def POST(self): dirname = xutils.get_argument("dirname") old_name = xutils.get_argument("old_name", "") new_name = xutils.get_argument("new_name", "") user_name = xauth.current_name() if dirname is None or dirname == "": return dict(code="fail", message="dirname is blank") if old_name is None or old_name == "": return dict(code="fail", message="old_name is blank") if ".." in new_name: return dict(code="fail", message="invalid new name") if new_name == "": new_name = os.path.basename(old_name) if xconfig.USE_URLENCODE: old_name = xutils.quote_unicode(old_name) new_name = xutils.quote_unicode(new_name) old_path = os.path.join(dirname, old_name) new_path = os.path.join(dirname, new_name) if not xauth.is_admin() and not check_file_auth(old_path, user_name): return dict(code="fail", message="unauthorized") if not os.path.exists(old_path): return dict(code="fail", message="源文件 `%s` 不存在" % old_name) if os.path.exists(new_path): return dict(code="fail", message="目标文件 `%s` 已存在" % new_name) os.rename(old_path, new_path) xmanager.fire( "fs.rename", Storage(user=user_name, path=new_path, new_path=new_path, old_path=old_path)) return dict(code="success")
def test_quote_unicode(self): result = xutils.quote_unicode("http://测试") self.assertEqual("http://%E6%B5%8B%E8%AF%95", result) result = xutils.quote_unicode("http://test/测试") self.assertEqual("http://test/%E6%B5%8B%E8%AF%95", result) r1 = xutils.quote_unicode("测试") r2 = xutils.quote_unicode(r1) self.assertEqual(r1, r2) # 重复encode是安全的
def GET(self): # TODO 使用文件扩展 path = xutils.get_argument("path") path = xutils.get_real_path(path) if xutils.is_img_file(path): return """<html><img style="width: 100%%;" src="/fs/%s"></html>""" % path if xutils.is_text_file(path): raise web.seeother("/code/edit?path=%s&embed=true" % xutils.quote_unicode(path)) raise web.seeother("/fs_plugins?path=%s&embed=true" % xutils.quote_unicode(path))
def POST(self): dirname = xutils.get_argument("dirname") old_name = xutils.get_argument("old_name") new_name = xutils.get_argument("new_name") if xconfig.USE_URLENCODE: old_name = xutils.quote_unicode(old_name) new_name = xutils.quote_unicode(new_name) old_path = os.path.join(dirname, old_name) new_path = os.path.join(dirname, new_name) os.rename(old_path, new_path) return dict(code="success")
def request_url(task): url = task.url if url is None: url = "" quoted_url = xutils.quote_unicode(url) if quoted_url.startswith(("http://", "https://")): # 处理外部HTTP请求 response = xutils.urlopen(quoted_url).read() xutils.log("Request %r success" % quoted_url) return response elif url.startswith("script://"): name = url[len("script://"):] return xutils.exec_script(name, False) cookie = xauth.get_user_cookie("admin") url = url + "?content=" + xutils.quote_unicode(str(task.message)) return self.app.request(url, headers=dict(COOKIE=cookie))
def POST(self): # xutils.print_web_ctx_env() chunk = xutils.get_argument("chunk", 0, type=int) chunks = xutils.get_argument("chunks", 1, type=int) file = xutils.get_argument("file", {}) dirname = xutils.get_argument("dirname", xconfig.DATA_DIR) dirname = dirname.replace("$DATA", xconfig.DATA_DIR) # print(file.__dict__) # print("%d/%d" % (chunk, chunks)) filename = None if hasattr(file, "filename"): # print(" - - %-20s = %s" % ("filename", file.filename)) xutils.log("recv {}", file.filename) filename = os.path.basename(file.filename) filename = xutils.quote_unicode(filename) # filename = xauth.get_current_name() + '_' + filename tmp_name = "%s_%d.part" % (filename, chunk) tmp_path = os.path.join(dirname, tmp_name) with open(tmp_path, "wb") as fp: for file_chunk in file.file: fp.write(file_chunk) else: return dict(code="fail", message="require file") if chunk + 1 == chunks: self.merge_files(dirname, filename, chunks) return dict(code="success")
def GET(self): op = xutils.get_argument("op") name = xutils.get_argument("name", "") error = xutils.get_argument("error", "") dirname = xconfig.SCRIPTS_DIR content = "" if op == "edit": content = xutils.readfile(os.path.join(dirname, name)) if op == "add" and name != "": basename, ext = os.path.splitext(name) if ext not in SCRIPT_EXT_LIST: name = basename + get_default_shell_ext() path = os.path.join(dirname, name) if os.path.exists(path): raise web.seeother(xutils.quote_unicode("/system/script_admin?error=%r已存在" % name)) with open(path, "wb") as fp: pass shell_list = [] if os.path.exists(dirname): for fname in os.listdir(dirname): fpath = os.path.join(dirname, fname) if os.path.isfile(fpath) and fpath.endswith(SCRIPT_EXT_LIST): shell_list.append(fname) shell_list.sort() return xtemplate.render("system/script_admin.html", op = op, name = name, content = content, shell_list = shell_list, error = error)
