def execute(pagename, request):
_ = request.getText
actname = __name__.split('.')[-1]
page = PageEditor(pagename, request)
msg = ''
oldtext = page.get_raw_body()
everything_is_okay = 0
# kinda lame spam protection, but it should work
pghash = hash(pagename.lower())
# be extra paranoid
if (actname in config.excluded_actions or not
request.user.may.edit(page) or
# bot checks
request.form.has_key('button_dont1_%s' % pghash) or
request.form.has_key('button_dont2_%s' % pghash) or
request.form.has_key('button_dont3_%s' % pghash) or
request.form.has_key('button_dont4_%s' % pghash) or
request.form.has_key('comment_dont_%s' % pghash) or
not request.isPOST()
):
msg = _('You are not allowed to edit this page. '
'(An account is needed in most cases)')
# check whether page exists at all
elif not page.exists():
msg = _('This page does not exist.')
# check whether the user clicked the delete button
elif request.form.has_key('button_do_%s' % pghash) and \
request.form.has_key('comment_text_%s' % pghash):
# check whether this is a valid renaming request (make outside
# attacks harder by requiring two full HTTP transactions)
comment_text = request.form.get('comment_text_%s' % pghash)[0]
if request.user.anonymous:
userId = request.user.ip
else:
if config.user_page_prefix:
userId = '["%s%s"]' % (config.user_page_prefix,
request.user.propercased_name)
else:
userId = '["%s"]' % request.user.propercased_name
now = time.time()
now_formatted = request.user.getFormattedDateTime(
now, global_time=True)
formatted_comment_text = comment_text + " --" + userId
newtext = (oldtext + "------" + "\n" + "''" +
''.join(now_formatted) + "'' [[nbsp]] " +
formatted_comment_text)
page.saveText(newtext, '0',
comment="Comment added.", action="COMMENT_MACRO")
msg = _('Your comment has been added.')
return page.send_page(msg)
def execute(pagename, request):
_ = request.getText
actname = __name__.split('.')[-1]
page = PageEditor(pagename, request)
msg = ''
oldtext = page.get_raw_body()
everything_is_okay = 0
# kinda lame spam protection, but it should work
pghash = hash(pagename.lower())
# be extra paranoid
if (actname in config.excluded_actions or not request.user.may.edit(page)
or
# bot checks
request.form.has_key('button_dont1_%s' % pghash)
or request.form.has_key('button_dont2_%s' % pghash)
or request.form.has_key('button_dont3_%s' % pghash)
or request.form.has_key('button_dont4_%s' % pghash)
or request.form.has_key('comment_dont_%s' % pghash)
or not request.isPOST()):
msg = _('You are not allowed to edit this page. '
'(An account is needed in most cases)')
# check whether page exists at all
elif not page.exists():
msg = _('This page does not exist.')
# check whether the user clicked the delete button
elif request.form.has_key('button_do_%s' % pghash) and \
request.form.has_key('comment_text_%s' % pghash):
# check whether this is a valid renaming request (make outside
# attacks harder by requiring two full HTTP transactions)
comment_text = request.form.get('comment_text_%s' % pghash)[0]
if request.user.anonymous:
userId = request.user.ip
else:
if config.user_page_prefix:
userId = '["%s%s"]' % (config.user_page_prefix,
request.user.propercased_name)
else:
userId = '["%s"]' % request.user.propercased_name
now = time.time()
now_formatted = request.user.getFormattedDateTime(now,
global_time=True)
formatted_comment_text = comment_text + " --" + userId
newtext = (oldtext + "------" + "\n" + "''" + ''.join(now_formatted) +
"'' [[nbsp]] " + formatted_comment_text)
page.saveText(newtext,
'0',
comment="Comment added.",
action="COMMENT_MACRO")
msg = _('Your comment has been added.')
return page.send_page(msg)
def execute(pagename, request):
_ = request.getText
actname = __name__.split('.')[-1]
page = PageEditor(pagename, request)
msg = ''
oldtext = page.get_raw_body().lower()
events_page = Page("Events Board", request)
# Do we want an RSS feed?
if (request.form.has_key('rss') and request.form.get("rss")[0] == '1' and
request.user.may.read(events_page)):
request.http_headers(more_headers=[('Content-type', 'application/rss+xml')]) # added content-type header so the right mimetype goes out 2008/05/12 rtucker
request.write(doRSS(request))
raise util.SycamoreNoFooter
return
# be extra paranoid
elif (actname in config.excluded_actions or
not request.user.valid or not request.user.may.edit(events_page) or
not request.user.may.edit(page)):
msg = _('You are not allowed to edit this page. '
'(You need an account in most cases)')
# check to make sure the events macro is in the page
elif string.find(oldtext,"[[events]]") == -1:
msg = _('Not allowed to add an event')
# check whether page exists at all
elif not page.exists():
msg = _('This page does not exist.')
