def main(pif):
os.environ['PATH'] += ':/usr/local/bin'
pif.render.print_html()
pif.restrict('vma')
tform = TraverseForm().read(pif)
pif.render.set_page_extra(pif.render.increment_js)
print(pif.render.format_head())
useful.header_done()
print(pif.form.get_form())
if tform.alt:
print(
pif.render.format_link('/cgi-bin/traverse.cgi?d=' + tform.alt,
tform.alt))
print('<br>')
if tform.patt:
show_imgs(pif, tform)
elif tform.scrt:
show_script(pif, tform)
elif tform.act:
do_action(pif, tform)
elif tform.fnam:
show_file(pif, tform)
else:
print(show_dir(pif, tform))
print(pif.render.format_tail())
def start(self):
self.log_start()
self.set_user_info(self.user_id)
self.set_page_info(self.page_id)
if not self.is_web:
useful.header_done(is_web=False)
self.duplicate_form = self.form.has('token') and not self.dbh.insert_token(self.form.get_str('token'))
def simple_html(status=404):
if not useful.is_header_done():
print 'Content-Type: text/html\n\n'
print 'Status:', status, httplib.responses.get(status, '')
#print '<!--\n' + str(os.environ) + '-->'
useful.header_done()
useful.write_comment()
def call_main(page_id='cli',
form_key='',
defval='',
args='',
dbedit=None,
switches='',
options=''):
useful.header_done(False)
pif = None
try:
switch, filelist = get_command_line(switches, options)
for f in filelist:
if f.startswith('page_id='):
page_id = f[8:]
if isinstance(page_id, pifile.PageInfoFile):
pif = page_id
else:
pif = get_page_info(page_id, form_key, defval, args, dbedit)
pif.switch, pif.filelist = switch, filelist
ret = main_fn(pif)
useful.write_comment()
if ret:
print(ret)
except SystemExit:
pass
except useful.SimpleError as e:
print('***', e.value)
def handle_exception(pif,
e,
header_done=False,
write_traceback=True,
status_code='unset'):
log = pif.log if pif and pif.log else logger.Logger()
log.exc.error('{} {}'.format(os.environ.get('REMOTE_ADDR', '127.0.0.1'),
os.environ.get('REQUEST_URI', 'unknown')))
str_tb = write_traceback_file(pif, e) if write_traceback else ''
log_page_call(pif, status_code=status_code)
if not pif or not pif.render or not pif.dbh:
if not header_done:
simple_html()
if str_tb:
print('<!--\n' + str_tb + '-->')
final_exit()
pif.dbh.set_health(pif.page_id)
if not useful.is_header_done() and not header_done:
simple_html()
useful.header_done()
useful.write_comment()
while pif.render.table_count > 0:
print(pif.render.format_table_end())
if not pif.is_allowed('a'):
print('<!--\n' + str_tb + '-->')
final_exit()
def simple_html(status=404):
if not useful.is_header_done():
print 'Content-Type: text/html\n\n'
print 'Status:', status, httplib.responses.get(status, '')
#print '<!--\n' + str(os.environ) + '-->'
useful.header_done()
useful.write_comment()
def start(self):
# self.log_start()
self.set_user_info(self.user_id)
self.set_page_info(self.page_id)
if not self.is_web:
useful.header_done(is_web=False)
self.duplicate_form = self.form.has(
'token') and not self.dbh.insert_token(self.form.get_str('token'))
def __init__(self, page_id, form_key='', defval='', args='', dbedit=None):
self.render = self.dbh = None
self.secure = secure.Security()
self.htdocs = self.secure.docroot
config.IS_BETA = self.secure.is_beta
self.rawcookies = self.secure.get_cookies()
user_id = self.rawcookies.get('id', '0')
if isinstance(user_id, str):
user_id = eval(user_id)
if isinstance(user_id, (int, long)):
self.id = user_id
elif isinstance(user_id, tuple):
user_id = user_id[0]
config.USER_ID = self.user_id = user_id
self.unittest = bool(args) # args comes from unittest only!
self.argv = args.split() if args else sys.argv[1:] # argv comes from command line only!
