def test_indenting_rule_message(self): """webmessage - return email-like indenting rule""" text = """>>Brave Sir Robin ran away... <img src="malicious_script"/>*No!* >>bravely ran away away... I didn't!*<script>malicious code</script> >>When danger reared its ugly head, he bravely turned his tail and fled. <form onload="malicious"></form>*I never did!* """ expected_text = """>>Brave Sir Robin ran away... <img src="malicious_script" />*No!* >>bravely ran away away... I didn't!*<script>malicious code</script> >>When danger reared its ugly head, he bravely turned his tail and fled. <form onload="malicious"></form>*I never did!* """ res = webmessage_mailutils.escape_email_quoted_text(text, indent_txt=">>", linebreak_txt="\n") self.assertEqual(res, expected_text)
def test_indenting_rule_message(self): """webmessage - return email-like indenting rule""" text = """>>Brave Sir Robin ran away... <img src="malicious_script"/>*No!* >>bravely ran away away... I didn't!*<script>malicious code</script> >>When danger reared its ugly head, he bravely turned his tail and fled. <form onload="malicious"></form>*I never did!* """ expected_text = """>>Brave Sir Robin ran away... <img src="malicious_script" />*No!* >>bravely ran away away... I didn't!*<script>malicious code</script> >>When danger reared its ugly head, he bravely turned his tail and fled. <form onload="malicious"></form>*I never did!* """ res = webmessage_mailutils.escape_email_quoted_text(text, indent_txt='>>', linebreak_txt='\n') self.assertEqual(res, expected_text)
def send(self, req, form): """ Sends the message. Possible form keys: @param msg_to_user: comma separated usernames. @type msg_to_user: string @param msg_to_group: comma separated groupnames. @type msg_to_group: string @param msg_subject: message subject. @type msg_subject: string @param msg_body: message body. @type msg_body: string @param msg_send_year: year to send this message on. @type msg_send_year: int @param_msg_send_month: month to send this message on @type msg_send_month: year @param_msg_send_day: day to send this message on @type msg_send_day: int @param results_field: value determining which results field to display. See CFG_WEBMESSAGE_RESULTS_FIELD in webmessage_config.py. @param names_to_add: list of usernames to add to msg_to_user / group. @type names_to_add: list of strings @param search_pattern: will search for users/groups with this pattern. @type search_pattern: string @param add_values: if 1 users_to_add will be added to msg_to_user field. @type add_values: int @param *button: which button was pressed. @param ln: language. @type ln: string @return: a (body, errors, warnings) formed tuple. @rtype: tuple """ argd = wash_urlargd( form, { 'msg_to_user': (str, ""), 'msg_to_group': (str, ""), 'msg_subject': (str, ""), 'msg_body': (str, ""), 'msg_send_year': (int, 0), 'msg_send_month': (int, 0), 'msg_send_day': (int, 0), 'results_field': (str, CFG_WEBMESSAGE_RESULTS_FIELD['NONE']), 'names_selected': (list, []), 'search_pattern': (str, ""), 'send_button': (str, ""), 'search_user': (str, ""), 'search_group': (str, ""), 'add_user': (str, ""), 'add_group': (str, ""), }) # Check if user is logged uid = getUid(req) _ = gettext_set_language(argd['ln']) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourmessages/send" % \ (CFG_SITE_URL,), navmenuid="yourmessages") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': "%s/yourmessages/send%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln": argd['ln'] }, {}))) user_info = collect_user_info(req) if not user_info['precached_usemessages']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use messages.")) if argd['send_button']: (body, errors, warnings, title, navtrail) = perform_request_send( uid=uid, msg_to_user=argd['msg_to_user'], msg_to_group=argd['msg_to_group'], msg_subject=escape_html(argd['msg_subject']), msg_body=escape_email_quoted_text(argd['msg_body']), msg_send_year=argd['msg_send_year'], msg_send_month=argd['msg_send_month'], msg_send_day=argd['msg_send_day'], ln=argd['ln']) else: