Exemplo n.º 1
0
    def test_mark_for_escaping_lazy(self):
        s = lazystr('a&b')
        b = lazybytes(b'a&b')

        self.assertIsInstance(mark_for_escaping(s), EscapeData)
        self.assertIsInstance(mark_for_escaping(b), EscapeData)
        self.assertRenderEqual('{% autoescape off %}{{ s }}{% endautoescape %}', 'a&b', s=mark_for_escaping(s))
Exemplo n.º 2
0
 def dropdown_items(self):
     submenu_context = [
         format_submenu_context(_("Reports"), is_header=True),
         format_submenu_context(_("Admin Reports"),
                                url=reverse("default_admin_report")),
         format_submenu_context(_("System Info"),
                                url=reverse("system_info")),
         format_submenu_context(_("Management"), is_header=True),
         format_submenu_context(mark_for_escaping(
             _("ADM Reports & Columns")),
                                url=reverse("default_adm_admin_interface")),
         #            format_submenu_context(mark_for_escaping("HQ Announcements"),
         #                url=reverse("default_announcement_admin")),
     ]
     try:
         submenu_context.append(
             format_submenu_context(mark_for_escaping(_("Billing")),
                                    url=reverse("billing_default")))
     except Exception:
         pass
     submenu_context.extend([
         format_submenu_context(None, is_divider=True),
         format_submenu_context(_("Django Admin"), url="/admin")
     ])
     return submenu_context
Exemplo n.º 3
0
    def test_mark_for_escaping_lazy(self):
        s = lazystr("a&b")
        b = lazybytes(b"a&b")

        self.assertIsInstance(mark_for_escaping(s), EscapeData)
        self.assertIsInstance(mark_for_escaping(b), EscapeData)
        self.assertRenderEqual("{% autoescape off %}{{ s }}{% endautoescape %}", "a&b", s=mark_for_escaping(s))
Exemplo n.º 4
0
    def dropdown_items(self):
        submenu_context = [
            format_submenu_context(_("Reports"), is_header=True),
            format_submenu_context(_("Admin Reports"), url=reverse("default_admin_report")),
            format_submenu_context(_("System Info"), url=reverse("system_info")),
            format_submenu_context(_("Management"), is_header=True),
            format_submenu_context(mark_for_escaping(_("ADM Reports & Columns")),
                url=reverse("default_adm_admin_interface")),
            format_submenu_context(mark_for_escaping(_("Commands")), url=reverse("management_commands")),
#            format_submenu_context(mark_for_escaping("HQ Announcements"),
#                url=reverse("default_announcement_admin")),
        ]
        try:
            if AccountingTab(self._request, self._current_url_name).is_viewable:
                submenu_context.append(format_submenu_context(AccountingTab.title, url=reverse('accounting_default')))
        except Exception:
            pass
        try:
            submenu_context.append(format_submenu_context(mark_for_escaping(_("Old SMS Billing")),
                url=reverse("billing_default")))
        except Exception:
            pass
        submenu_context.extend([
            format_submenu_context(_("SMS Connectivity"), url=reverse("default_sms_admin_interface")),
            format_submenu_context(_("Feature Flags"), url=reverse("toggle_list")),
            format_submenu_context(None, is_divider=True),
            format_submenu_context(_("Django Admin"), url="/admin")
        ])
        return submenu_context
Exemplo n.º 5
0
    def dropdown_items(self):
        submenu_context = [
            format_submenu_context(_("Reports"), is_header=True),
            format_submenu_context(_("Admin Reports"), url=reverse("default_admin_report")),
            format_submenu_context(_("System Info"), url=reverse("system_info")),
            format_submenu_context(_("Management"), is_header=True),
            format_submenu_context(mark_for_escaping(_("ADM Reports & Columns")),
                url=reverse("default_adm_admin_interface")),
            format_submenu_context(mark_for_escaping(_("Commands")), url=reverse("management_commands")),
#            format_submenu_context(mark_for_escaping("HQ Announcements"),
#                url=reverse("default_announcement_admin")),
        ]
        try:
            if AccountingTab(self._request, self._current_url_name).is_viewable:
                submenu_context.append(format_submenu_context(AccountingTab.title, url=reverse('accounting_default')))
        except Exception:
            pass
        try:
            submenu_context.append(format_submenu_context(mark_for_escaping(_("Old SMS Billing")),
                url=reverse("billing_default")))
        except Exception:
            pass
        submenu_context.extend([
            format_submenu_context(_("SMS Connectivity"), url=reverse("default_sms_admin_interface")),
            format_submenu_context(_("Feature Flags"), url=reverse("toggle_list")),
            format_submenu_context(None, is_divider=True),
            format_submenu_context(_("Django Admin"), url="/admin")
        ])
        return submenu_context
Exemplo n.º 6
0
 def dropdown_items(self):
     submenu_context = [
         format_submenu_context(_("Reports"), is_header=True),
         format_submenu_context(_("Admin Reports"), url=reverse("default_admin_report")),
         format_submenu_context(_("System Info"), url=reverse("system_info")),
         format_submenu_context(_("Management"), is_header=True),
         format_submenu_context(
             mark_for_escaping(_("ADM Reports & Columns")), url=reverse("default_adm_admin_interface")
         ),
         format_submenu_context(mark_for_escaping(_("Commands")), url=reverse("management_commands")),
         #            format_submenu_context(mark_for_escaping("HQ Announcements"),
         #                url=reverse("default_announcement_admin")),
     ]
     try:
         submenu_context.append(
             format_submenu_context(mark_for_escaping(_("Billing")), url=reverse("billing_default"))
         )
     except Exception:
         pass
     submenu_context.extend(
         [
             format_submenu_context(_("SMS Connectivity"), url=reverse("default_sms_admin_interface")),
             format_submenu_context(None, is_divider=True),
             format_submenu_context(_("Django Admin"), url="/admin"),
         ]
     )
     return submenu_context
Exemplo n.º 7
0
 def make_app_title(cls, app_name, doc_type):
     return mark_safe(
         "%s%s"
         % (
             mark_for_escaping(app_name or "(Untitled)"),
             mark_for_escaping(" (Remote)" if doc_type == "RemoteApp" else ""),
         )
     )
Exemplo n.º 8
0
    def dropdown_items(self):
        # todo async refresh submenu when on the applications page and you change the application name
        key = [self.domain]
        apps = get_db().view(
            'app_manager/applications_brief',
            reduce=False,
            startkey=key,
            endkey=key + [{}],
            stale=settings.COUCH_STALE_QUERY,
        ).all()
        submenu_context = []
        if not apps:
            return submenu_context