self.form = BaseForm(cgi.FieldStorage(), self.argv)
self.page_id = self.get_page_id(page_id, form_key, defval)
self.page_name = self.page_id[self.page_id.rfind('.') + 1:]
self.time_start = datetime.datetime.now().strftime('%Y%m%d.%H%M%S')
self.request_uri = os.environ.get('REQUEST_URI', 'unknown')
self.remote_host = os.environ.get('REMOTE_HOST', 'host_unset')
self.remote_addr = os.environ.get('REMOTE_ADDR', '127.0.0.1')
self.is_web = 'REQUEST_METHOD' in os.environ # is apache!
self.set_server_env()
self.log = logger.Logger()
self.format_type = 'python'
self.render = render.Presentation(self.page_id, self.form.get_int('verbose'))
self.render.secure = self.secure
self.render.unittest = self.unittest
self.render.comment('form', self.form.get_form())
self.privs = set(self.rawcookies.get('pr', '')) & set(self.form.get_str('privs', 'vuma'))
self.secure.cookies = self.rawcookies.get('co')
if self.is_allowed(dbedit):
self.secure.set_config('edit')
os.chdir(self.secure.docroot)
self.cwd = os.getcwd()
self.render.is_beta = self.secure.is_beta
self.cgibin = '../cgi-bin'
self.dbh = dbhand.DBHandler(self.secure.config, self.user_id, self.log.dbq, self.render.verbose)
self.dbh.dbi.nowrites = self.unittest
self.log_start()
page_info = self.dbh.fetch_page(self.page_id)
if not page_info:
raise useful.SimpleError('Your request is incorrect (bad page id, %s). Please try something else.' % self.page_id)
self.render.set_page_info(page_info)
self.render.not_released = (self.render.flags & self.dbh.FLAG_PAGE_INFO_HIDDEN) != 0
self.render.hide_title = (self.render.flags & self.dbh.FLAG_PAGE_INFO_HIDE_TITLE) != 0
self.render.is_admin = self.is_allowed('a')
self.render.is_moderator = self.is_allowed('m')
self.render.is_user = self.is_allowed('u')
self.render.is_viewer = self.is_allowed('v')
if not self.is_web:
useful.header_done(is_web=False)
self.duplicate_form = self.form.has('token') and not self.dbh.insert_token(self.form.get_str('token'))
def blister(pif):
pif.render.print_html()
#global pagename
#pagename = pif.form.get_str('page', 'blister')
dblist = bfiles.SimpleFile(useful.relpath(config.SRC_DIR, pif.page_name + '.dat'))
print pif.render.format_head()
useful.header_done()
print do_tree_page(pif, dblist)
print pif.render.format_tail()
def blister(pif):
pif.render.print_html()
#global pagename
#pagename = pif.form.get_str('page', 'blister')
dblist = bfiles.SimpleFile(
useful.relpath(config.SRC_DIR, pif.page_name + '.dat'))
print pif.render.format_head()
useful.header_done()
print do_tree_page(pif, dblist)
print pif.render.format_tail()
def main(pif):
pif.render.print_html()
print pif.render.format_head()
useful.header_done()
manf = MannoFile(useful.relpath(config.SRC_DIR, 'tomica.dat'))
mans = manf.dictlist
if pif.form.has('num'):
print '<meta http-equiv="refresh" content="0;url=single.cgi?id=%s">' % pif.form.get_str('num')
return
else:
run_file(pif, manf, year=pif.form.get_str('year'))
#print pif.render.format_matrix(llineup)
print pif.render.format_tail()
def print_html(self, content='text/html', status=200): if not useful.is_header_done(): print 'Content-Type:', content if content == 'text/csv': print "Content-Description: File Transfer\nContent-Disposition: attachment; filename=%s\nExpires: 0" % self.filename print 'Status:', status, httplib.responses.get(status, '') #useful.html_done = True self.print_cookie() print if content == 'text/html': self.is_html = True print '<!DOCTYPE html>' print useful.header_done()
def main(pif):
pif.render.print_html()
print(pif.render.format_head())
useful.header_done()
manf = MannoFile(useful.relpath(config.SRC_DIR, 'tomica.dat'))
# mans = manf.dictlist
if pif.form.has('num'):
print('<meta http-equiv="refresh" content="0;url=single.cgi?id=%s">' %
pif.form.get_str('num'))
return
else:
run_file(pif, manf, year=pif.form.get_str('year'))
# print(pif.render.format_matrix(llineup))
print(pif.render.format_tail())
def handle_form(pif):
pif.render.print_html()
mod_id = pif.form.get_str('m')
if not mod_id:
mod_id = pif.form.get_str('mod_id')
if mod_id:
pif.render.title = 'Variations - ' + mod_id
elif pif.form.has('f'):