title = _('Write a message') navtrail = get_navtrail(argd['ln'], title) if argd['search_user']: argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['USER'] elif argd['search_group']: argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['GROUP'] add_values = 0 if argd['add_group'] or argd['add_user']: add_values = 1 (body, errors, warnings) = perform_request_write_with_search( uid=uid, msg_to_user=argd['msg_to_user'], msg_to_group=argd['msg_to_group'], msg_subject=escape_html(argd['msg_subject']), msg_body=escape_email_quoted_text(argd['msg_body']), msg_send_year=argd['msg_send_year'], msg_send_month=argd['msg_send_month'], msg_send_day=argd['msg_send_day'], names_selected=argd['names_selected'], search_pattern=argd['search_pattern'], results_field=argd['results_field'], add_values=add_values, ln=argd['ln']) return page(title=title, body=body, navtrail=navtrail, uid=uid, lastupdated=__lastupdated__, req=req, language=argd['ln'], errors=errors, warnings=warnings, navmenuid="yourmessages", secure_page_p=1)
def send(self, req, form): """ Sends the message. Possible form keys: @param msg_to_user: comma separated usernames. @type msg_to_user: string @param msg_to_group: comma separated groupnames. @type msg_to_group: string @param msg_subject: message subject. @type msg_subject: string @param msg_body: message body. @type msg_body: string @param msg_send_year: year to send this message on. @type msg_send_year: int @param_msg_send_month: month to send this message on @type msg_send_month: year @param_msg_send_day: day to send this message on @type msg_send_day: int @param results_field: value determining which results field to display. See CFG_WEBMESSAGE_RESULTS_FIELD in webmessage_config.py. @param names_to_add: list of usernames to add to msg_to_user / group. @type names_to_add: list of strings @param search_pattern: will search for users/groups with this pattern. @type search_pattern: string @param add_values: if 1 users_to_add will be added to msg_to_user field. @type add_values: int @param *button: which button was pressed. @param ln: language. @type ln: string @return: body. """ argd = wash_urlargd(form, {'msg_to_user': (str, ""), 'msg_to_group': (str, ""), 'msg_subject': (str, ""), 'msg_body': (str, ""), 'msg_send_year': (int, 0), 'msg_send_month': (int, 0), 'msg_send_day': (int, 0), 'results_field': (str, CFG_WEBMESSAGE_RESULTS_FIELD['NONE']), 'names_selected': (list, []), 'search_pattern': (str, ""), 'send_button': (str, ""), 'search_user': (str, ""), 'search_group': (str, ""), 'add_user': (str, ""), 'add_group': (str, ""), }) # Check if user is logged uid = getUid(req) _ = gettext_set_language(argd['ln']) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourmessages/send" % \ (CFG_SITE_URL,), navmenuid="yourmessages") elif uid == -1 or isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/yourmessages/send%s" % ( CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {}))) user_info = collect_user_info(req) if not user_info['precached_usemessages']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use messages.")) if argd['send_button']: (body, title, navtrail) = perform_request_send( uid=uid, msg_to_user=argd['msg_to_user'], msg_to_group=argd['msg_to_group'], msg_subject=escape_html(argd['msg_subject']), msg_body=escape_email_quoted_text(argd['msg_body']), msg_send_year=argd['msg_send_year'], msg_send_month=argd['msg_send_month'], msg_send_day=argd['msg_send_day'], ln=argd['ln']) else: title = _('Write a message') navtrail = get_navtrail(argd['ln'], title) if argd['search_user']: argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['USER'] elif argd['search_group']: argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['GROUP'] add_values = 0 if argd['add_group'] or argd['add_user']: add_values = 1 body = perform_request_write_with_search( uid=uid, msg_to_user=argd['msg_to_user'], msg_to_group=argd['msg_to_group'], msg_subject=escape_html(argd['msg_subject']), msg_body=escape_email_quoted_text(argd['msg_body']), msg_send_year=argd['msg_send_year'], msg_send_month=argd['msg_send_month'], msg_send_day=argd['msg_send_day'], names_selected=argd['names_selected'], search_pattern=argd['search_pattern'], results_field=argd['results_field'], add_values=add_values, ln=argd['ln']) return page(title = title, body = body, navtrail = navtrail, uid = uid, lastupdated = __lastupdated__, req = req, language = argd['ln'], navmenuid = "yourmessages", secure_page_p=1)