def GET(self): op = xutils.get_argument("op") name = xutils.get_argument("name", "") error = xutils.get_argument("error", "") dirname = xconfig.SCRIPTS_DIR content = "" if op == "edit": content = xutils.readfile(os.path.join(dirname, name)) if op == "add" and name != "": path = os.path.join(dirname, name) basename, ext = os.path.splitext(name) if ext not in SCRIPT_EXT_LIST: name = basename + get_default_shell_ext() path = os.path.join(dirname, name) if os.path.exists(path): raise web.seeother( xutils.quote_unicode("/system/script_admin?error=%r已存在" % name)) xutils.touch(path) shell_list = get_script_list() return xtemplate.render(template_file, op=op, name=name, content=content, shell_list=shell_list, error=error)
def POST(self): dirname = xutils.get_argument("dirname") old_name = xutils.get_argument("old_name", "") new_name = xutils.get_argument("new_name", "") if old_name == "": return dict(code="fail", message="old_name is blank") if new_name == "": new_name = os.path.basename(old_name) if xconfig.USE_URLENCODE: old_name = xutils.quote_unicode(old_name) new_name = xutils.quote_unicode(new_name) old_path = os.path.join(dirname, old_name) new_path = os.path.join(dirname, new_name) if os.path.exists(new_path): return dict(code="fail", message="%s 已存在" % new_path) os.rename(old_path, new_path) return dict(code="success")
def POST(self): path = xutils.get_argument("path", "") content = xutils.get_argument("content", "") if content == "" or path == "": raise web.seeother("/fs/") else: xutils.savetofile(path, content) raise web.seeother("/code/view_source?path=" + xutils.quote_unicode(path))
def POST(self): path = xutils.get_argument("path", "") content = xutils.get_argument("content", "") if content == "" or path == "": raise web.seeother("/fs/") else: content = content.replace("\r\n", "\n") xutils.savetofile(path, content) raise web.seeother("/code/edit?path=" + xutils.quote_unicode(path))
def readhttp(address): address = xutils.quote_unicode(address) req = urllib.request.Request( address, data=None, headers={ 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36' }) bytes = xutils.urlopen(req).read() return xutils.decode_bytes(bytes)
def download_res_list(reslist, dirname): dirname = os.path.join("./tmp", dirname) xutils.makedirs(dirname) for res in reslist: print("Download", res) res = xutils.quote_unicode(res) bytes = xutils.urlopen(res).read() name = get_res_name(res) path = os.path.join(dirname, name) with open(path, "wb") as fp: fp.write(bytes)
def GET(self): self.response_headers = [] # url = web.ctx.environ["REQUEST_URI"] url = xutils.get_argument("url") body = xutils.get_argument("body") method = xutils.get_argument("method") content_type = xutils.get_argument("content_type") cookie = xutils.get_argument("cookie") or "" if url is None: return xtemplate.render("tools/curl.html") if not url.startswith("http"): url = "http://" + url url = xutils.quote_unicode(url) host = get_host(url) # print(url, method, host) # print(web.ctx.environ["HTTP_USER_AGENT"]) headers = OrderedDict() headers["Connection"] = "Keep-Alive" headers["Cache-Control"] = "max-age=0" headers["Content-Type"] = content_type headers["Host"] = host headers["Cookie"] = cookie # print(cookie) putheader(headers, "User-Agent", "HTTP_USER_AGENT") putheader(headers, "Accept", "HTTP_ACCEPT") putheader(headers, "Accept-Encoding", "HTTP_ACCEPT_ENCODING") putheader(headers, "Accept-Language", "HTTP_ACCEPT_LANGUAGE") # putheader(headers, "Cookie", "HTTP_COOKIE") try: # response = b''.join(list(self.do_http(method, host, url, headers, data=body))) buf = self.do_http(method, host, url, headers, data=body) if isinstance(buf, bytes): response = xutils.decode_bytes(buf) else: response = buf # byte 0x8b in position 1 usually signals that the data stream is gzipped except Exception as e: xutils.print_exc() response = str(e) return xtemplate.render("tools/curl.html", url=url, status = self.status, method=method, body=body, response=response, cookie=cookie, response_headers = self.response_headers)
def POST(self): path = xutils.get_argument("path", "") filename = xutils.get_argument("filename", "") if path == "": return dict(code="fail", message="path is empty") if xconfig.USE_URLENCODE: filename = xutils.quote_unicode(filename) newpath = os.path.join(path, filename) try: self.create_file(newpath) return dict(code="success") except Exception as e: xutils.print_exc() return dict(code="fail", message=str(e))
