Пример #1
0
def ajax(request):
    """Query for a user matching a given email."""

    if 'q' not in request.GET:
        raise http.Http404()

    data = {'status': 0, 'message': ''}

    email = request.GET.get('q', '').strip()
    dev_only = request.GET.get('dev', '1')
    try:
        dev_only = int(dev_only)
    except ValueError:
        dev_only = 1

    if not email:
        data.update(message=_('An email address is required.'))
        return data

    user = UserProfile.objects.filter(email=email)
    if dev_only:
        user = user.exclude(read_dev_agreement=None)

    msg = _('A user with that email address does not exist.')
    msg_dev = _('A user with that email address does not exist, or the user '
                'has not yet accepted the developer agreement.')

    if user:
        data.update(status=1, id=user[0].id, name=user[0].name)
    else:
        data['message'] = msg_dev if dev_only else msg

    return escape_all(data)
Пример #2
0
def ajax(request):
    """Query for a user matching a given email."""

    if "q" not in request.GET:
        raise http.Http404()

    data = {"status": 0, "message": ""}

    email = request.GET.get("q", "").strip()
    dev_only = request.GET.get("dev", "1")
    try:
        dev_only = int(dev_only)
    except ValueError:
        dev_only = 1

    if not email:
        data.update(message=_("An email address is required."))
        return data

    user = UserProfile.objects.filter(email=email)
    if dev_only:
        user = user.exclude(read_dev_agreement=None)

    msg = _("A user with that email address does not exist.")
    msg_dev = _(
        "A user with that email address does not exist, or the user " "has not yet accepted the developer agreement."
    )

    if user:
        data.update(status=1, id=user[0].id, name=user[0].name)
    else:
        data["message"] = msg_dev if dev_only else msg

    return escape_all(data)
Пример #3
0
def make_validation_result(data):
    """Safe wrapper around JSON dict containing a validation result."""
    if not settings.EXPOSE_VALIDATOR_TRACEBACKS:
        if data['error']:
            data['error'] = _('An error occurred validating the manifest.')
    if data['validation']:
        for msg in data['validation']['messages']:
            for k, v in msg.items():
                msg[k] = escape_all(v, linkify=k in ('message', 'description'))
    return data
Пример #4
0
def make_validation_result(data):
    """Safe wrapper around JSON dict containing a validation result."""
    if not settings.EXPOSE_VALIDATOR_TRACEBACKS:
        if data["error"]:
            data["error"] = _("An error occurred validating the manifest.")
    if data["validation"]:
        for msg in data["validation"]["messages"]:
            for k, v in msg.items():
                msg[k] = escape_all(v, linkify=k in ("message", "description"))
    return data
Пример #5
0
def make_validation_result(data):
    """Safe wrapper around JSON dict containing a validation result."""
    if not settings.EXPOSE_VALIDATOR_TRACEBACKS:
        if data['error']:
            data['error'] = _('An error occurred validating the manifest.')
    if data['validation']:
        for msg in data['validation']['messages']:
            for k, v in msg.items():
                msg[k] = escape_all(v, linkify=k in ('message', 'description'))
    return data
Пример #6
0
def make_validation_result(data):
    """Safe wrapper around JSON dict containing a validation result."""
    if not settings.EXPOSE_VALIDATOR_TRACEBACKS:
        if data['error']:
            # Just expose the message, not the traceback.
            data['error'] = data['error'].strip().split('\n')[-1].strip()
    if data['validation']:
        for msg in data['validation']['messages']:
            for k, v in msg.items():
                msg[k] = escape_all(v, linkify=k in ('message', 'description'))
    return data
Пример #7
0
    def test_nested(self):
        value = '<script>alert("BALL SO HARD")</script>'
        expected = '&lt;script&gt;alert("BALL SO HARD")&lt;/script&gt;'

        test = {"string": value, "dict": {"x": value}, "list": [value], "bool": True}
        res = escape_all(test)

        eq_(res["string"], expected)
        eq_(res["dict"], {"x": expected})
        eq_(res["list"], [expected])
        eq_(res["bool"], True)
Пример #8
0
    def test_without_linkify(self):
        value = "<button>http://firefox.com</button>"
        expected = "&lt;button&gt;http://firefox.com&lt;/button&gt;"

        test = {"string": value, "dict": {"x": value}, "list": [value], "bool": True}
        res = escape_all(test, linkify=False)

        eq_(res["string"], expected)
        eq_(res["dict"], {"x": expected})
        eq_(res["list"], [expected])
        eq_(res["bool"], True)
Пример #9
0
    def test_without_linkify(self):
        value = '<button>http://firefox.com</button>'
        expected = '&lt;button&gt;http://firefox.com&lt;/button&gt;'

        test = {
            'string': value,
            'dict': {'x': value},
            'list': [value],
            'bool': True,
        }
        res = escape_all(test, linkify=False)

        eq_(res['string'], expected)
        eq_(res['dict'], {'x': expected})
        eq_(res['list'], [expected])
        eq_(res['bool'], True)
Пример #10
0
    def test_nested(self):
        value = '<script>alert("BALL SO HARD")</script>'
        expected = '&lt;script&gt;alert("BALL SO HARD")&lt;/script&gt;'

        test = {
            'string': value,
            'dict': {'x': value},
            'list': [value],
            'bool': True,
        }
        res = escape_all(test)

        eq_(res['string'], expected)
        eq_(res['dict'], {'x': expected})
        eq_(res['list'], [expected])
        eq_(res['bool'], True)
Пример #11
0
def app_view_manifest(request, addon):
    headers = {}
    manifest = {}
    success = False