pif.render.title = 'Variations - ' + pif.form.get_str('f')
print(pif.render.format_head())
useful.header_done()
if not pif.is_allowed('a'):
return
pif.dbh.set_verbose(True)
vid = vrdata.VariationImportData()
vid.verbose = pif.render.verbose
nvars = list()
file_dir = pif.form.get_str('d', 'src/mbxf')
print(pif.form, '<br>')
if pif.form.has("recalc"): # doesn't really fit the pattern
print("recalc<br>")
for k in pif.form.keys(end='.var'):
nvars.append(k[0:-4] + "=" + pif.form.get_str(k))
elif pif.duplicate_form: # not pif.dbh.insert_token(pif.form.get_str('token')):
print('duplicate form submission detected')
else:
do_action(pif, mod_id)
print("<br><hr>")
# args = ''
if pif.form.has('settings'):
show_settings(pif, vid, pif.form.get_str('f'))
elif pif.form.has('f'):
show_file(pif, vid, file_dir, pif.form.get_str('f'), ' '.join(nvars))
else:
show_index(pif,
vid,
file_dir,
start=pif.form.get_str('s'),
num=pif.form.get_int('n', 100),
ff=int(pif.form.get_int('ff')))
print(pif.render.format_tail())
def handle_exception(pif, header_done=False, write_traceback=True):
str_tb = ''
if write_traceback:
str_tb = write_traceback_file(pif)
if not pif or not pif.render or not pif.dbh:
if not header_done:
simple_html()
if str_tb:
print '<!--\n' + str_tb + '-->'
final_exit()
pif.dbh.set_health(pif.page_id)
import useful
if not useful.is_header_done() and not header_done:
simple_html()
useful.header_done()
useful.write_comment()
while pif.render.table_count > 0:
print pif.render.format_table_end()
if not pif.is_allowed('a'):
print '<!--\n' + str_tb + '-->'
final_exit()
def handle_exception(pif, header_done=False, write_traceback=True):
str_tb = ''
if write_traceback:
str_tb = write_traceback_file(pif)
if not pif or not pif.render or not pif.dbh:
if not header_done:
simple_html()
if str_tb:
print '<!--\n' + str_tb + '-->'
final_exit()
pif.dbh.set_health(pif.page_id)
import useful
if not useful.is_header_done() and not header_done:
simple_html()
useful.header_done()
useful.write_comment()
while pif.render.table_count > 0:
print pif.render.format_table_end()
if not pif.is_allowed('a'):
print '<!--\n' + str_tb + '-->'
final_exit()
def handle_form(pif):
pif.render.print_html()
mod_id = pif.form.get_str('m')
if not mod_id:
mod_id = pif.form.get_str('mod_id')
if mod_id:
pif.render.title = 'Variations - ' + mod_id
elif pif.form.has('f'):
pif.render.title = 'Variations - ' + pif.form.get_str('f')
print pif.render.format_head()
useful.header_done()
if not pif.is_allowed('a'):
return
pif.dbh.set_verbose(True)
vid = vrdata.VariationImportData()
vid.verbose = pif.render.verbose
nvars = list()
file_dir = pif.form.get_str('d', 'src/mbxf')
print pif.form, '<br>'
if pif.form.has("recalc"): # doesn't really fit the pattern
print "recalc<br>"
for k in pif.form.keys(end='.var'):
nvars.append(k[0:-4] + "=" + pif.form.get_str(k))
elif pif.duplicate_form: #not pif.dbh.insert_token(pif.form.get_str('token')):
print 'duplicate form submission detected'
else:
do_action(pif, mod_id)
print "<br><hr>"
args = ''
if pif.form.has('settings'):
show_settings(pif, vid, pif.form.get_str('f'))
elif pif.form.has('f'):
show_file(pif, vid, file_dir, pif.form.get_str('f'), ' '.join(nvars))
else:
show_index(pif, vid, file_dir, start=pif.form.get_str('s'), num=pif.form.get_int('n', 100), ff=int(pif.form.get_int('ff')))
print pif.render.format_tail()
def main(pif):
os.environ['PATH'] += ':/usr/local/bin'
pif.render.print_html()
pif.restrict('vma')
tform = TraverseForm().read(pif)
pif.render.set_page_extra(pif.render.increment_js)
print pif.render.format_head()
useful.header_done()
print pif.form.get_form()
if tform.alt:
print pif.render.format_link('/cgi-bin/traverse.cgi?d=' + tform.alt, tform.alt)
print '<br>'
if tform.patt:
show_imgs(pif, tform)
elif tform.scrt:
show_script(pif, tform)
elif tform.act:
do_action(pif, tform)
elif tform.fnam:
show_file(pif, tform)
else:
print show_dir(pif, tform)
print pif.render.format_tail()
def format_template(self, template, **kwargs):
if self.tail.get('flags'):
self.flag_list = list(self.shown_flags)
self.flag_list.sort(key=lambda x: self.flag_info[x][0])
titleimage = self.find_image_path(self.page_id.split('.'))