        submenu_context.append(
            format_submenu_context(_('My Applications'), is_header=True))
        for app in apps:
            app_info = app['value']
            if app_info:
                url = reverse('view_app', args=[self.domain, app_info['_id']])
                app_name = mark_safe("%s%s" % (
                    mark_for_escaping(app_info['name'] or '(Untitled)'),
                    mark_for_escaping(' (Remote)' if app_info['doc_type'] ==
                                      'RemoteApp' else ''),
                ))

                submenu_context.append(
                    format_submenu_context(app_name, url=url))

        if self.couch_user.can_edit_apps():
            submenu_context.append(
                format_submenu_context(None, is_divider=True))
            newapp_options = [
                format_submenu_context(None,
                                       html=self._new_app_link(
                                           _('Blank Application'))),
                format_submenu_context(
                    None,
                    html=self._new_app_link(
                        _('RemoteApp (Advanced Users Only)'), is_remote=True)),
            ]
            newapp_options.append(
                format_submenu_context(
                    _('Visit CommCare Exchange to copy existing app...'),
                    url=reverse('appstore')))
            submenu_context.append(
                format_second_level_context(_('New Application...'), '#',
                                            newapp_options))
        return submenu_context
Exemplo n.º 9
0
def view_results(request, query):
    """ searches welbornprod content and returns the findings. """

    # search is okay until it's ran through our little 'gotcha' checker below.
    results_list, results_slice = ([], [])
    search_warning = searchtools.valid_query(query)

    if not search_warning:
        # search terms are okay, let's do it.
        results_list = searchtools.search_all(query)
        results_slice = utilities.slice_list(
            results_list,
            start=0,
            max_items=25)
    context = {
        'search_warning': search_warning,
        'results_list': results_slice,
        'query_text': query,
        'query_safe': mark_for_escaping(query),
        'results_count': len(results_list)
    }
    return responses.clean_response(
        'searcher/results.html',
        context=context,
        request=request)
Exemplo n.º 10
0
 def resolve(self, context, ignore_failures=False):
     try:
         obj = self.var.resolve(context)
     except VariableDoesNotExist:
         if ignore_failures:
             obj = None
         else:
             if settings.TEMPLATE_STRING_IF_INVALID:
                 global invalid_var_format_string
                 if invalid_var_format_string is None:
                     invalid_var_format_string = '%s' in settings.TEMPLATE_STRING_IF_INVALID
                 if invalid_var_format_string:
                     return settings.TEMPLATE_STRING_IF_INVALID % self.var
                 return settings.TEMPLATE_STRING_IF_INVALID
             else:
                 obj = settings.TEMPLATE_STRING_IF_INVALID
     for func, args in self.filters:
         arg_vals = []
         for lookup, arg in args:
             if not lookup:
                 arg_vals.append(mark_safe(arg))
             else:
                 arg_vals.append(arg.resolve(context))
         if getattr(func, 'needs_autoescape', False):
             new_obj = func(obj, autoescape=context.autoescape, *arg_vals)
         else:
             new_obj = func(obj, *arg_vals)
         if getattr(func, 'is_safe', False) and isinstance(obj, SafeData):
             obj = mark_safe(new_obj)
         elif isinstance(obj, EscapeData):
             obj = mark_for_escaping(new_obj)
         else:
             obj = new_obj
     return obj
Exemplo n.º 11
0
def user_delete(request, up, **kwargs):

