def process_tripcode(name, tripkey='!'): match = re.match(TRIP_RE % re.escape(tripkey), name) if not match: return (str_format.clean_string(str_format.decode_string(name)), '') trip = '' namepart, marker, trippart = match.groups() namepart = str_format.clean_string(str_format.decode_string(namepart)) # do we want secure trips, and is there one? if config.SECRET: regexp = re.compile(SECURE_TRIP_RE.replace("%s", re.escape(marker))) smatch = regexp.match(trippart) if smatch: trippart = regexp.sub('', trippart) maxlen = 255 - len(config.SECRET) string = smatch.group(1)[:maxlen] trip = tripkey * 2 + hide_data(smatch.group(1), 6, "trip", config.SECRET, True) if not trippart: # return directly if there's no normal tripcode return (namepart, trip) # 2ch trips are processed as Shift_JIS whenever possible trippart = trippart.encode("shiftjis", "xmlcharrefreplace") trippar = str_format.clean_string(trippart) salt = (trippart + "H..")[1:3] salt = SALT_CLEAN_RE.sub('.', salt) for old, new in map(None, ':;<=>?@[\\]^_`', 'ABCDEFGabcdef'): salt = salt.replace(old, new) trip = tripkey + crypt.crypt(trippart, salt)[-10:] + trip return (namepart, trip)
def clean_fields(self, editing, admin_mode, options): '''Modifies fields to clean them''' # kill the name if anonymous posting is being enforced if options['FORCED_ANON']: self.name = '' self.trip = '' if self.email.lower() == 'sage': self.email = 'sage' else: self.email = '' # fix up the email/link, if it is not a generic URI already. if self.email and not re.search(r"(?:^\w+:)|(?:\:\/\/)", self.email): self.email = "mailto:" + self.email # clean up the inputs self.subject = str_format.clean_string( str_format.decode_string(self.subject)) # format comment if not self.req_no_format: self.comment = str_format.format_comment(str_format.clean_string( str_format.decode_string(self.comment))) # insert default values for empty fields if not (self.name or self.trip): self.name = options['S_ANONAME'] self.subject = self.subject or options['S_ANOTITLE'] self.comment = self.comment or options['S_ANOTEXT']
def clean_fields(self, editing, admin_mode, options): '''Modifies fields to clean them''' # kill the name if anonymous posting is being enforced if options['FORCED_ANON']: self.name = '' self.trip = '' if self.email.lower() == 'sage': self.email = 'sage' else: self.email = '' # fix up the email/link, if it is not a generic URI already. if self.email and not re.search(r"(?:^\w+:)|(?:\:\/\/)", self.email): self.email = "mailto:" + self.email # clean up the inputs self.subject = str_format.clean_string( str_format.decode_string(self.subject)) # format comment if not self.req_no_format: self.comment = str_format.format_comment( str_format.clean_string(str_format.decode_string( self.comment))) # insert default values for empty fields if not (self.name or self.trip): self.name = options['S_ANONAME'] self.subject = self.subject or options['S_ANOTITLE'] self.comment = self.comment or options['S_ANOTEXT']
def spam_engine(trap_fields, spam_files): def spam_screen(): raise util.WakaError(strings.SPAM) request = local.request for field in trap_fields: if request.values.get("request", None) is not None: spam_screen() spam_checker = compile_spam_checker(spam_files) fields = request.values.keys() fulltext = "\n".join([str_format.decode_string(request.values[x]) for x in fields]) if spam_checker(fulltext): spam_screen()
def spam_engine(trap_fields, spam_files): def spam_screen(): raise util.WakaError(strings.SPAM) request = local.request for field in trap_fields: if request.values.get('request', None) is not None: spam_screen() spam_checker = compile_spam_checker(spam_files) fields = request.values.keys() fulltext = '\n'.join( [str_format.decode_string(request.values[x]) for x in fields]) if spam_checker(fulltext): spam_screen()
