示例#1
0
def execute(pagename, request):
    _ = request.getText
    actname = __name__.split('.')[-1]
    page = PageEditor(pagename, request)
    msg = ''
    oldtext = page.get_raw_body()
    everything_is_okay = 0
    # kinda lame spam protection, but it should work
    pghash = hash(pagename.lower())

    # be extra paranoid
    if (actname in config.excluded_actions or not
        request.user.may.edit(page) or
        # bot checks
        request.form.has_key('button_dont1_%s' % pghash) or
        request.form.has_key('button_dont2_%s' % pghash) or
        request.form.has_key('button_dont3_%s' % pghash) or
        request.form.has_key('button_dont4_%s' % pghash) or
        request.form.has_key('comment_dont_%s' % pghash) or
        not request.isPOST()
        ):
            msg = _('You are not allowed to edit this page. '
                    '(An account is needed in most cases)')
    
    # check whether page exists at all
    elif not page.exists():
        msg = _('This page does not exist.')

    # check whether the user clicked the delete button
    elif request.form.has_key('button_do_%s' % pghash) and \
        request.form.has_key('comment_text_%s' % pghash):
        # check whether this is a valid renaming request (make outside
        # attacks harder by requiring two full HTTP transactions)
        comment_text = request.form.get('comment_text_%s' % pghash)[0]
        if request.user.anonymous:
            userId = request.user.ip
        else:
            if config.user_page_prefix:
                userId = '["%s%s"]' % (config.user_page_prefix,
                                       request.user.propercased_name)
            else:
                userId = '["%s"]' % request.user.propercased_name

        now = time.time()
        now_formatted = request.user.getFormattedDateTime(
            now, global_time=True)
        formatted_comment_text = comment_text + " --" + userId
        newtext = (oldtext + "------" + "\n" + "''" +
                   ''.join(now_formatted) + "'' [[nbsp]] " +
                   formatted_comment_text)
        page.saveText(newtext, '0',
                      comment="Comment added.", action="COMMENT_MACRO")
        msg = _('Your comment has been added.')
        
    return page.send_page(msg)
示例#2
0
def execute(pagename, request):
    _ = request.getText
    actname = __name__.split('.')[-1]
    page = PageEditor(pagename, request)
    msg = ''
    oldtext = page.get_raw_body()
    everything_is_okay = 0
    # kinda lame spam protection, but it should work
    pghash = hash(pagename.lower())

    # be extra paranoid
    if (actname in config.excluded_actions or not request.user.may.edit(page)
            or
            # bot checks
            request.form.has_key('button_dont1_%s' % pghash)
            or request.form.has_key('button_dont2_%s' % pghash)
            or request.form.has_key('button_dont3_%s' % pghash)
            or request.form.has_key('button_dont4_%s' % pghash)
            or request.form.has_key('comment_dont_%s' % pghash)
            or not request.isPOST()):
        msg = _('You are not allowed to edit this page. '
                '(An account is needed in most cases)')

    # check whether page exists at all
    elif not page.exists():
        msg = _('This page does not exist.')

    # check whether the user clicked the delete button
    elif request.form.has_key('button_do_%s' % pghash) and \
        request.form.has_key('comment_text_%s' % pghash):
        # check whether this is a valid renaming request (make outside
        # attacks harder by requiring two full HTTP transactions)
        comment_text = request.form.get('comment_text_%s' % pghash)[0]
        if request.user.anonymous:
            userId = request.user.ip
        else:
            if config.user_page_prefix:
                userId = '["%s%s"]' % (config.user_page_prefix,
                                       request.user.propercased_name)
            else:
                userId = '["%s"]' % request.user.propercased_name

        now = time.time()
        now_formatted = request.user.getFormattedDateTime(now,
                                                          global_time=True)
        formatted_comment_text = comment_text + " --" + userId
        newtext = (oldtext + "------" + "\n" + "''" + ''.join(now_formatted) +
                   "'' [[nbsp]] " + formatted_comment_text)
        page.saveText(newtext,
                      '0',
                      comment="Comment added.",
                      action="COMMENT_MACRO")
        msg = _('Your comment has been added.')