    # Check we're not doing this from a GET request
    if request.method != 'POST':
        return direct_to_template(request, 'vns/confirm.html',
                                  {'title': 'Delete user %s' % up.user.username,
                                   'button': 'Delete %s' % up.user.username,
                                   'url': '/user/%s/delete/' % up.user.username})

    # Mark the user as retired
    user = up.user
    un = user.username
    on = up.org.name
    up.retired = True
    up.save()

    # Insert journal entries to delete their topologies - the main VNS process
    # will delete them if it is safe
    for t in db.Topology.objects.filter(owner=up.user):
        je = db.JournalTopologyDelete()
        je.topology = t
        je.save()

    messages.success(request, mark_for_escaping("You have successfully deleted %s." % un))
    return HttpResponseRedirect('/org/%s/' % on)
Exemplo n.º 12
0
def error(field):
    if hasattr(field,'errors') and field.errors:
        message = u','.join([u'%s' % force_unicode(e) for e in field.errors])
        message = mark_for_escaping(message) 
    else:
        return {'message': None}
    return {'message': message}
Exemplo n.º 13
0
def escape(value):
    """
    Marks the value as a string that should not be auto-escaped.
    """
    from django.utils.safestring import mark_for_escaping

    return mark_for_escaping(value)
Exemplo n.º 14
0
 def resolve(self, context, ignore_failures=False):
     try:
         obj = self.var.resolve(context)
     except VariableDoesNotExist:
         if ignore_failures:
             obj = None
         else:
             if settings.TEMPLATE_STRING_IF_INVALID:
                 global invalid_var_format_string
                 if invalid_var_format_string is None:
                     invalid_var_format_string = '%s' in settings.TEMPLATE_STRING_IF_INVALID
                 if invalid_var_format_string:
                     return settings.TEMPLATE_STRING_IF_INVALID % self.var
                 return settings.TEMPLATE_STRING_IF_INVALID
             else:
                 obj = settings.TEMPLATE_STRING_IF_INVALID
     for func, args in self.filters:
         arg_vals = []
         for lookup, arg in args:
             if not lookup:
                 arg_vals.append(mark_safe(arg))
             else:
                 arg_vals.append(arg.resolve(context))
         if getattr(func, 'needs_autoescape', False):
             new_obj = func(obj, autoescape=context.autoescape, *arg_vals)
         else:
             new_obj = func(obj, *arg_vals)
         if getattr(func, 'is_safe', False) and isinstance(obj, SafeData):
             obj = mark_safe(new_obj)
         elif isinstance(obj, EscapeData):
             obj = mark_for_escaping(new_obj)
         else:
             obj = new_obj
     return obj
Exemplo n.º 15
0
    def test_mark_for_escaping_object_implementing_dunder_html(self):
        e = customescape('<a&b>')
        s = mark_for_escaping(e)
        self.assertIs(s, e)

        self.assertRenderEqual('{{ s }}', '<<a&b>>', s=s)
        self.assertRenderEqual('{{ s|force_escape }}', '&lt;a&amp;b&gt;', s=s)
Exemplo n.º 16
0
    def test_mark_for_escaping_object_implementing_dunder_html(self):
        e = customescape("<a&b>")
        s = mark_for_escaping(e)
        self.assertIs(s, e)

        self.assertRenderEqual("{{ s }}", "<<a&b>>", s=s)
        self.assertRenderEqual("{{ s|force_escape }}", "&lt;a&amp;b&gt;", s=s)
Exemplo n.º 17
0
def simpleerror(field):
    if hasattr(field,'errors') and field.errors:
        message = u','.join([u'%s' % force_unicode(e) for e in field.errors])
        message = mark_for_escaping(message) 
    else:
        return False
    return message
Exemplo n.º 18
0
    def test_mark_for_escaping_object_implementing_dunder_html(self):
        e = customescape('<a&b>')
        s = mark_for_escaping(e)
        self.assertIs(s, e)

        self.assertRenderEqual('{{ s }}', '<<a&b>>', s=s)
        self.assertRenderEqual('{{ s|force_escape }}', '&lt;a&amp;b&gt;', s=s)
Exemplo n.º 19
0
    def test_mark_for_escaping_object_implementing_dunder_str(self):
        class Obj(object):
            def __str__(self):
                return '<obj>'

        s = mark_for_escaping(Obj())

        self.assertRenderEqual('{{ s }}', '&lt;obj&gt;', s=s)
Exemplo n.º 20
0
    def test_mark_for_escaping_object_implementing_dunder_str(self):
        class Obj(object):
            def __str__(self):
                return "<obj>"

        s = mark_for_escaping(Obj())

        self.assertRenderEqual("{{ s }}", "&lt;obj&gt;", s=s)
Exemplo n.º 21
0
    def test_mark_for_escaping_object_implementing_dunder_str(self):
        class Obj(object):
            def __str__(self):
                return '<obj>'

        s = mark_for_escaping(Obj())