def POST(self): part_file = True chunksize = 5 * 1024 * 1024 chunk = xutils.get_argument("chunk", 0, type=int) chunks = xutils.get_argument("chunks", 1, type=int) file = xutils.get_argument("file", {}) prefix = xutils.get_argument("prefix", "") dirname = xutils.get_argument("dirname", xconfig.DATA_DIR) # Fix 安全问题,不能访问上级目录 dirname = dirname.replace("$DATA", xconfig.DATA_DIR) filename = None webpath = "" origin_name = "" if hasattr(file, "filename"): origin_name = file.filename xutils.log("recv {}", file.filename) filename = os.path.basename(file.filename) filename = xutils.quote_unicode(filename) if dirname == "auto": filepath, webpath = xutils.get_upload_file_path( filename, replace_exists=True, prefix=prefix) dirname = os.path.dirname(filepath) filename = os.path.basename(filepath) if part_file: tmp_name = "%s_%d.part" % (filename, chunk) seek = 0 else: tmp_name = filename seek = chunk * chunksize tmp_path = os.path.join(dirname, tmp_name) with open(tmp_path, "wb") as fp: fp.seek(seek) if seek != 0: xutils.log("seek to {}", seek) for file_chunk in file.file: fp.write(file_chunk) else: return dict(code="fail", message="require file") if part_file and chunk + 1 == chunks: self.merge_files(dirname, filename, chunks) return dict(code="success", webpath=webpath, link=get_link(origin_name, webpath))
def _limited_glob(dirname, pattern, result, limit): # print("%60s%20s" % (dirname, pattern)) # result += glob.glob(os.path.join(dirname, pattern), recursive=False) path = os.path.join(dirname, pattern) result += glob.glob(path) # 处理urlencode的文件系统 quoted_path = xutils.quote_unicode(path) if quoted_path != path: result += glob.glob(quoted_path) for name in os.listdir(dirname): path = os.path.join(dirname, name) if os.path.isdir(path): _limited_glob(path, pattern, result, limit) if len(result) > limit: return result return result
def POST(self): op = xutils.get_argument("op") name = xutils.get_argument("name", "") dirname = xconfig.SCRIPTS_DIR path = os.path.join(dirname, name) # print(op, name) basename, ext = os.path.splitext(name) if op == "add" and name != "": if ext not in SCRIPT_EXT_LIST: name = basename + get_default_shell_ext() path = os.path.join(dirname, name) if os.path.exists(path): raise web.seeother(xutils.quote_unicode("/system/script_admin?error=%r已存在" % name)) with open(path, "wb") as fp: pass elif op == "save": content = xutils.get_argument("content") content.replace("\r", "") xutils.savetofile(path, content) raise web.seeother("/system/script_admin")
def GET(self): parent = xconfig.APP_DIR name = xutils.get_argument("name") if name == "" or name is None: raise web.seeother("/system/app_admin") # name = xutils.unquote(name) name = xutils.quote_unicode(name) basename, ext = os.path.splitext(name) if ext != ".zip": raise web.seeother("/system/app_admin?error=EXPECT_ZIP") app_dir = os.path.join(parent, basename) filepath = os.path.join(parent, name) error = "" try: # 删除旧文件 if os.path.exists(app_dir): xutils.remove(app_dir) # mode只有'r', 'w', 'a' zf = zipfile.ZipFile(filepath, "r") zf.extractall(app_dir) except Exception as e: error = str(e) raise web.seeother("/system/app_admin?error=" + error)
def POST(self): path = xutils.get_argument("path", "") filename = xutils.get_argument("filename", "") if path == "": return dict(code="fail", message="path is empty") if xconfig.USE_URLENCODE: filename = xutils.quote_unicode(filename) newpath = os.path.join(path, filename) # 有些需要补全后缀等操作 newpath = self.handle_path(newpath) if os.path.exists(newpath): if os.path.isdir(newpath): return dict(code="fail", message="文件夹[%s]已经存在" % filename) return dict(code="fail", message="文件[%s]已经存在" % filename) try: self.create_file(newpath) return dict(code="success") except Exception as e: xutils.print_exc() return dict(code="fail", message=str(e))
def test_search_mute(self): self.check_200(xutils.quote_unicode("/search?key=静音")) self.assertTrue(xconfig.MUTE_END_TIME != None)
def find_with_fnmatch(path, key): result = [] quoted_key = xutils.quote_unicode(key) if key != quoted_key: result = find_with_fnmatch0(path, quoted_key) return result + find_with_fnmatch0(path, key)
def readhttp(url): url = xutils.quote_unicode(url) return netutil.http_get(url)
def test_quote_unicode(self): result = xutils.quote_unicode("http://测试") self.assertEqual("http://%E6%B5%8B%E8%AF%95", result) result = xutils.quote_unicode("http://test/测试") self.assertEqual("http://test/%E6%B5%8B%E8%AF%95", result)
def test_quote_unicode_2(self): result = xutils.quote_unicode("http://test?name=测试") self.assertEqual("http://test?name=%E6%B5%8B%E8%AF%95", result) result = xutils.quote_unicode("http://test?name=测试&age=10") self.assertEqual("http://test?name=%E6%B5%8B%E8%AF%95&age=10", result)
def test_search_translate(self): self.check_200(xutils.quote_unicode("/search?key=翻译test"))
def request_url(url, headers, data): quoted_url = xutils.quote_unicode(url) self.stats = runctx("xmanager.request(url, method='GET',env=headers, data=data)", globals(), locals())
def find_in_cache(key, maxsize=sys.maxsize): quoted_key = xutils.quote_unicode(key) plist = find_in_cache0(key) if quoted_key != key: plist += find_in_cache0(quoted_key) return plist