this code does not work with extended links, and is doing # things behind your back, and in general not needed. Either we have # a full interface for categories (add, delete) or just add them by # markup. if category and category != _('<No addition>'): # opera 8.5 needs this # strip trailing whitespace savetext = savetext.rstrip() # Add category separator if last non-empty line contains # non-categories. lines = [line for line in savetext.splitlines() if line] if lines: #TODO: this code is broken, will not work for extended links #categories, e.g ["category hebrew"] categories = lines[-1].split() if categories: confirmed = wikiutil.filterCategoryPages(request, categories) if len(confirmed) < len(categories): # This was not a categories line, add separator savetext += u'\n----\n' # Add new category if savetext and savetext[-1] != u'\n': savetext += ' ' savetext += category + u'\n' # Should end with newline! if (request.cfg.edit_ticketing and not wikiutil.checkTicket(request, request.form.get('ticket', ''))): request.theme.add_msg(_('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'edit' }, "error") pg.sendEditor(preview=savetext, comment=comment, staytop=1) # Preview, spellcheck or spellcheck add new words elif ('button_preview' in request.form or 'button_spellcheck' in request.form or 'button_newwords' in request.form): pg.sendEditor(preview=savetext, comment=comment) # Preview with mode switch elif 'button_switch' in request.form: pg.sendEditor(preview=savetext, comment=comment, staytop=1) # Save new text else: try: from MoinMoin.security.textcha import TextCha if not TextCha(request).check_answer_from_form(): raise pg.SaveError(_('TextCha: Wrong answer! Try again below...')) if request.cfg.comment_required and not comment: raise pg.SaveError(_('Supplying a comment is mandatory. Write a comment below and try again...')) savemsg = pg.saveText(savetext, rev, trivial=trivial, comment=comment) except pg.EditConflict, e: msg = e.message # Handle conflict and send editor pg.set_raw_body(savetext, modified=1) pg.mergeEditConflict(rev) # We don't send preview when we do merge conflict pg.sendEditor(msg=msg, comment=comment) return except pg.SaveError, msg: # Show the error message request.theme.add_msg(unicode(msg), "error") # And show the editor again pg.sendEditor(preview=savetext, comment=comment, staytop=1) return
def execute(pagename, request): """ edit a page """ _ = request.getText if 'button_preview' in request.form and 'button_spellcheck' in request.form: # multiple buttons pressed at once? must be some spammer/bot check_surge_protect(request, kick=True) # get rid of him return if not request.user.may.write(pagename): page = wikiutil.getLocalizedPage(request, 'PermissionDeniedPage') page.body = _('You are not allowed to edit this page.') page.page_name = pagename page.send_page(send_special=True) return valideditors = [ 'text', 'gui', ] editor = '' if request.user.valid: editor = request.user.editor_default if editor not in valideditors: editor = request.cfg.editor_default editorparam = request.values.get('editor', editor) if editorparam == "guipossible": lasteditor = editor elif editorparam == "textonly": editor = lasteditor = 'text' else: editor = lasteditor = editorparam if request.cfg.editor_force: editor = request.cfg.editor_default # if it is still nothing valid, we just use the text editor if editor not in valideditors: editor = 'text' rev = request.rev or 0 savetext = request.form.get('savetext') comment = request.form.get('comment', u'') category = request.form.get('category') rstrip = int(request.form.get('rstrip', '0')) trivial = int(request.form.get('trivial', '0')) ideastatus = int(request.form.get('ideastatus', '0')) if 'button_switch' in request.form: if editor == 'text': editor = 'gui' else: # 'gui' editor = 'text' # load right editor class if editor == 'gui': from MoinMoin.PageGraphicalEditor import PageGraphicalEditor pg = PageGraphicalEditor(request, pagename) else: # 'text' from MoinMoin.PageEditor import PageEditor pg = PageEditor(request, pagename) # is invoked without savetext start editing if savetext is None or 'button_load_draft' in request.form: pg.sendEditor() return # did user hit cancel button? cancelled = 'button_cancel' in request.form from MoinMoin.error import ConvertError try: if lasteditor == 'gui': # convert input from Graphical editor format = request.form.get('format', 'wiki') if format == 'wiki': converter_name = 'text_html_text_moin_wiki' else: converter_name = 'undefined' # XXX we don't have other converters yet convert = wikiutil.importPlugin(request.cfg, "converter", converter_name, 'convert') savetext = convert(request, pagename, savetext) # IMPORTANT: normalize text from the form. This should be done in # one place before we manipulate the text. savetext = pg.normalizeText(savetext, stripspaces=rstrip) except ConvertError: # we don't want to throw an exception if user cancelled anyway if not cancelled: raise if cancelled: pg.sendCancel(savetext or "", rev) pagedir = pg.getPagePath(check_create=0) import os if not os.listdir(pagedir): os.removedirs(pagedir) return comment = wikiutil.clean_input(comment) # Add category # TODO: this code does not work with extended links, and is doing # things behind your back, and in general not needed. Either we have # a full interface for categories (add, delete) or just add them by # markup. if category and category != _('<No addition>'): # opera 8.5 needs this # strip trailing whitespace savetext = savetext.rstrip() # Add category separator if last non-empty line contains # non-categories. lines = [line for line in savetext.splitlines() if line] if lines: #TODO: this code is broken, will not work for extended links #categories, e.g ["category hebrew"] categories = lines[-1].split() if categories: confirmed = wikiutil.filterCategoryPages(request, categories) if len(confirmed) < len(categories): # This was not a categories line, add separator savetext += u'\n----\n' # Add new category if savetext and savetext[-1] != u'\n': savetext += ' ' savetext += category + u'\n' # Should end with newline! if (request.cfg.edit_ticketing and not wikiutil.checkTicket(request, request.form.get('ticket', ''))): request.theme.add_msg( _('Please use the interactive user interface to use action %(actionname)s!' ) % {'actionname': 'edit'}, "error") pg.sendEditor(preview=savetext, comment=comment, staytop=1) # Preview, spellcheck or spellcheck add new words elif ('button_preview' in request.form or 'button_spellcheck' in request.form or 'button_newwords' in request.form): pg.sendEditor(preview=savetext, comment=comment) # Preview with mode switch elif 'button_switch' in request.form: pg.sendEditor(preview=savetext, comment=comment, staytop=1) # Save new text else: try: from MoinMoin.security.textcha import TextCha if not TextCha(request).check_answer_from_form(): raise pg.SaveError( _('TextCha: Wrong answer! Try again below...')) if request.cfg.comment_required and not comment: raise pg.SaveError( _('Supplying a comment is mandatory. Write a comment below and try again...' )) savemsg = pg.saveText(savetext, rev, trivial=trivial, comment=comment) except pg.EditConflict, e: msg = e.message # Handle conflict and send editor pg.set_raw_body(savetext, modified=1) pg.mergeEditConflict(rev) # We don't send preview when we do merge conflict pg.sendEditor(msg=msg, comment=comment) return except pg.SaveError, msg: # Show the error message request.theme.add_msg(unicode(msg), "error") # And show the editor again pg.sendEditor(preview=savetext, comment=comment, staytop=1) return