    return page.send_page(msg)
示例#3
0
def execute(pagename, request):
    _ = request.getText
    actname = __name__.split('.')[-1]
    page = PageEditor(pagename, request)
    msg = ''
    oldtext = page.get_raw_body().lower()

    events_page = Page("Events Board", request) 

    # Do we want an RSS feed?
    if (request.form.has_key('rss') and request.form.get("rss")[0] == '1' and
        request.user.may.read(events_page)):
        request.http_headers(more_headers=[('Content-type', 'application/rss+xml')]) # added content-type header so the right mimetype goes out 2008/05/12 rtucker
        request.write(doRSS(request))
        raise util.SycamoreNoFooter
        return

    # be extra paranoid
    elif (actname in config.excluded_actions or
          not request.user.valid or not request.user.may.edit(events_page) or
          not request.user.may.edit(page)):
        msg = _('You are not allowed to edit this page. '
                '(You need an account in most cases)')
    # check to make sure the events macro is in the page
    elif string.find(oldtext,"[[events]]") == -1:
        msg = _('Not allowed to add an event')

    # check whether page exists at all
    elif not page.exists():
        msg = _('This page does not exist.')

    # check whether the user filled out the form
    elif request.form.has_key('uid') and request.form.has_key('del'):
        if (request.form.get('del')[0] == "1" and
            request.user.may.admin(Page("Events Board", request))):
            # let's try and delete the event!
            uid = request.form.get('uid')[0]
            request.cursor.execute(
                "SELECT event_name from events where uid=%(uid)s", {'uid':uid})
            name = request.cursor.fetchone()[0]
            request.cursor.execute(
                "DELETE from events where uid=%(uid)s", {'uid':uid},
                isWrite=True)
            msg = 'Event "%s" <b>deleted</b>!' % name

        elif request.form.get('del')[0] == "1":
            uid = request.form.get('uid')[0]
            request.cursor.execute(
                "SELECT event_name from events where uid=%(uid)s", {'uid':uid})
            name = request.cursor.fetchone()[0]
            request.cursor.execute(
                """DELETE from events where uid=%(uid)s and
                             posted_by=%(username)s""",
                {'uid':uid, 'username':request.user.propercased_name},
                isWrite=True)
            msg = 'Event "%s" <b>deleted</b>!' % name
    
        if config.memcache:
            request.mc.set("today_events", None)
            caching.updateRecentChanges(Page("Events Board", request))

    elif (request.form.has_key('button') and 
          request.form.has_key('event_text') and
          request.form.has_key('event_name') and
          request.form.has_key('event_location') and
          request.form.has_key('month') and
          request.form.has_key('day') and
          request.form.has_key('hour') and
          request.form.has_key('minute') and
          request.form.has_key('ticket')):
        # check whether this is a valid renaming request (make outside
        # attacks harder by requiring two full HTTP transactions)
        if not _checkTicket(request.form['ticket'][0]):
            msg = _('Please use the web interface to change the page!')
        else:
            event_text = request.form.get('event_text')[0]
            event_name = request.form.get('event_name')[0]
            event_location = request.form.get('event_location')[0]
            month = int(request.form.get('month')[0])
            day = int(request.form.get('day')[0])
            hour = int(request.form.get('hour')[0])
            minute = int(request.form.get('minute')[0])
            year = int(request.form.get('year')[0])
            posted_by = request.user.propercased_name
            now = request.user.getFormattedDateTime(time.time(),
                                                    global_time=True)
    