        self.assertRenderEqual('{{ s }}', '&lt;obj&gt;', s=s)
Exemplo n.º 22
0
def escape_filter(value):
    """
    Marks the value as a string that should be auto-escaped.
    """
    with warnings.catch_warnings():
        # Ignore mark_for_escaping deprecation -- this will use
        # conditional_escape() in Django 2.0.
        warnings.simplefilter('ignore', category=RemovedInDjango20Warning)
        return mark_for_escaping(value)
Exemplo n.º 23
0
def escape_filter(value):
    """
    Marks the value as a string that should be auto-escaped.
    """
    with warnings.catch_warnings():
        # Ignore mark_for_escaping deprecation -- this will use
        # conditional_escape() in Django 2.0.
        warnings.simplefilter('ignore', category=RemovedInDjango20Warning)
        return mark_for_escaping(value)
Exemplo n.º 24
0
def get_text(request, document_id=""):
    ''' Return a document via API as plain text
    '''
    doc = Document.objects.for_slug(document_id)
    if not doc:
        raise APIError('fail', "Document not found: %s" % document_id)
    return dict(
        text=mark_for_escaping(
            doc.extracted_text),
        docslug=unicode(doc.slug))
Exemplo n.º 25
0
 def _convert_out(v, o=None):
     if getattr(filter_func, "is_safe", False) and isinstance(o, SafeData):
         v = mark_safe(v)
     elif isinstance(o, EscapeData):
         v = mark_for_escaping(v)
     if isinstance(v, SafeData):
         return Markup(v)
     if isinstance(v, EscapeData):
         return Markup.escape(v)  # not 100% equivalent, see mod docs
     return v
Exemplo n.º 26
0
def render_progress_bar(current,
                        total=100,
                        message="%",
                        bar_type="auto",
                        striped=False,
                        active=False):
    """ Returns a html code to render a bootstrap progress bar.
    Params:
        current: current value
        total: total value
        bar_type: one of info/success/warning/danger or auto or None
        striped: if you want striped bars
        active: if you want animated bars
    """
    if total is None:  # unlimited
        p = 0.0
        total = current
    else:
        p = int(current * 100 / total)

    html_classes = ["progress"]
    if striped:
        html_classes.append("progress-striped")
    if active:
        html_classes.append("active")

    if bar_type:
        if bar_type == "auto":
            if p < 50:
                bar_type = "info"
            elif p < 75:
                bar_type = "warning"
            else:
                bar_type = "danger"

        html_classes.append("progress-%s" % bar_type)

    if message == '%':
        message = "%(current)d of %(total)d" % {
            'current': current,
            'total': total
        }

    if message:
        # wrapper message in paragraph
        message = "<p style='padding-left: 10px; position: absolute;'>%s</p>" % mark_for_escaping(
            message)

    html = """<div class="%(classes)s">%(message)s<div class="bar" style="width: %(p)d%%;"></div></div>""" % \
        {
            "classes": " ".join(html_classes),
            "message": message or "",
            "p": p,
        }
    return mark_safe(html)
Exemplo n.º 27
0
    def get_data(self, item):
        data = queryparser.parse(item.body)
        if 'data' not in data:
            return None

        items = list(data['data'].items())
        items.sort()
        out = ''
        for i, dt in items:
            out += "%s %s<br>" % (i, mark_for_escaping(dt))
        return mark_safe(out)
Exemplo n.º 28
0
def get_html(request, document_id=""):
    ''' Return a document via API as HTML,
        verbatim per Tika's HTML conversion output
    '''
    doc = Document.objects.for_slug(document_id)
    if not doc:
        raise APIError('fail', "Document not found: %s" % document_id)
    return dict(
        html=mark_for_escaping(
            doc.extracted_html).encode(
                'ascii', 'xmlcharrefreplace'))
Exemplo n.º 29
0
    def dropdown_items(self):
        # todo async refresh submenu when on the applications page and you change the application name
        key = [self.domain]
        apps = get_db().view('app_manager/applications_brief',
            reduce=False,
            startkey=key,
            endkey=key+[{}],
            stale=settings.COUCH_STALE_QUERY,
        ).all()
        submenu_context = []
        if not apps:
            return submenu_context

        submenu_context.append(format_submenu_context(_('My Applications'), is_header=True))
        for app in apps:
            app_info = app['value']
            if app_info:
                url = reverse('view_app', args=[self.domain, app_info['_id']])
                app_name = mark_safe("%s%s" % (
                    mark_for_escaping(app_info['name'] or '(Untitled)'),
                    mark_for_escaping(' (Remote)' if app_info['doc_type'] == 'RemoteApp' else ''),
                ))

                submenu_context.append(format_submenu_context(app_name, url=url))