if titleimage:
titleimage = '/' + titleimage
page_info = {
'messages': useful.header_done(silent=True),
'hierarchy': self.hierarchy,
'is_beta': self.is_beta,
'styles': self.styles,
'title': self.title,
'hide_title': self.hide_title,
'is_admin': self.is_admin,
'is_moderator': self.is_moderator,
'is_user': self.is_user,
'titleimage': titleimage,
'tail': self.tail,
'page_id': self.page_id,
'description': self.description,
'note': self.note,
'pic_dir': self.pic_dir,
'large': self.large,
'verbose': self.verbose,
'not_released': self.not_released,
'flags': self.flags,
'flag_info': self.flag_info,
'shown_flags': self.shown_flags,
'secure': self.secure,
'extra': self.extra,
'comment_button': self.comment_button,
'footer': self.footer,
'bamcamark': self.bamcamark,
'token': self.format_form_token(useful.generate_token(6)),
}
output = useful.render_template(template, page=page_info, config_context=config, **kwargs)
if self.unittest:
return "[redacted]"
return output
def call_main(page_id, form_key='', defval='', args='', dbedit=None):
#useful.write_comment('PID', os.getpid())
pif = None
try:
import pifile
if isinstance(page_id, pifile.PageInfoFile):
pif = page_id
else:
pif = get_page_info(page_id, form_key, defval, args, dbedit)
if '/etc/passwd' in os.environ.get(
'QUERY_STRING', '') or '%2fetc%2fpasswd' in os.environ.get(
'QUERY_STRING', '').lower():
raise useful.Redirect('http://www.nsa.gov/')
except SystemExit:
pass
except useful.SimpleError as e:
simple_html(status=e.status)
print useful.render_template('error.html',
error=[e.value],
page={'tail': ''})
if pif:
pif.log.debug.error('SimpleError: ' + str(e) + ' - ' +
'''%s''' %
os.environ.get('REQUEST_URI', ''))
handle_exception(pif, True, False)
return
except MySQLdb.OperationalError:
simple_html()
print 'The database is currently down, and thus, this page is unable to be shown.<p>'
str_tb = write_traceback_file(pif)
handle_exception(pif, True)
return
except useful.Redirect as e:
if not useful.is_header_done():
pif.render.print_html()
print pif.render.format_template('forward.html',
url=e.value,
delay=e.delay)
return
except:
handle_exception(pif)
return
try:
ret = main_fn(pif)
if not useful.is_header_done():
pif.render.print_html()
useful.write_comment()
if ret and not pif.unittest:
print ret
except SystemExit:
pass
except useful.SimpleError as e:
if not useful.is_header_done():
pif.render.print_html(status=e.status)
print pif.render.format_template('error.html', error=[e.value])
except useful.Redirect as e:
if not useful.is_header_done():
pif.render.print_html()
print pif.render.format_template('forward.html',
url=e.value,
delay=e.delay)
except useful.DelayedRedirect as e:
if not useful.is_header_done():
pif.render.print_html()
print pif.render.format_template('forward.html',
url=e.value,
delay=e.delay)
except MySQLdb.OperationalError:
if not useful.is_header_done():
pif.render.print_html()
print 'The database is currently done, and thus, this page is unable to be shown.<p>'
str_tb = write_traceback_file(pif)
except:
handle_exception(pif)
raise
useful.header_done(True)
useful.write_comment()
def call_main(page_id, form_key='', defval='', args='', dbedit=None):
#useful.write_comment('PID', os.getpid())
pif = None
try:
import pifile
if isinstance(page_id, pifile.PageInfoFile):
pif = page_id
else:
pif = get_page_info(page_id, form_key, defval, args, dbedit)
pif.start()
if '/etc/passwd' in os.environ.get('QUERY_STRING', '') or '%2fetc%2fpasswd' in os.environ.get('QUERY_STRING', '').lower():
raise useful.Redirect('https://www.nsa.gov/')
except SystemExit:
pass
