def index(): dered = render_url(request.query.url_to_render.replace('>','?').replace('<','&')) dered = str(dered).replace('"','"').replace('#039;',"'") return dict(rendered=dered)
def process_sms_command(user, command): cmd = str(command).split(' ')[0].strip().lower() global msgs global pages try: page = pages[user] msg = msgs[user] except KeyError: page = 0 msg = [] pages[user] = page msgs[user] = msg if cmd.startswith('prev'): page -= 1 if page < 0: page = 0 elif cmd.startswith('next'): page += 1 elif cmd.startswith('page'): error = True try: page_num = int(float(str(command).split(' ')[1])) error = False except: pass if not error: if page_num > len(msg): page = len(msg) - 1 else: page = page_num - 1 elif cmd.startswith('url'): error = True try: webpage = render_url(str(command).split(' ')[1]) error = False except IndexError: pass if not error: page = 0 buf = [] for line in webpage.splitlines(True): buf.append(line.strip(' \t')) # remove space and tab formatting msg = digest_sms(''.join(buf)) elif cmd.startswith('mail'): phonenumber = user.split('@')[0] error = True try: webpage = render_url('http://134.129.125.232:8080/smsplusplus/query.action;service=mail&phone=%s' % (phonenumber)) print len(webpage) lines = webpage.splitlines() for line in lines: line.strip() webpage = ''.join(lines) message = webpage # error is html page with "Bad Request" in the body with no surronding tag if webpage != 'Bad Request': emails = eval(str(webpage)) #XSS ATTACK! #the return should be a json dictionary if isinstance(emails, dict): try: num = 0 message = '' for email in emails['entry']: message += "%d: %s (%s)\n" % (num, email['title'], email['author']['email']) num += 1 except KeyError: message = webpage else: message = webpage error = False except IndexError: pass if not error: page = 0 msg = digest_sms(message) elif cmd.startswith('cal'): phonenumber = user.split('@')[0] global cal_defaults error = True try: webpage = render_url('http://134.129.125.232/gcalendar.php?number=%s&mode=json' % (phonenumber)) lines = webpage.splitlines() for line in lines: line.strip() webpage = ''.join(lines) message = webpage # error is html page with "error" in the body with no surronding tag if webpage != 'error': cals = eval(str(webpage)) #XSS ATTACK! #the return should be a json dictionary message = '' num = 0 for cal in cals['events']: creator = '' try: creator = cal['creator'] except KeyError: pass if creator != 'US Holidays': if cal['summary'] not in cal_defaults: try: message += "%d: %s (%s)\n" % (num, cal['summary'], cal['startDate']) except KeyError: try: message += "%d: %s (%s)\n" % (num, cal['summary'], cal['startDateTime']) except KeyError: pass num += 1 error = False except IndexError: pass if not error: page = 0 msg = digest_sms(message) else: msg = digest_sms(sms_help_msg) try: message = msg[page] except IndexError: page = len(msg)-1 message = '' if page >= 0: message = msg[page] if message is None or message is '': msg = digest_sms(sms_help_msg) page = 0 message = msg[page] msgs[user] = msg pages[user] = page return message