        if self.couch_user.can_edit_apps():
            submenu_context.append(format_submenu_context(None, is_divider=True))
            newapp_options = [
                format_submenu_context(None, html=self._new_app_link(_('Blank Application'))),
                format_submenu_context(None, html=self._new_app_link(_('RemoteApp (Advanced Users Only)'),
                    is_remote=True)),
            ]
            newapp_options.append(format_submenu_context(_('Visit CommCare Exchange to copy existing app...'),
                url=reverse('appstore')))
            submenu_context.append(format_second_level_context(
                _('New Application...'),
                '#',
                newapp_options
            ))
        return submenu_context
Exemplo n.º 30
0
 def resolve(self, context, ignore_failures=False):
     if isinstance(self.var, Variable):
         try:
             obj = self.var.resolve(context)
         except VariableDoesNotExist:
             if ignore_failures:
                 obj = None
             else:
                 string_if_invalid = context.template.engine.string_if_invalid
                 if string_if_invalid:
                     if '%s' in string_if_invalid:
                         return string_if_invalid % self.var
                     else:
                         return string_if_invalid
                 else:
                     obj = string_if_invalid
     else:
         obj = self.var
     escape_isnt_last_filter = True
     for func, args in self.filters:
         arg_vals = []
         for lookup, arg in args:
             if not lookup:
                 arg_vals.append(mark_safe(arg))
             else:
                 arg_vals.append(arg.resolve(context))
         if getattr(func, 'expects_localtime', False):
             obj = template_localtime(obj, context.use_tz)
         if getattr(func, 'needs_autoescape', False):
             new_obj = func(obj, autoescape=context.autoescape, *arg_vals)
         else:
             new_obj = func(obj, *arg_vals)
         if getattr(func, 'is_safe', False) and isinstance(obj, SafeData):
             obj = mark_safe(new_obj)
         elif isinstance(obj, EscapeData):
             with warnings.catch_warnings():
                 # Ignore mark_for_escaping deprecation as this will be
                 # removed in Django 2.0.
                 warnings.simplefilter('ignore',
                                       category=RemovedInDjango20Warning)
                 obj = mark_for_escaping(new_obj)
                 escape_isnt_last_filter = False
         else:
             obj = new_obj
     if not escape_isnt_last_filter:
         warnings.warn(
             "escape isn't the last filter in %s and will be applied "
             "immediately in Django 2.0 so the output may change." %
             [func.__name__ for func, _ in self.filters],
             RemovedInDjango20Warning,
             stacklevel=2)
     return obj
Exemplo n.º 31
0
def get_cleansed_html(request, document_id=""):
    ''' Return a document via API as HTML,
        applying a post-process cleaning function
        to Tika's HTML output to remove anything
        unrelated to the basic formatting directives
    '''
    doc = Document.objects.for_slug(document_id)
    if not doc:
        raise APIError('fail', "Document not found: %s" % document_id)
    return dict(
        cleansed_html=mark_for_escaping(
            doc.cleansed_html).encode(
                'ascii', 'xmlcharrefreplace'))
Exemplo n.º 32
0
 def resolve(self, context, ignore_failures=False):
     if isinstance(self.var, Variable):
         try:
             obj = self.var.resolve(context)
         except VariableDoesNotExist:
             if ignore_failures:
                 obj = None
             else:
                 string_if_invalid = context.template.engine.string_if_invalid
                 if string_if_invalid:
                     if '%s' in string_if_invalid:
                         return string_if_invalid % self.var
                     else:
                         return string_if_invalid
                 else:
                     obj = string_if_invalid
     else:
         obj = self.var
     escape_isnt_last_filter = True
     for func, args in self.filters:
         arg_vals = []
         for lookup, arg in args:
             if not lookup:
                 arg_vals.append(mark_safe(arg))
             else:
                 arg_vals.append(arg.resolve(context))
         if getattr(func, 'expects_localtime', False):
             obj = template_localtime(obj, context.use_tz)
         if getattr(func, 'needs_autoescape', False):
             new_obj = func(obj, autoescape=context.autoescape, *arg_vals)
         else:
             new_obj = func(obj, *arg_vals)
         if getattr(func, 'is_safe', False) and isinstance(obj, SafeData):
             obj = mark_safe(new_obj)
         elif isinstance(obj, EscapeData):
             with warnings.catch_warnings():
                 # Ignore mark_for_escaping deprecation as this will be
                 # removed in Django 2.0.
                 warnings.simplefilter('ignore', category=RemovedInDjango20Warning)
                 obj = mark_for_escaping(new_obj)
                 escape_isnt_last_filter = False
         else:
             obj = new_obj
     if not escape_isnt_last_filter:
         warnings.warn(
             "escape isn't the last filter in %s and will be applied "
             "immediately in Django 2.0 so the output may change."
             % [func.__name__ for func, _ in self.filters],
             RemovedInDjango20Warning, stacklevel=2
         )
     return obj
Exemplo n.º 33
0
def view_paged(request):
    """ views page slice of results using GET args. """
    
    # intialize results in case of failure...
    results_list, results_slice = ([], [])
    
    # get query
    query = responses.get_request_arg(request, ['q', 'query', 'search'], default="")
    query_safe = mark_for_escaping(query)
    
    # check query
    search_warning = searchtools.valid_query(query)

    # search okay?
    if search_warning == '':
        # get initial results
        results_list = searchtools.search_all(query, projects_first=True)
            
        # get overall total count
        results_count = len(results_list)
        
        # get args
        page_args = responses.get_paged_args(request, results_count)
        # results slice
        if results_count > 0:
            results_slice = utilities.slice_list(results_list,
                                                 starting_index=page_args['start_id'],
                                                 max_items=page_args['max_items'])
        else:
            results_slice = []
        