            # WE NEED TO VALIDATE THE TEXT AND THE OTHER FIELDS
            if (isValid(event_text, event_name, event_location, month, day,
                       hour, minute, year) and not
               hasPassed(month, day, hour,minute, year, request)):
                event_time_unix = wikiutil.timeInTzToUTC(
                    request.config.tz,
                    (year, month, day, hour, minute, 0, 0))
                writeEvent(request, event_text, event_name,
                           event_location, event_time_unix, posted_by)
                msg = _('Your event has been added!')
            elif hasPassed(month,day,hour,minute,year,request):
                msg = _('Event time is in the past!  '
                        'Please choose a time in the future.')
            else:
                msg = _('Event <b>NOT</b> posted. '
                        'You entered some invalid text into the form.  '
                        'No HTML is allowed.')
   
    else:
        msg = _('Please fill out all fields of the form.')
        
    return page.send_page(msg)
示例#4
0
def execute(pagename, request):
    _ = request.getText
    actname = __name__.split('.')[-1]
    page = PageEditor(pagename, request)
    msg = ''
    oldtext = page.get_raw_body().lower()

    events_page = Page("Events Board", request) 

    # Do we want an RSS feed?
    if (request.form.has_key('rss') and request.form.get("rss")[0] == '1' and
        request.user.may.read(events_page)):
        request.http_headers()
        request.write(doRSS(request))
        raise util.SycamoreNoFooter
        return

    # be extra paranoid
    elif (actname in config.excluded_actions or
          not request.user.valid or not request.user.may.edit(events_page) or
          not request.user.may.edit(page)):
        msg = _('You are not allowed to edit this page. '
                '(You need an account in most cases)')
    # check to make sure the events macro is in the page
    elif string.find(oldtext,"[[events]]") == -1:
        msg = _('Not allowed to add an event')

    # check whether page exists at all
    elif not page.exists():
        msg = _('This page does not exist.')

    # check whether the user filled out the form
    elif request.form.has_key('uid') and request.form.has_key('del'):
        if (request.form.get('del')[0] == "1" and
            request.user.may.admin(Page("Events Board", request))):
            # let's try and delete the event!
            uid = request.form.get('uid')[0]
            request.cursor.execute(
                "SELECT event_name from events where uid=%(uid)s", {'uid':uid})
            name = request.cursor.fetchone()[0]
            request.cursor.execute(
                "DELETE from events where uid=%(uid)s", {'uid':uid},
                isWrite=True)
            msg = 'Event "%s" <b>deleted</b>!' % name

        elif request.form.get('del')[0] == "1":
            uid = request.form.get('uid')[0]
            request.cursor.execute(
                "SELECT event_name from events where uid=%(uid)s", {'uid':uid})
            name = request.cursor.fetchone()[0]
            request.cursor.execute(
                """DELETE from events where uid=%(uid)s and
                             posted_by=%(username)s""",
                {'uid':uid, 'username':request.user.propercased_name},
                isWrite=True)
            msg = 'Event "%s" <b>deleted</b>!' % name
    
        if config.memcache:
            request.mc.set("today_events", None)
            caching.updateRecentChanges(Page("Events Board", request))

    elif (request.form.has_key('button') and 
          request.form.has_key('event_text') and
          request.form.has_key('event_name') and
          request.form.has_key('event_location') and
          request.form.has_key('month') and
          request.form.has_key('day') and
          request.form.has_key('hour') and
          request.form.has_key('minute') and
          request.form.has_key('ticket')):
        # check whether this is a valid renaming request (make outside
        # attacks harder by requiring two full HTTP transactions)
        if not _checkTicket(request.form['ticket'][0]):
            msg = _('Please use the web interface to change the page!')
        else:
            event_text = request.form.get('event_text')[0]
            event_name = request.form.get('event_name')[0]
            event_location = request.form.get('event_location')[0]
            month = int(request.form.get('month')[0])
            day = int(request.form.get('day')[0])
            hour = int(request.form.get('hour')[0])
            minute = int(request.form.get('minute')[0])
            year = int(request.form.get('year')[0])
            posted_by = request.user.propercased_name
            now = request.user.getFormattedDateTime(time.time(),
                                                    global_time=True)
    
