def validate_test_case(self, req, postname, version, fields): if 'testcase-preview' in req.args: return [] qa_res = Resource('qa', postname, version) if req.perm(qa_res).has_permission('QA_ADMIN'): return [] if version > 1: bp = BlogPost(self.env, postname, version) last_post_fields = bp._fetch_fields(version=version - 1) else: last_post_fields = {} field_names = set(fields).union(last_post_fields) changes = [] for field in field_names: old = to_unicode(last_post_fields.get(field, '')) new = to_unicode(fields.get(field, '')) if new and old != new: changes.append((old, new)) author = fields.get('author', '') if arity(FilterSystem.test) == 4: # 0.11 compatible method signature FilterSystem(self.env).test(req, author, changes) else: # 0.12+ compatible that adds an 'ip' argument FilterSystem(self.env).test(req, author, changes, req.remote_addr) return []
def _process_monitoring_panel(self, req): req.perm.assert_permission('SPAM_TRAIN') filtersys = FilterSystem(self.env) if 'markspam' in req.args or 'markham' in req.args: spam = 'markspam' in req.args for entry_id in req.args.getlist('sel'): filtersys.train(req, entry_id, spam=spam) elif 'delete' in req.args: for entry_id in req.args.getlist('sel'): LogEntry.delete(self.env, entry_id) return True
def validate_blog_comment(self, req, postname, fields): if 'previewcomment' in req.args: return [] blog_res = Resource('blog', postname) if req.perm(blog_res).has_permission('BLOG_ADMIN'): return [] author = fields.get('author', '') changes = [(None, fields.get('comment', '')), (None, author)] if arity(FilterSystem.test) == 4: # 0.11 compatible method signature FilterSystem(self.env).test(req, author, changes) else: # 0.12+ compatible that adds an 'ip' argument FilterSystem(self.env).test(req, author, changes, req.remote_addr) return []
def filter_topic(self, context, topic): # Test topic for spam. try: if arity(FilterSystem.test) == 4: #SpamFilter < 0.3.2 or >= 0.7.0 FilterSystem(self.env).test(context.req, topic['author'], [(None, topic['author']), (None, topic['subject']), (None, topic['body'])]) else: #SpamFilter >= 0.3.2 or < 0.7.0 FilterSystem(self.env).test(context.req, topic['author'], [(None, topic['author']), (None, topic['subject']), (None, topic['body'])], context.req.remote_addr) except RejectContent, error: # Topic contains spam. return False, error.message
def filter_message(self, context, message): # Test message for spam. try: FilterSystem(self.env).test(context.req, message['author'], [(None, message['author']), (None, message['body'])]) except RejectContent, error: # Message contains spam. return False, error.message
def validate_topic(self, req, author, subject, body): if req.perm.has_permission('TICKET_ADMIN'): # An administrator is allowed to spam return [] if 'preview' in req.args: # Only a preview, no need to filter the submission yet return [] changes = [(None, body)] FilterSystem(self.env).test(req, author, changes) return []
def process_request(self, req): req.perm.assert_permission('GUESTBOOK_VIEW') # getting cursor db = self.env.get_db_cnx() cursor = db.cursor() if req.args.has_key('action'): # process append request if req.args['action'] == 'newentry': req.perm.assert_permission('GUESTBOOK_APPEND') # get form values author = req.args['author'] title = req.args['title'] text = req.args['text'] # check for spam self.log.debug('has_spam_filter: %s' % (has_spam_filter, )) if has_spam_filter: FilterSystem(self.env).test(req, author, [(None, title), (None, text)]) self._append_message(cursor, author, title, text) # process delete request if req.args['action'] == 'delete': req.perm.assert_permission('GUESTBOOK_DELETE') self._delete_message(cursor, req.args['id']) # adding stylesheets add_stylesheet(req, 'common/css/wiki.css') add_stylesheet(req, 'guestbook/css/guestbook.css') # adding scripts add_script(req, 'common/js/trac.js') add_script(req, 'common/js/wikitoolbar.js') # passing variables to template req.hdf['guestbook.title'] = self.env.config.get( 'guestbook', 'title', 'Guestbook') req.hdf['guestbook.messages'] = self._get_messages(req, cursor) req.hdf['guestbook.append'] = req.perm.has_permission('GUESTBOOK_VIEW') # database commit and return page content db.commit() return 'guestbook.cs', 'text/html'