    # get last index.
    end_id = str(page_args['start_id'] + len(results_slice))
    return responses.clean_response("searcher/results_paged.html",
                                    {"request": request,
                                     "search_warning": search_warning,
                                     "results_list": results_slice,
                                     "query_text": query,
                                     "query_safe": query_safe,
                                     "start_id": (page_args['start_id'] + 1),
                                     "end_id": end_id,
                                     "results_count": results_count,
                                     "prev_page": page_args['prev_page'],
                                     "next_page": page_args['next_page'],
                                     "has_prev": (page_args['start_id'] > 0),
                                     "has_next": (page_args['start_id'] < (results_count - page_args['max_items'])),
                                     "extra_style_link_list": [utilities.get_browser_style(request),
                                                               "/static/css/searcher.min.css",
                                                               "/static/css/highlighter.min.css"],
                                     })
Exemplo n.º 34
0
def render_progress_bar(current, total=100, message="%", bar_type="auto", striped=False, active=False):
    """ Returns a html code to render a bootstrap progress bar.
    Params:
        current: current value
        total: total value
        bar_type: one of info/success/warning/danger or auto or None
        striped: if you want striped bars
        active: if you want animated bars
    """
    if total is None:  # unlimited
        p = 0.0
        total = current
    else:
        p = int(current * 100 / total)

    html_classes = ["progress"]
    if striped:
        html_classes.append("progress-striped")
    if active:
        html_classes.append("active")

    if bar_type:
        if bar_type == "auto":
            if p < 50:
                bar_type = "info"
            elif p < 75:
                bar_type = "warning"
            else:
                bar_type = "danger"

        html_classes.append("progress-%s" % bar_type)

    if message == '%':
        message = "%(current)d of %(total)d" % {
            'current': current, 'total': total}

    if message:
        # wrapper message in paragraph
        message = "<p style='padding-left: 10px; position: absolute;'>%s</p>" % mark_for_escaping(
            message)

    html = """<div class="%(classes)s">%(message)s<div class="bar" style="width: %(p)d%%;"></div></div>""" % \
        {
            "classes": " ".join(html_classes),
            "message": message or "",
            "p": p,
        }
    return mark_safe(html)
Exemplo n.º 35
0
    def post(self, request, *args, **kwargs):
        self.object = self.get_object()

        if not self.object.user_has_access(request.user):
            return HttpResponseForbidden()

        key = self.request.POST['id']
        value = self.request.POST['value']
        if key.startswith('extension_'):
            key = key[len('extension_'):]

        whitelist = 'name', 'description', 'url'
        if key not in whitelist:
            return HttpResponseForbidden()

        setattr(self.object, key, value)
        self.object.save()

        return HttpResponse(mark_for_escaping(value))
Exemplo n.º 36
0
def view_error(request, error_number):
    """  returns  appropriate error page when given the error code. """
    
    request_path = request.META["PATH_INFO"]
    if request_path.startswith('/'):
        request_path = request_path[1:]
    
    serror = str(error_number)
    # if its not one of these I don't have a template for it,
    # so it really would be a file-not-found error.
    if not serror in ["403", "404", "500"]:
        serror = "404"
    context = {
        'request': request,
        'request_path': mark_for_escaping(request_path),
        'extra_style_link_list': [utilities.get_browser_style(request)],
    }
    return responses.clean_response_req('home/{}.html'.format(serror), context,
                                        request=request)
Exemplo n.º 37
0
def view_error(request, error_number):
    """  returns  appropriate error page when given the error code. """

    request_path = request.META['PATH_INFO']
    if request_path.startswith('/'):
        request_path = request_path[1:]

    # If its not one of these I don't have a template for it,
    # so it really would be a file-not-found error.
    if error_number not in (403, 404, 500):
        error_number = 404

    context = {
        'request_path': mark_for_escaping(request_path),
    }
    return responses.clean_response(
        'home/{}.html'.format(error_number),
        context=context,
        request=request,
        status=error_number
    )
Exemplo n.º 38
0
def _view_diary(request, startdate, enddate, tag=None, extra_title=None):
    # Returns public diary view, for given date range, optionally filtered by
    # an event tag.

    # Build query. The select_related() and prefetch_related on the end
    # encourages it to get the associated showing/event data, to reduce the
    # number of SQL queries
    showings = (Showing.objects.public()
                               .start_in_range(startdate, enddate)
                               .order_by('start')
                               .select_related()
                               .prefetch_related('event__media')
                               .prefetch_related('event__tags'))
    if tag:
        showings = showings.filter(event__tags__slug=tag)