            # WE NEED TO VALIDATE THE TEXT AND THE OTHER FIELDS
            if (isValid(event_text, event_name, event_location, month, day,
                       hour, minute, year) and not
               hasPassed(month, day, hour,minute, year, request)):
                event_time_unix = wikiutil.timeInTzToUTC(
                    request.config.tz,
                    (year, month, day, hour, minute, 0, 0))
                writeEvent(request, event_text, event_name,
                           event_location, event_time_unix, posted_by)
                msg = _('Your event has been added!')
            elif hasPassed(month,day,hour,minute,year,request):
                msg = _('Event time is in the past!  '
                        'Please choose a time in the future.')
            else:
                msg = _('Event <b>NOT</b> posted. '
                        'You entered some invalid text into the form.  '
                        'No HTML is allowed.')
   
    else:
        msg = _('Please fill out all fields of the form.')
        
    return page.send_page(msg)
示例#5
0
def execute(pagename, request):
    _ = request.getText
    actname = __name__.split('.')[-1]
    page = PageEditor(pagename, request)
    permanent = False
    showrc = True

    msg = ''

    # be extra paranoid in dangerous actions
    if actname in config.excluded_actions \
            or not request.user.may.edit(page) \
            or not request.user.may.delete(page):
        return page.send_page(
            msg = _('You are not allowed to delete this page.'))


    # check whether page exists at all
    if not page.exists():
        return page.send_page(
            msg = _('This page is already deleted or was never created!'))

    # check whether the user clicked the delete button
    if request.form.has_key('button') and request.form.has_key('ticket'):
        # check whether this is a valid deletion request (make outside
        # attacks harder by requiring two full HTTP transactions)
        if not _checkTicket(request.form['ticket'][0]):
            return page.send_page(
                msg = _('Please use the interactive user interface '
                        'to delete pages!'))

        # Delete the page
        comment = request.form.get('comment', [''])[0]
        if len(comment) > wikiaction.MAX_COMMENT_LENGTH:
            msg = ("Comments must be less than %s characters long." %
                   wikiaction.MAX_COMMENT_LENGTH)
            return page.send_page(msg)

        if (request.form.has_key('permanent') and
            request.form['permanent'][0] and request.user.may.admin(page)):
            permanent = True
            if request.form.has_key('noshowrc') and request.form['noshowrc'][0]:
                showrc = False 

        msg = page.deletePage(comment, permanent=permanent, showrc=showrc)

        return page.send_page(
                msg = _('Page "%s" was successfully deleted!') % (pagename,))

    # send deletion form
    url = page.url()
    ticket = _createTicket()
    button = _('Delete')
    comment_label = _("Reason for deletion:")

    if request.user.may.admin(page):
        admin_label = (
            """<p>Permanently remove old versions: <input type="checkbox" """
            """id="noshowrctoggle" name="permanent" value="1">\n"""
            """<span id="noshowrc">Don't log on Recent Changes: """
            '<input type="checkbox" name="noshowrc" value="1"></span></p>\n'
            '<script type="text/javascript">\n'
            "document.getElementById('noshowrc').style.visibility = 'hidden';"
            "document.getElementById('noshowrc').style.paddingLeft = '1em';"
            "document.getElementById('noshowrctoggle').onclick = "
               "function () {"
                 "document.getElementById('noshowrc').style.visibility = "
                     "document.getElementById('noshowrctoggle').checked ? "
                         "'visible' : 'hidden';"
               "}"
            "</script>")
    else:
        admin_label = ''
    formhtml = (
        '<form method="GET" action="%(url)s">\n'
        '<input type="hidden" name="action" value="%(actname)s">\n'
        '<input type="hidden" name="ticket" value="%(ticket)s">\n'
        '<p>\n'
        '%(comment_label)s\n'
        '</p>\n'
        '<p>\n'
        '<input type="text" name="comment" size="60" maxlength="80">\n'
        '<input type="submit" name="button" value="%(button)s">\n'
        '</p>\n'
        '%(admin_label)s\n'
        '</form>' %
            {
            'url': url,
            'actname': actname,
            'ticket': ticket,
            'button': button,
            'comment_label': comment_label,
            'admin_label': admin_label,
            })