def nuke_user(self, username): db = self.env.get_db_cnx() cursor = db.cursor() print "Nuking %r..." % username cursor.execute('SELECT id FROM ticket WHERE reporter=%s', (username, )) ticketids = [row[0] for row in cursor.fetchall()] if ticketids: print "deleting tickets %s reported by %s" % (ticketids, username) for id_ in ticketids: Ticket(self.env, id_).delete() else: print "No tickets reported by", username cursor.execute( "SELECT ticket,time FROM ticket_change WHERE author=%s AND field = 'comment'", (username, )) comments = cursor.fetchall() if comments: # XXX is there an API for this? can't find one. print "deleting comments %s by %s" % (comments, username) cursor.execute( "DELETE FROM ticket_change WHERE author=%s AND field = 'comment'", (username, )) else: print "No comments by", username # Hooking into TracSpamFilter here. # Train all entries for this user, then delete. try: import tracspamfilter except ImportError: pass else: from tracspamfilter.api import FilterSystem handler = FilterSystem(self.compmgr) class fakerequest(object): # stuff needed by Request(); the filter builds a new one # and it assumes it was triggered by an HTTP request. environ = {'wsgi.url_scheme': 'http'} # Unfortunately, tracspamfilter.model.LogEntry.select() # doesn't support querying by author. Not much of an ORM, eh? cursor.execute("SELECT id FROM spamfilter_log WHERE author=%s", (username, )) entries = [row[0] for row in cursor.fetchall()] # Bug: For some reason this hangs on handler.train(), # likely upstream services being slow? print "Training and deleting %d spamfilter log entries" % len( entries) for entry in entries: print "Training %s..." % entry handler.train(fakerequest, entry, spam=True) cursor.execute("DELETE FROM spamfilter_log WHERE author=%s", (username, )) import acct_mgr.api account_mgr = acct_mgr.api.AccountManager(self.env) delete_enabled = account_mgr.supports('delete_user') if delete_enabled: account_mgr.delete_user(username) # XXX auth_cookie rows do not actually seem to get deleted? # is there an API for this? cursor.execute('DELETE FROM auth_cookie WHERE name=%s', (username, )) print "Deleted %r!" % username else: print "The password store does not support deleting users."
def nuke_user(self, username): db = self.env.get_db_cnx() cursor = db.cursor() print "Nuking %r..." % username cursor.execute('SELECT id FROM ticket WHERE reporter=%s', (username,)) ticketids = [row[0] for row in cursor.fetchall()] if ticketids: print "deleting tickets %s reported by %s" % (ticketids, username) for id_ in ticketids: Ticket(self.env, id_).delete() else: print "No tickets reported by", username cursor.execute("SELECT ticket,time FROM ticket_change WHERE author=%s AND field = 'comment'", (username,)) comments = cursor.fetchall() if comments: # XXX is there an API for this? can't find one. print "deleting comments %s by %s" % (comments, username) cursor.execute("DELETE FROM ticket_change WHERE author=%s AND field = 'comment'", (username,)) else: print "No comments by", username # Hooking into TracSpamFilter here. # Train all entries for this user, then delete. try: import tracspamfilter except ImportError: pass else: from tracspamfilter.api import FilterSystem handler = FilterSystem(self.compmgr) class fakerequest(object): # stuff needed by Request(); the filter builds a new one # and it assumes it was triggered by an HTTP request. environ = {'wsgi.url_scheme': 'http'} # Unfortunately, tracspamfilter.model.LogEntry.select() # doesn't support querying by author. Not much of an ORM, eh? cursor.execute("SELECT id FROM spamfilter_log WHERE author=%s", (username,)) entries = [row[0] for row in cursor.fetchall()] # Bug: For some reason this hangs on handler.train(), # likely upstream services being slow? print "Training and deleting %d spamfilter log entries" % len(entries) for entry in entries: print "Training %s..." % entry handler.train(fakerequest, entry, spam=True) cursor.execute("DELETE FROM spamfilter_log WHERE author=%s", (username,)) import acct_mgr.api account_mgr = acct_mgr.api.AccountManager(self.env) delete_enabled = account_mgr.supports('delete_user') if delete_enabled: account_mgr.delete_user(username) # XXX auth_cookie rows do not actually seem to get deleted? # is there an API for this? cursor.execute('DELETE FROM auth_cookie WHERE name=%s', (username,)) print "Deleted %r!" % username else: print "The password store does not support deleting users."