    # Build a list of events for that list of showings:
    events = OrderedDict()
    for showing in showings:
        events.setdefault(showing.event, list()).append(showing)

    context = {
        'start': startdate,
        'end': enddate,
        # Make sure user input is escaped:
        'event_type': mark_for_escaping(tag) if tag else None,
        # Set page title:
        'extra_title': extra_title,
        # Set of Showing objects for date range
        'showings': showings,
        # Ordered dict mapping event -> list of showings:
        'events': events,
        # This is prepended to filepaths from the MediaPaths table to use
        # as a location for images:
        'media_url': settings.MEDIA_URL,
        'printed_programmes': PrintedProgramme.objects.month_in_range(
            startdate, enddate)
    }

    return render(request, 'view_showing_index.html', context)
Exemplo n.º 39
0
 def resolve(self, context, ignore_failures=False, string_if_invalid=''):
     if isinstance(self.var, Variable):
         try:
             obj = self.var.resolve(context)
         except VariableDoesNotExist:
             if ignore_failures:
                 obj = None
             else:
                 if string_if_invalid:
                     global invalid_var_format_string
                     if invalid_var_format_string is None:
                         invalid_var_format_string = '%s' in string_if_invalid
                     if invalid_var_format_string:
                         return string_if_invalid % self.var
                     return string_if_invalid
                 else:
                     obj = string_if_invalid
     else:
         obj = self.var
     for func, args in self.filters:
         arg_vals = []
         for lookup, arg in args:
             if not lookup:
                 arg_vals.append(mark_safe(arg))
             else:
                 arg_vals.append(arg.resolve(context))
         if getattr(func, 'expects_localtime', False):
             obj = template_localtime(obj, context.use_tz)
         if getattr(func, 'needs_autoescape', False):
             new_obj = func(obj, autoescape=context.autoescape, *arg_vals)
         else:
             new_obj = func(obj, *arg_vals)
         if getattr(func, 'is_safe', False) and isinstance(obj, SafeData):
             obj = mark_safe(new_obj)
         elif isinstance(obj, EscapeData):
             obj = mark_for_escaping(new_obj)
         else:
             obj = new_obj
     return obj
Exemplo n.º 40
0
 def resolve(self, context, ignore_failures=False):
     if isinstance(self.var, Variable):
         try:
             obj = self.var.resolve(context)
         except VariableDoesNotExist:
             if ignore_failures:
                 obj = None
             else:
                 string_if_invalid = context.engine.string_if_invalid
                 if string_if_invalid:
                     if '%s' in string_if_invalid:
                         return string_if_invalid % self.var
                     else:
                         return string_if_invalid
                 else:
                     obj = string_if_invalid
     else:
         obj = self.var
     for func, args in self.filters:
         arg_vals = []
         for lookup, arg in args:
             if not lookup:
                 arg_vals.append(mark_safe(arg))
             else:
                 arg_vals.append(arg.resolve(context))
         if getattr(func, 'expects_localtime', False):
             obj = template_localtime(obj, context.use_tz)
         if getattr(func, 'needs_autoescape', False):
             new_obj = func(obj, autoescape=context.autoescape, *arg_vals)
         else:
             new_obj = func(obj, *arg_vals)
         if getattr(func, 'is_safe', False) and isinstance(obj, SafeData):
             obj = mark_safe(new_obj)
         elif isinstance(obj, EscapeData):
             obj = mark_for_escaping(new_obj)
         else:
             obj = new_obj
     return obj
Exemplo n.º 41
0
def clean_article_links(article_id):

    portal_rule = re.compile(r'http(.+)(portalgsti\.com\.br)')

    try:
        article = Article.objects.get(id=article_id)
    except Article.DoesNotExist:
        print("ERROR: Article does not exist")
        return
    except Exception as e:
        print("ERROR: General error on get article. [{}]".format(e))
        return

    def no_follow_external_links(attrs, new=False):

        _href = attrs.get('href')

        if _href and _href[0:4] == 'http' and not portal_rule.match(_href):
            attrs['rel'] = 'nofollow'

        return attrs

    try:
        article_pre = u'<pre>{}</pre>'.format(mark_for_escaping(article.text))

        article_text = bleach.linkify(text=article_pre,
                                      callbacks=[no_follow_external_links],
                                      tokenizer=HTMLTokenizer,
                                      skip_pre=True)

        article_text = article_text.replace('<pre>', '',
                                            1).replace('</pre>', '', -1)

        if article_text != article.text:
            article.text = article_text
            article.save()
    except Exception as e:
        pass
Exemplo n.º 42
0
    def test_marked_strings(self):
        """
        Check that strings marked as safe or needing escaping do not
        confuse the back-end.
        """
        from django.utils.safestring import mark_safe, mark_for_escaping

        a = String.objects.create(s='a')
        b = String.objects.create(s=mark_safe('b'))
        c = String.objects.create(s=mark_for_escaping('c'))

        self.assertEqual(String.objects.get(s='a'), a)
        self.assertEqual(list(String.objects.filter(s__startswith='a')), [a])
        self.assertEqual(String.objects.get(s=mark_safe('a')), a)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_safe('a'))), [a])
        self.assertEqual(String.objects.get(s=mark_for_escaping('a')), a)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_for_escaping('a'))),
            [a])

        self.assertEqual(String.objects.get(s='b'), b)
        self.assertEqual(list(String.objects.filter(s__startswith='b')), [b])
        self.assertEqual(String.objects.get(s=mark_safe('b')), b)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_safe('b'))), [b])
        self.assertEqual(String.objects.get(s=mark_for_escaping('b')), b)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_for_escaping('b'))),
            [b])