    return page.send_page(msg=formhtml)
示例#6
0
def execute(pagename, request):
    _ = request.getText
    actname = __name__.split('.')[-1]
    page = PageEditor(pagename, request)
    pagetext = page.get_raw_body()
    msg = ''

    # be extra paranoid in dangerous actions
    if (actname in config.excluded_actions or not request.user.may.edit(page)
            or not request.user.may.delete(page)):
        msg = _('You are not allowed to rename pages in this wiki!')

    # check whether page exists at all
    elif not page.exists():
        msg = _('This page is already deleted or was never created!')

    # check whether the user clicked the delete button
    elif (request.form.has_key('button')
          and request.form.has_key('newpagename')
          and request.form.has_key('ticket')):
        # check whether this is a valid renaming request (make outside
        # attacks harder by requiring two full HTTP transactions)
        if not _checkTicket(request.form['ticket'][0]):
            msg = _('Please use the interactive user '
                    'interface to rename pages!')
        else:
            renamecomment = request.form.get('comment', [''])[0]
            # strip to ensure naming consistency
            newpagename = request.form.get('newpagename')[0].strip()
            if newpagename == pagename:
                return Page(pagename, request).send_page(
                    msg="You can't rename a page to the name it already has!")
            try:
                newpage = PageEditor(newpagename, request)
            except Page.ExcessiveLength, msg:
                return Page(pagename, request).send_page(msg=msg)

            if len(renamecomment) > wikiaction.MAX_COMMENT_LENGTH:
                msg = _('Comments must be less than %s characters long.' %
                        wikiaction.MAX_COMMENT_LENGTH)
            elif len(newpagename) > MAX_PAGENAME_LENGTH:
                msg = _('Page names must be less than %s characters long.' %
                        MAX_PAGENAME_LENGTH)
            # check whether a page with the new name already exists
            elif (newpage.exists()
                  and not (newpagename.lower() == pagename.lower())):
                msg = _('A page with the name "%s" already exists!') % (
                    newpagename)

            elif not wikiaction.isValidPageName(newpagename):
                msg = _('Invalid pagename: Only the characters A-Z, a-z, 0-9, '
                        '"$", "&", ",", ".", "!", "\'", ":", ";", " ", "/", '
                        '"-", "(", ")" are allowed in page names.')

            # we actually do a rename!
            else:
                if renamecomment: renamecomment = " (" + renamecomment + ")"
                if newpagename.lower() != pagename.lower():
                    page.saveText("#redirect %s" % newpagename,
                                  '0',
                                  comment='Renamed to "%s"' % newpagename,
                                  action='RENAME',
                                  force_save=True)
                    # copy images over
                    copy_files(pagename, newpagename, request)

                newpage.saveText(pagetext,
                                 '0',
                                 comment='Renamed from "%s"%s' %
                                 (pagename, renamecomment),
                                 action="RENAME",
                                 proper_name=newpagename)

                msg = _('Page "%s" was successfully renamed to "%s"!') % (
                    pagename, newpagename)
                if newpagename.lower() != pagename.lower():
                    # check favorites because the redirect will
                    # process before the bookmarks get updated
                    if request.user.valid:
                        request.user.checkFavorites(page)

                    request.http_redirect(
                        '%s/%s?action=show&redirect=%s' %
                        (request.getScriptname(),
                         wikiutil.quoteWikiname(newpagename),
                         urllib.quote_plus(pagename.encode(config.charset),
                                           '')))