def send(self, req, form): """ Sends the message. Possible form keys: @param msg_to_user: comma separated usernames. @type msg_to_user: string @param msg_to_group: comma separated groupnames. @type msg_to_group: string @param msg_subject: message subject. @type msg_subject: string @param msg_body: message body. @type msg_body: string @param msg_send_year: year to send this message on. @type msg_send_year: int @param_msg_send_month: month to send this message on @type msg_send_month: year @param_msg_send_day: day to send this message on @type msg_send_day: int @param results_field: value determining which results field to display. See CFG_WEBMESSAGE_RESULTS_FIELD in webmessage_config.py. @param names_to_add: list of usernames to add to msg_to_user / group. @type names_to_add: list of strings @param search_pattern: will search for users/groups with this pattern. @type search_pattern: string @param add_values: if 1 users_to_add will be added to msg_to_user field. @type add_values: int @param *button: which button was pressed. @param ln: language. @type ln: string @return: a (body, errors, warnings) formed tuple. @rtype: tuple """ argd = wash_urlargd( form, { "msg_to_user": (str, ""), "msg_to_group": (str, ""), "msg_subject": (str, ""), "msg_body": (str, ""), "msg_send_year": (int, 0), "msg_send_month": (int, 0), "msg_send_day": (int, 0), "results_field": (str, CFG_WEBMESSAGE_RESULTS_FIELD["NONE"]), "names_selected": (list, []), "search_pattern": (str, ""), "send_button": (str, ""), "search_user": (str, ""), "search_group": (str, ""), "add_user": (str, ""), "add_group": (str, ""), }, ) # Check if user is logged uid = getUid(req) _ = gettext_set_language(argd["ln"]) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourmessages/send" % (CFG_SITE_URL,), navmenuid="yourmessages") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd( { "referer": "%s/yourmessages/send%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln": argd["ln"], }, {}, ), ), ) user_info = collect_user_info(req) if not user_info["precached_usemessages"]: return page_not_authorized(req, "../", text=_("You are not authorized to use messages.")) if argd["send_button"]: (body, errors, warnings, title, navtrail) = perform_request_send( uid=uid, msg_to_user=argd["msg_to_user"], msg_to_group=argd["msg_to_group"], msg_subject=escape_html(argd["msg_subject"]), msg_body=escape_email_quoted_text(argd["msg_body"]), msg_send_year=argd["msg_send_year"], msg_send_month=argd["msg_send_month"], msg_send_day=argd["msg_send_day"], ln=argd["ln"], ) else: title = _("Write a message") navtrail = get_navtrail(argd["ln"], title) if argd["search_user"]: argd["results_field"] = CFG_WEBMESSAGE_RESULTS_FIELD["USER"] elif argd["search_group"]: argd["results_field"] = CFG_WEBMESSAGE_RESULTS_FIELD["GROUP"] add_values = 0 if argd["add_group"] or argd["add_user"]: add_values = 1 (body, errors, warnings) = perform_request_write_with_search( uid=uid, msg_to_user=argd["msg_to_user"], msg_to_group=argd["msg_to_group"], msg_subject=escape_html(argd["msg_subject"]), msg_body=escape_email_quoted_text(argd["msg_body"]), msg_send_year=argd["msg_send_year"], msg_send_month=argd["msg_send_month"], msg_send_day=argd["msg_send_day"], names_selected=argd["names_selected"], search_pattern=argd["search_pattern"], results_field=argd["results_field"], add_values=add_values, ln=argd["ln"], ) return page( title=title, body=body, navtrail=navtrail, uid=uid, lastupdated=__lastupdated__, req=req, language=argd["ln"], errors=errors, warnings=warnings, navmenuid="yourmessages", )