        self.assertEqual(String.objects.get(s='c'), c)
        self.assertEqual(list(String.objects.filter(s__startswith='c')), [c])
        self.assertEqual(String.objects.get(s=mark_safe('c')), c)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_safe('c'))), [c])
        self.assertEqual(String.objects.get(s=mark_for_escaping('c')), c)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_for_escaping('c'))),
            [c])
Exemplo n.º 43
0
    def test_marked_strings(self):
        """
        Check that strings marked as safe or needing escaping do not
        confuse the back-end.
        """
        from django.utils.safestring import mark_safe, mark_for_escaping

        a = String.objects.create(s='a')
        b = String.objects.create(s=mark_safe('b'))
        c = String.objects.create(s=mark_for_escaping('c'))

        self.assertEqual(String.objects.get(s='a'), a)
        self.assertEqual(list(String.objects.filter(s__startswith='a')), [a])
        self.assertEqual(String.objects.get(s=mark_safe('a')), a)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_safe('a'))), [a])
        self.assertEqual(String.objects.get(s=mark_for_escaping('a')), a)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_for_escaping('a'))),
            [a])

        self.assertEqual(String.objects.get(s='b'), b)
        self.assertEqual(list(String.objects.filter(s__startswith='b')), [b])
        self.assertEqual(String.objects.get(s=mark_safe('b')), b)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_safe('b'))), [b])
        self.assertEqual(String.objects.get(s=mark_for_escaping('b')), b)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_for_escaping('b'))),
            [b])

        self.assertEqual(String.objects.get(s='c'), c)
        self.assertEqual(list(String.objects.filter(s__startswith='c')), [c])
        self.assertEqual(String.objects.get(s=mark_safe('c')), c)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_safe('c'))), [c])
        self.assertEqual(String.objects.get(s=mark_for_escaping('c')), c)
        self.assertEqual(
            list(String.objects.filter(s__startswith=mark_for_escaping('c'))),
            [c])
Exemplo n.º 44
0
def django_escape_output(value):
    # Make sure the value is converted to unicode first, because otherwise,
    # if it is already SafeData (for example, when coming from the template
    # code), then mark_for_escaping would do nothing. We want to guarantee
    # a EscapeData return value in this filter though.
    return mark_for_escaping(unicode(value))
Exemplo n.º 45
0
def json_encode(data):
    return mark_for_escaping(json.dumps(data))
Exemplo n.º 46
0
 def make_app_title(cls, app_name, doc_type):
     return mark_safe("%s%s" % (
         mark_for_escaping(app_name or '(Untitled)'),
         mark_for_escaping(' (Remote)' if doc_type == 'RemoteApp' else ''),
     ))
Exemplo n.º 47
0
def escape(value):
    """
    Marks the value as a string that should not be auto-escaped.
    """
    from django.utils.safestring import mark_for_escaping
    return mark_for_escaping(value)
Exemplo n.º 48
0
def escape_filter(value):
    """
    Marks the value as a string that should not be auto-escaped.
    """
    return mark_for_escaping(value)
Exemplo n.º 49
0
def url_getvars(context, token=None):
    return mark_for_escaping(_url_getvars(context, token))
Exemplo n.º 50
0
 def extra_(self, obj):
     import json
     from django.utils.safestring import mark_safe, mark_for_escaping
     return mark_safe(
         "<pre style='font-family: sans-serif;'>" + mark_for_escaping(
             json.dumps(obj.extra, sort_keys=True, indent=True)) + "</pre>")
Exemplo n.º 51
0
def url_getvars_without(context, token):
    return mark_for_escaping(_url_getvars(context, token, 'without'))
Exemplo n.º 52
0
def nav_active(context, name, css="active"):
    request = context.request
    if request.path == reverse(name):
        return mark_safe(' class="%s"' % (mark_for_escaping(css)))
    return ""
Exemplo n.º 53
0
 def test_mark_for_escaping(self):
     s = mark_for_escaping('a&b')
     self.assertRenderEqual('{{ s }}', 'a&amp;b', s=s)
     self.assertRenderEqual('{{ s }}', 'a&amp;b', s=mark_for_escaping(s))
Exemplo n.º 54
0
                            ctx_dict,
                            must_succeed=True)


@pytest.mark.parametrize('template_name', [
    'tests/var.html',
    'tests/var_default_html.html',
    'tests/var_default_var.html',
    'tests/var_filters.html',
    'tests/var_safe_filter.html',
])
@pytest.mark.parametrize('var', [
    'test',
    '<html>',
    mark_safe('<html>'),
    mark_for_escaping('<html>'),
])
@pytest.mark.parametrize('other', [
    'test',
    '<html>',
    mark_safe('<html>'),
    mark_for_escaping('<html>'),
])
def test_var_escaping(settings, template_name, var, other):
    assert_rendered_equally(settings,
                            template_name, {
                                'var': var,
                                'other': other
                            },
                            must_succeed=True)
Exemplo n.º 55
0
 def inner(model_admin):
     try:
         return mark_for_escaping(json.dumps(f(model_admin)))
     except:
         return []