                    request.req_cache['pagenames'][(
                        newpagename.lower(),
                        request.config.wiki_name)] = newpagename
                    # we clear so the new page name appears
                    caching.CacheEntry(newpagename.lower(), request).clear()
                    return
                else:
                    request.req_cache['pagenames'][(
                        newpagename.lower(),
                        request.config.wiki_name)] = newpagename
                    # we clear so the new page name appears
                    caching.CacheEntry(newpagename.lower(), request).clear()
                    return newpage.send_page(msg)
示例#7
0
def execute(pagename, request):
    _ = request.getText
    actname = __name__.split('.')[-1]
    page = PageEditor(pagename, request)
    pagetext = page.get_raw_body()
    msg = ''

    # be extra paranoid in dangerous actions
    if (actname in config.excluded_actions or not
        request.user.may.edit(page) or not request.user.may.delete(page)):
            msg = _('You are not allowed to rename pages in this wiki!')

    # check whether page exists at all
    elif not page.exists():
        msg = _('This page is already deleted or was never created!')

    # check whether the user clicked the delete button
    elif (request.form.has_key('button') and
          request.form.has_key('newpagename') and
          request.form.has_key('ticket')):
        # check whether this is a valid renaming request (make outside
        # attacks harder by requiring two full HTTP transactions)
        if not _checkTicket(request.form['ticket'][0]):
            msg = _('Please use the interactive user '
                    'interface to rename pages!')
        else:
            renamecomment = request.form.get('comment', [''])[0]
            # strip to ensure naming consistency
            newpagename = request.form.get('newpagename')[0].strip() 
            if newpagename == pagename:
                return Page(pagename, request).send_page(
                    msg="You can't rename a page to the name it already has!")
            try:
                newpage = PageEditor(newpagename, request)
            except Page.ExcessiveLength, msg:
                return Page(pagename, request).send_page(msg=msg)

            if len(renamecomment) > wikiaction.MAX_COMMENT_LENGTH:
                msg = _('Comments must be less than %s characters long.' %
                         wikiaction.MAX_COMMENT_LENGTH)
            elif len(newpagename) > MAX_PAGENAME_LENGTH:
               msg = _('Page names must be less than %s characters long.' %
                         MAX_PAGENAME_LENGTH)
            # check whether a page with the new name already exists
            elif (newpage.exists() and not
                  (newpagename.lower() == pagename.lower())):
                msg = _('A page with the name "%s" already exists!') % (
                        newpagename)

            elif not wikiaction.isValidPageName(newpagename):
                msg = _('Invalid pagename: Only the characters A-Z, a-z, 0-9, '
                        '"$", "&", ",", ".", "!", "\'", ":", ";", " ", "/", '
                        '"-", "(", ")" are allowed in page names.')
                
            # we actually do a rename!
            else:
                if renamecomment: renamecomment = " (" + renamecomment + ")"
                if newpagename.lower() != pagename.lower(): 
                    page.saveText("#redirect %s" % newpagename, '0',
                                  comment='Renamed to "%s"' % newpagename,
                                  action='RENAME', force_save=True)
                    # copy images over
                    copy_files(pagename, newpagename, request)

                newpage.saveText(pagetext, '0',
                                 comment='Renamed from "%s"%s' %
                                    (pagename, renamecomment),
                                 action="RENAME", proper_name=newpagename)

                msg = _('Page "%s" was successfully renamed to "%s"!') % (
                        pagename,newpagename)
                if newpagename.lower() != pagename.lower():
                    # check favorites because the redirect will
                    # process before the bookmarks get updated
                    if request.user.valid:
                        request.user.checkFavorites(page)

                    request.http_redirect('%s/%s?action=show&redirect=%s' % (
                        request.getScriptname(),
                        wikiutil.quoteWikiname(newpagename),
                        urllib.quote_plus(pagename.encode(config.charset), '')))