# check whether the user filled out the form
elif request.form.has_key('uid') and request.form.has_key('del'):
if (request.form.get('del')[0] == "1" and
request.user.may.admin(Page("Events Board", request))):
# let's try and delete the event!
uid = request.form.get('uid')[0]
request.cursor.execute(
"SELECT event_name from events where uid=%(uid)s", {'uid':uid})
name = request.cursor.fetchone()[0]
request.cursor.execute(
"DELETE from events where uid=%(uid)s", {'uid':uid},
isWrite=True)
msg = 'Event "%s" <b>deleted</b>!' % name
elif request.form.get('del')[0] == "1":
uid = request.form.get('uid')[0]
request.cursor.execute(
"SELECT event_name from events where uid=%(uid)s", {'uid':uid})
name = request.cursor.fetchone()[0]
request.cursor.execute(
"""DELETE from events where uid=%(uid)s and
posted_by=%(username)s""",
{'uid':uid, 'username':request.user.propercased_name},
isWrite=True)
msg = 'Event "%s" <b>deleted</b>!' % name
if config.memcache:
request.mc.set("today_events", None)
caching.updateRecentChanges(Page("Events Board", request))
elif (request.form.has_key('button') and
request.form.has_key('event_text') and
request.form.has_key('event_name') and
request.form.has_key('event_location') and
request.form.has_key('month') and
request.form.has_key('day') and
request.form.has_key('hour') and
request.form.has_key('minute') and
request.form.has_key('ticket')):
# check whether this is a valid renaming request (make outside
# attacks harder by requiring two full HTTP transactions)
if not _checkTicket(request.form['ticket'][0]):
msg = _('Please use the web interface to change the page!')
else:
event_text = request.form.get('event_text')[0]
event_name = request.form.get('event_name')[0]
event_location = request.form.get('event_location')[0]
month = int(request.form.get('month')[0])
day = int(request.form.get('day')[0])
hour = int(request.form.get('hour')[0])
minute = int(request.form.get('minute')[0])
year = int(request.form.get('year')[0])
posted_by = request.user.propercased_name
now = request.user.getFormattedDateTime(time.time(),
global_time=True)
# WE NEED TO VALIDATE THE TEXT AND THE OTHER FIELDS
if (isValid(event_text, event_name, event_location, month, day,
hour, minute, year) and not
hasPassed(month, day, hour,minute, year, request)):
event_time_unix = wikiutil.timeInTzToUTC(
request.config.tz,
(year, month, day, hour, minute, 0, 0))
writeEvent(request, event_text, event_name,
event_location, event_time_unix, posted_by)
msg = _('Your event has been added!')
elif hasPassed(month,day,hour,minute,year,request):
msg = _('Event time is in the past! '
'Please choose a time in the future.')
else:
msg = _('Event <b>NOT</b> posted. '
'You entered some invalid text into the form. '
'No HTML is allowed.')
else:
msg = _('Please fill out all fields of the form.')
return page.send_page(msg)
def execute(pagename, request):
_ = request.getText
actname = __name__.split('.')[-1]
page = PageEditor(pagename, request)
msg = ''
oldtext = page.get_raw_body().lower()
events_page = Page("Events Board", request)
# Do we want an RSS feed?
if (request.form.has_key('rss') and request.form.get("rss")[0] == '1' and
request.user.may.read(events_page)):
request.http_headers()
request.write(doRSS(request))
raise util.SycamoreNoFooter
return
# be extra paranoid
elif (actname in config.excluded_actions or
not request.user.valid or not request.user.may.edit(events_page) or
not request.user.may.edit(page)):
msg = _('You are not allowed to edit this page. '
'(You need an account in most cases)')
# check to make sure the events macro is in the page
elif string.find(oldtext,"[[events]]") == -1:
msg = _('Not allowed to add an event')
# check whether page exists at all
elif not page.exists():
msg = _('This page does not exist.')