def add_admin_entry(task_data, option, comment, ip='', mask='255.255.255.255', sval1='', total='', expiration=0, caller=''): session = model.Session() table = model.admin ival1 = ival2 = 0 if not comment: raise WakaError(strings.COMMENT_A_MUST) if option in ('ipban', 'whitelist'): if not ip: raise WakaError('IP address required.') if not mask: mask = '255.255.255.255' # Convert to decimal. (ival1, ival2) = (misc.dot_to_dec(ip), misc.dot_to_dec(mask)) sql = table.select().where(table.c.type == option) query = session.execute(sql) for row in query: try: if int(row.ival1) & int(row.ival2) == ival1 & ival2: raise WakaError('IP address and mask match ban #%d.' % \ (row.num)) except ValueError: raise WakaError("Entry #%s on ban table is inconsistent. " "This shouldn't happen." % row.num) # Add info to task data. content = ip + (' (' + mask + ')' if mask else '') if total == 'yes': add_htaccess_entry(ip) content += ' (no browse)' content += ' "' + comment + '"' task_data.contents.append(content) else: if not sval1: raise WakaError(strings.STRINGFIELDMISSING) sql = table.select().where( and_(table.c.sval1 == sval1, table.c.type == option)) row = session.execute(sql).fetchone() if row: raise WakaError('Duplicate String in ban #%d.' % (row.num)) # Add ifno to task data. task_data.contents.append(sval1) comment = str_format.clean_string(\ str_format.decode_string(comment, config.CHARSET)) expiration = int(expiration) if expiration else 0 if expiration: expiration = expiration + time.time() sql = table.insert().values(type=option, comment=comment, ival1=int(ival1), ival2=int(ival2), sval1=sval1, total=total, expiration=expiration) result = session.execute(sql) task_data.admin_id = result.inserted_primary_key[0] # Add specific action name to task data. task_data.action = option board = local.environ['waka.board'] forward_url = misc.make_script_url(task='bans', board=board.name) if caller == 'window': return Template('edit_successful') return util.make_http_forward(forward_url, config.ALTERNATE_REDIRECT)
def add_admin_entry(task_data, option, comment, ip='', mask='255.255.255.255', sval1='', total='', expiration=0, caller=''): session = model.Session() table = model.admin ival1 = ival2 = 0 if not comment: raise WakaError(strings.COMMENT_A_MUST) if option in ('ipban', 'whitelist'): if not ip: raise WakaError('IP address required.') if not mask: mask = '255.255.255.255' # Convert to decimal. (ival1, ival2) = (misc.dot_to_dec(ip), misc.dot_to_dec(mask)) sql = table.select().where(table.c.type == option) query = session.execute(sql) for row in query: try: if int(row.ival1) & int(row.ival2) == ival1 & ival2: raise WakaError('IP address and mask match ban #%d.' % \ (row.num)) except ValueError: raise WakaError("Entry #%s on ban table is inconsistent. " "This shouldn't happen." % row.num) # Add info to task data. content = ip + (' (' + mask + ')' if mask else '') if total == 'yes': add_htaccess_entry(ip) content += ' (no browse)' content += ' "' + comment + '"' task_data.contents.append(content) else: if not sval1: raise WakaError(strings.STRINGFIELDMISSING) sql = table.select().where(and_(table.c.sval1 == sval1, table.c.type == option)) row = session.execute(sql).fetchone() if row: raise WakaError('Duplicate String in ban #%d.' % (row.num)) # Add ifno to task data. task_data.contents.append(sval1) comment = str_format.clean_string(\ str_format.decode_string(comment, config.CHARSET)) expiration = int(expiration) if expiration else 0 if expiration: expiration = expiration + time.time() sql = table.insert().values(type=option, comment=comment, ival1=int(ival1), ival2=int(ival2), sval1=sval1, total=total, expiration=expiration) result = session.execute(sql) task_data.admin_id = result.inserted_primary_key[0] # Add specific action name to task data. task_data.action = option board = local.environ['waka.board'] forward_url = misc.make_script_url(task='bans', board=board.name) if caller == 'window': return Template('edit_successful') return util.make_http_forward(forward_url, config.ALTERNATE_REDIRECT)