    if addon.is_packaged:
        manifest = _get_manifest_json(addon)
        content = json.dumps(manifest, indent=4)
        success = True

    else:  # Show the hosted manifest_url.
        content, headers = u'', {}
        if addon.manifest_url:
            try:
                req = requests.get(
                    addon.manifest_url,
                    verify=False,
                    headers={'User-Agent': settings.MARKETPLACE_USER_AGENT})
                content, headers = req.content, req.headers
                success = True
            except Exception:
                content = u''.join(traceback.format_exception(*sys.exc_info()))
            else:
                success = True

            try:
                # Reindent the JSON.
                manifest = json.loads(content)
                content = json.dumps(manifest, indent=4)
            except:
                # If it's not valid JSON, just return the content as is.
                pass

    return {
        'content':
        jinja2.escape(smart_decode(content)),
        'headers':
        dict((jinja2.escape(k), jinja2.escape(v)) for k, v in headers.items()),
        'success':
        success,
        # Note: We're using `escape_all` on the values here since we know the
        # keys of the nested dict don't come from user input (manifest) and are
        # known safe.
        'permissions':
        dict((jinja2.escape(k), escape_all(v))
             for k, v in _get_permissions(manifest).items())
    }
Пример #12
0
    def test_basics(self):
        x = "-".join([u, u])
        y = " - ".join([u, u])

        tests = [
            ('<script>alert("BALL SO HARD")</script>', '&lt;script&gt;alert("BALL SO HARD")&lt;/script&gt;'),
            (u"Bän...g (bang)", u"Bän...g (bang)"),
            (u, u),
            (x, x),
            (y, y),
            (u"x荿", u"x\u837f"),
            (u"ϧ΃蒬蓣", u"\u03e7\u0383\u84ac\u84e3"),
            (u"¿x", u"¿x"),
        ]

        for val, expected in tests:
            eq_(escape_all(val), expected)
Пример #13
0
    def test_without_linkify(self):
        value = '<button>http://firefox.com</button>'
        expected = '&lt;button&gt;http://firefox.com&lt;/button&gt;'

        test = {
            'string': value,
            'dict': {
                'x': value
            },
            'list': [value],
            'bool': True,
        }
        res = escape_all(test, linkify=False)

        eq_(res['string'], expected)
        eq_(res['dict'], {'x': expected})
        eq_(res['list'], [expected])
        eq_(res['bool'], True)
Пример #14
0
    def test_nested(self):
        value = '<script>alert("BALL SO HARD")</script>'
        expected = '&lt;script&gt;alert("BALL SO HARD")&lt;/script&gt;'

        test = {
            'string': value,
            'dict': {
                'x': value
            },
            'list': [value],
            'bool': True,
        }
        res = escape_all(test)

        eq_(res['string'], expected)
        eq_(res['dict'], {'x': expected})
        eq_(res['list'], [expected])
        eq_(res['bool'], True)
Пример #15
0
    def test_basics(self):
        x = '-'.join([u, u])
        y = ' - '.join([u, u])

        tests = [
            ('<script>alert("BALL SO HARD")</script>',
             '&lt;script&gt;alert("BALL SO HARD")&lt;/script&gt;'),
            (u'Bän...g (bang)', u'Bän...g (bang)'),
            (u, u),
            (x, x),
            (y, y),
            (u'x荿', u'x\u837f'),
            (u'ϧ΃蒬蓣', u'\u03e7\u0383\u84ac\u84e3'),
            (u'¿x', u'¿x'),
        ]

        for val, expected in tests:
            eq_(escape_all(val), expected)
Пример #16
0
    def test_basics(self):
        x = '-'.join([u, u])
        y = ' - '.join([u, u])

        tests = [
            ('<script>alert("BALL SO HARD")</script>',
             '&lt;script&gt;alert("BALL SO HARD")&lt;/script&gt;'),
            (u'Bän...g (bang)', u'Bän...g (bang)'),
            (u, u),
            (x, x),
            (y, y),
            (u'x荿', u'x\u837f'),
            (u'ϧ΃蒬蓣', u'\u03e7\u0383\u84ac\u84e3'),
            (u'¿x', u'¿x'),
        ]

        for val, expected in tests:
            eq_(escape_all(val), expected)
Пример #17
0
def app_view_manifest(request, addon):
    headers = {}
    manifest = {}
    success = False

    if addon.is_packaged:
        manifest = _get_manifest_json(addon)
        content = json.dumps(manifest, indent=4)
        success = True

    else:  # Show the hosted manifest_url.
        content, headers = u'', {}
        if addon.manifest_url:
            try:
                req = requests.get(
                    addon.manifest_url, verify=False,
                    headers={'User-Agent': settings.MARKETPLACE_USER_AGENT})
                content, headers = req.content, req.headers
                success = True
            except Exception:
                content = u''.join(traceback.format_exception(*sys.exc_info()))
            else:
                success = True

            try:
                # Reindent the JSON.
                manifest = json.loads(content)
                content = json.dumps(manifest, indent=4)
            except:
                # If it's not valid JSON, just return the content as is.
                pass

    return {
        'content': jinja2.escape(smart_decode(content)),
        'headers': dict((jinja2.escape(k), jinja2.escape(v))
                        for k, v in headers.items()),
        'success': success,
        # Note: We're using `escape_all` on the values here since we know the
        # keys of the nested dict don't come from user input (manifest) and are
        # known safe.
        'permissions': dict((jinja2.escape(k), escape_all(v))
                            for k, v in _get_permissions(manifest).items())
    }