except useful.SimpleError as e:
simple_html(status=e.status)
print useful.render_template('error.html', error=[e.value], page={'tail':''})
if pif:
pif.log.debug.error('SimpleError: ' + str(e) + ' - ' + '''%s''' % os.environ.get('REQUEST_URI', ''))
handle_exception(pif, True, False)
return
except MySQLdb.OperationalError:
simple_html()
print 'The database is currently down, and thus, this page is unable to be shown.<p>'
str_tb = write_traceback_file(pif)
handle_exception(pif, True)
return
except useful.Redirect as e:
if not useful.is_header_done():
pif.render.print_html()
print pif.render.format_template('forward.html', url=e.value, delay=e.delay)
return
except:
handle_exception(pif)
return
try:
ret = main_fn(pif)
if not useful.is_header_done():
pif.render.print_html()
if pif.render.is_html:
useful.write_comment("Page:", pif.page_id, 'Time:', time.time() - pif.start_seconds)
if ret and not pif.unittest:
print ret
except SystemExit:
pass
except useful.SimpleError as e:
if not useful.is_header_done():
pif.render.print_html(status=e.status)
print pif.render.format_template('error.html', error=[e.value])
except useful.Redirect as e:
if not useful.is_header_done():
pif.render.print_html()
print pif.render.format_template('forward.html', url=e.value, delay=e.delay)
except MySQLdb.OperationalError:
if not useful.is_header_done():
pif.render.print_html()
print 'The database is currently done, and thus, this page is unable to be shown.<p>'
str_tb = write_traceback_file(pif)
except:
handle_exception(pif)
raise
useful.header_done(True)
useful.write_comment()
def call_main(page_id, form_key='', defval='', args='', dbedit=None):
# useful.write_comment('PID', os.getpid(), 'GURU', config.GURU_ID)
status_code = 'unset'
pif = None
try:
pif = (page_id if isinstance(page_id, pifile.PageInfoFile) else
get_page_info(page_id, form_key, defval, args, dbedit))
except SystemExit:
pass
except pymysql.OperationalError as e:
status_code = 'db'
simple_html()
print(
'The database is currently down, and thus, this page is unable to be shown.<p>'
)
write_traceback_file(pif, e)
handle_exception(pif, e, True, status_code=status_code)
return
except Exception as e:
status_code = 'exc'
simple_html()
handle_exception(pif, e, status_code=status_code)
return
pif.start()
try:
if ('/etc/passwd' in os.environ.get('QUERY_STRING', '')
or '%2fetc%2fpasswd' in os.environ.get('QUERY_STRING',
'').lower()):
raise useful.Redirect('https://www.nsa.gov/')
ret = main_fn(pif)
if not useful.is_header_done():
pif.render.print_html()
if pif.render.is_html:
useful.write_comment("Page:", pif.page_id, 'Time:',
time.time() - pif.start_seconds)
if ret and not pif.unittest:
print(ret)
except SystemExit:
pass # the happiest exception on earth
status_code = 'exit'
except useful.SimpleError as e:
if not useful.is_header_done():
status_code = e.status
pif.render.print_html(status=e.status)
print(pif.render.format_template('error.html', error=[e.value]))
except useful.Redirect as e:
if not useful.is_header_done():
status_code = 302
pif.render.print_html(status=302)
print(
pif.render.format_template('forward.html',
url=e.value,
delay=e.delay))
except pymysql.OperationalError as e:
if not useful.is_header_done():
status_code = 500
pif.render.print_html(status=500)
print(
'The database is currently down, and thus, this page is unable to be shown.<p>'
)
write_traceback_file(pif, e)
except Exception as e:
status_code = 'exc'
handle_exception(pif, e, status_code=status_code)
raise
useful.header_done(True)
useful.write_comment()
log_page_call(pif, status_code=status_code)