def render_blob_host_data(data, error):
"""Render blob host data
Args:
data:
error:
Returns:
"""
context = {}
if error is not None:
context["error"] = error
else:
"""We have to unescape the string before the graphical render"""
context["handle"] = XmlEntities.unescape_xml_entities(data)[0]
"""Even if we have unescaped the graphical version of the data
we have to display the warning message if there are xml predefined entities"""
data_xml_entities = XmlEntities()
data_xml_entities.escape_xml_entities(data)
if (data_xml_entities.number_of_subs_made > 0 or len(
re.findall(r"((&)|(>)|(<)|(')|("))", data))
> 0):
context["xml_entities_warning"] = True
return AbstractModule.render_template(
"core_module_blob_host_app/blob_host_display.html", context)
def _retrieve_data(self, request):
"""Return module's data
Args:
request:
Returns:
"""
data = ""
self.error = None
data_xml_entities = XmlEntities()
if request.method == "GET":
if "data" in request.GET:
if len(request.GET["data"]) > 0:
data = request.GET["data"]
elif request.method == "POST":
if "data" in request.POST:
url_form = URLForm({"url": request.POST["data"]})
if url_form.is_valid():
data = url_form.data["url"]
else:
self.error = "Enter a valid URL."
return (data_xml_entities.escape_xml_entities(data)
if AUTO_ESCAPE_XML_ENTITIES else data)
def test_escape_already_escaped_string(self):
string = "aaa<bbb>ccc&ddd'eee"fff"
xmlEntities = XmlEntities()
self.assertTrue(xmlEntities.escape_xml_entities(string) == string)
self.assertTrue(xmlEntities.unescaped_xml_string == string)
self.assertTrue(xmlEntities.number_of_subs_made == 0)
def test_escape_with_predefined_xml_entities(self):
string = "aaa<bbb>ccc&ddd'eee\"fff"
xmlEntities = XmlEntities()
self.assertTrue(
xmlEntities.escape_xml_entities(string) ==
"aaa<bbb>ccc&ddd'eee"fff")
self.assertTrue(xmlEntities.unescaped_xml_string == string)
self.assertTrue(xmlEntities.number_of_subs_made == 5)
def test_unescaped_and_already_escaped_predefined_xml_entities(self):
string = "<<">&&<"
xmlEntities = XmlEntities()
self.assertTrue(
xmlEntities.escape_xml_entities(string) ==
"<<">&&<")
self.assertTrue(xmlEntities.unescaped_xml_string == string)
self.assertTrue(xmlEntities.number_of_subs_made == 4)
def _retrieve_data(self, request):
"""Return module display - GET method
Args:
request:
Returns:
"""
data = ""
self.error = None
data_xml_entities = XmlEntities()
if request.method == "GET":
if "data" in request.GET:
if len(request.GET["data"]) > 0:
data = request.GET["data"]
elif request.method == "POST":
selected_option = request.POST["blob_form"]
if selected_option == "url":
url_form = URLForm(request.POST)
if url_form.is_valid():
data = url_form.data["url"]
else:
self.error = "Enter a valid URL."
elif selected_option == "file":
try:
form = BLOBHostForm(request.POST, request.FILES)
if not form.is_valid():
self.error = "No file uploaded."
return data
# get file from request
uploaded_file = request.FILES["file"]
# get filename from file
filename = uploaded_file.name
# get user id from request
user_id = str(request.user.id)
# create blob
blob = Blob(filename=filename, user_id=user_id)
# set blob file
blob.blob = uploaded_file
# save blob
blob_api.insert(blob)
# get download uri
data = get_blob_download_uri(blob, request)
except:
self.error = "An error occurred during the upload."
return (
data_xml_entities.escape_xml_entities(data)
if AUTO_ESCAPE_XML_ENTITIES
else data
)
def test_escape_full_predefined_xml_entities(self):
string = "<<<\"\"'''''''\"\"\">>>"
xmlEntities = XmlEntities()
self.assertTrue(
xmlEntities.escape_xml_entities(string) ==
"<<<""'''''''""">>>"
)
self.assertTrue(xmlEntities.unescaped_xml_string == string)
self.assertTrue(xmlEntities.number_of_subs_made == 18)
def test_escape_full_predefined_xml_entities(self):
string = '<<<""\'\'\'\'\'\'\'""">>>'
xmlEntities = XmlEntities()
self.assertTrue(
xmlEntities.escape_xml_entities(string) ==
'<<<""'''''''""">>>'
)
self.assertTrue(xmlEntities.unescaped_xml_string == string)
self.assertTrue(xmlEntities.number_of_subs_made == 18)
def _retrieve_data(self, request):
"""Retrieve module's data
Args:
request:
Returns:
"""
data = ""
self.error = None
data_xml_entities = XmlEntities()
if request.method == "GET":
if "data" in request.GET:
if len(request.GET["data"]) > 0:
data = request.GET["data"]
elif request.method == "POST":
try:
form = BLOBHostForm(request.POST, request.FILES)
if not form.is_valid():
self.error = "No file uploaded."
return data
# get file from request
uploaded_file = request.FILES["file"]
# get filename from file
filename = uploaded_file.name
# get user id from request
user_id = str(request.user.id)
# create blob
blob = Blob(filename=filename, user_id=user_id)
# set blob file
blob.blob = uploaded_file
# save blob
blob_api.insert(blob)
# get download uri
data = get_blob_download_uri(blob, request)
except:
self.error = "An unexpected error occurred."
return (data_xml_entities.escape_xml_entities(data)
if AUTO_ESCAPE_XML_ENTITIES else data)
class TextAreaModule(AbstractTextAreaModule):
def _retrieve_data(self, request):
"""Retrieve module's data
Args:
request:
Returns:
"""
data = ""
self.data_xml_entities = XmlEntities()
if request.method == "GET":
if "data" in request.GET:
data = request.GET["data"]
elif request.method == "POST":
if "data" in request.POST:
data = request.POST["data"]
data = (self.data_xml_entities.escape_xml_entities(data)
if AUTO_ESCAPE_XML_ENTITIES else data)
return data
def _render_data(self, request):
"""Return module's data rendering
Args:
request:
Returns:
"""
# search the XML predefined entities, to display warning if it needed / we add pre escaped search too
if (self.data_xml_entities.number_of_subs_made > 0 or len(
re.findall(r"((&)|(>)|(<)|(')|("))",
self.data)) > 0):
return loader.get_template(
"core_module_text_area_app/predefined_entities_warning.html"
).template.source
else:
return ""