                    request.req_cache['pagenames'][
                        (newpagename.lower(),
                         request.config.wiki_name)] = newpagename
                    # we clear so the new page name appears
                    caching.CacheEntry(newpagename.lower(), request).clear()
                    return
                else:
                  request.req_cache['pagenames'][
                    (newpagename.lower(),
                     request.config.wiki_name)] = newpagename
                  # we clear so the new page name appears
                  caching.CacheEntry(newpagename.lower(), request).clear() 
                  return newpage.send_page(msg)
示例#8
0
def execute(pagename, request):
    _ = request.getText
    actname = __name__.split('.')[-1]
    page = PageEditor(pagename, request)
    permanent = False
    showrc = True

    msg = ''

    # be extra paranoid in dangerous actions
    if actname in config.excluded_actions \
            or not request.user.may.edit(page) \
            or not request.user.may.delete(page):
        return page.send_page(
            msg=_('You are not allowed to delete this page.'))

    # check whether page exists at all
    if not page.exists():
        return page.send_page(
            msg=_('This page is already deleted or was never created!'))

    # check whether the user clicked the delete button
    if request.form.has_key('button') and request.form.has_key('ticket'):
        # check whether this is a valid deletion request (make outside
        # attacks harder by requiring two full HTTP transactions)
        if not _checkTicket(request.form['ticket'][0]):
            return page.send_page(
                msg=_('Please use the interactive user interface '
                      'to delete pages!'))

        # Delete the page
        comment = request.form.get('comment', [''])[0]
        if len(comment) > wikiaction.MAX_COMMENT_LENGTH:
            msg = ("Comments must be less than %s characters long." %
                   wikiaction.MAX_COMMENT_LENGTH)
            return page.send_page(msg)

        if (request.form.has_key('permanent') and request.form['permanent'][0]
                and request.user.may.admin(page)):
            permanent = True
            if request.form.has_key(
                    'noshowrc') and request.form['noshowrc'][0]:
                showrc = False

        msg = page.deletePage(comment, permanent=permanent, showrc=showrc)

        return page.send_page(msg=_('Page "%s" was successfully deleted!') %
                              (pagename, ))

    # send deletion form
    url = page.url()
    ticket = _createTicket()
    button = _('Delete')
    comment_label = _("Reason for deletion:")

    if request.user.may.admin(page):
        admin_label = (
            """<p>Permanently remove old versions: <input type="checkbox" """
            """id="noshowrctoggle" name="permanent" value="1">\n"""
            """<span id="noshowrc">Don't log on Recent Changes: """
            '<input type="checkbox" name="noshowrc" value="1"></span></p>\n'
            '<script type="text/javascript">\n'
            "document.getElementById('noshowrc').style.visibility = 'hidden';"
            "document.getElementById('noshowrc').style.paddingLeft = '1em';"
            "document.getElementById('noshowrctoggle').onclick = "
            "function () {"
            "document.getElementById('noshowrc').style.visibility = "
            "document.getElementById('noshowrctoggle').checked ? "
            "'visible' : 'hidden';"
            "}"
            "</script>")
    else:
        admin_label = ''
    formhtml = ('<form method="GET" action="%(url)s">\n'
                '<input type="hidden" name="action" value="%(actname)s">\n'
                '<input type="hidden" name="ticket" value="%(ticket)s">\n'
                '<p>\n'
                '%(comment_label)s\n'
                '</p>\n'
                '<p>\n'
                '<input type="text" name="comment" size="60" maxlength="80">\n'
                '<input type="submit" name="button" value="%(button)s">\n'
                '</p>\n'
                '%(admin_label)s\n'
                '</form>' % {
                    'url': url,
                    'actname': actname,
                    'ticket': ticket,
                    'button': button,
                    'comment_label': comment_label,
                    'admin_label': admin_label,
                })

    return page.send_page(msg=formhtml)