# check whether the user filled out the form
elif request.form.has_key('uid') and request.form.has_key('del'):
if (request.form.get('del')[0] == "1" and
request.user.may.admin(Page("Events Board", request))):
# let's try and delete the event!
uid = request.form.get('uid')[0]
request.cursor.execute(
"SELECT event_name from events where uid=%(uid)s", {'uid':uid})
name = request.cursor.fetchone()[0]
request.cursor.execute(
"DELETE from events where uid=%(uid)s", {'uid':uid},
isWrite=True)
msg = 'Event "%s" <b>deleted</b>!' % name
elif request.form.get('del')[0] == "1":
uid = request.form.get('uid')[0]
request.cursor.execute(
"SELECT event_name from events where uid=%(uid)s", {'uid':uid})
name = request.cursor.fetchone()[0]
request.cursor.execute(
"""DELETE from events where uid=%(uid)s and
posted_by=%(username)s""",
{'uid':uid, 'username':request.user.propercased_name},
isWrite=True)
msg = 'Event "%s" <b>deleted</b>!' % name
if config.memcache:
request.mc.set("today_events", None)
caching.updateRecentChanges(Page("Events Board", request))
elif (request.form.has_key('button') and
request.form.has_key('event_text') and
request.form.has_key('event_name') and
request.form.has_key('event_location') and
request.form.has_key('month') and
request.form.has_key('day') and
request.form.has_key('hour') and
request.form.has_key('minute') and
request.form.has_key('ticket')):
# check whether this is a valid renaming request (make outside
# attacks harder by requiring two full HTTP transactions)
if not _checkTicket(request.form['ticket'][0]):
msg = _('Please use the web interface to change the page!')
else:
event_text = request.form.get('event_text')[0]
event_name = request.form.get('event_name')[0]
event_location = request.form.get('event_location')[0]
month = int(request.form.get('month')[0])
day = int(request.form.get('day')[0])
hour = int(request.form.get('hour')[0])
minute = int(request.form.get('minute')[0])
year = int(request.form.get('year')[0])
posted_by = request.user.propercased_name
now = request.user.getFormattedDateTime(time.time(),
global_time=True)
# WE NEED TO VALIDATE THE TEXT AND THE OTHER FIELDS
if (isValid(event_text, event_name, event_location, month, day,
hour, minute, year) and not
hasPassed(month, day, hour,minute, year, request)):
event_time_unix = wikiutil.timeInTzToUTC(
request.config.tz,
(year, month, day, hour, minute, 0, 0))
writeEvent(request, event_text, event_name,
event_location, event_time_unix, posted_by)
msg = _('Your event has been added!')
elif hasPassed(month,day,hour,minute,year,request):
msg = _('Event time is in the past! '
'Please choose a time in the future.')
else:
msg = _('Event <b>NOT</b> posted. '
'You entered some invalid text into the form. '
'No HTML is allowed.')
else:
msg = _('Please fill out all fields of the form.')
return page.send_page(msg)
def execute(pagename, request):
_ = request.getText
actname = __name__.split('.')[-1]
page = PageEditor(pagename, request)
permanent = False
showrc = True
msg = ''
# be extra paranoid in dangerous actions
if actname in config.excluded_actions \
or not request.user.may.edit(page) \
or not request.user.may.delete(page):
return page.send_page(
msg = _('You are not allowed to delete this page.'))
# check whether page exists at all
if not page.exists():
return page.send_page(
msg = _('This page is already deleted or was never created!'))
# check whether the user clicked the delete button
if request.form.has_key('button') and request.form.has_key('ticket'):
# check whether this is a valid deletion request (make outside
# attacks harder by requiring two full HTTP transactions)
if not _checkTicket(request.form['ticket'][0]):
return page.send_page(
msg = _('Please use the interactive user interface '
'to delete pages!'))
# Delete the page
comment = request.form.get('comment', [''])[0]
if len(comment) > wikiaction.MAX_COMMENT_LENGTH:
msg = ("Comments must be less than %s characters long." %
wikiaction.MAX_COMMENT_LENGTH)
return page.send_page(msg)
if (request.form.has_key('permanent') and
request.form['permanent'][0] and request.user.may.admin(page)):
permanent = True
if request.form.has_key('noshowrc') and request.form['noshowrc'][0]:
showrc = False
msg = page.deletePage(comment, permanent=permanent, showrc=showrc)
return page.send_page(
msg = _('Page "%s" was successfully deleted!') % (pagename,))
# send deletion form
url = page.url()
ticket = _createTicket()
button = _('Delete')
comment_label = _("Reason for deletion:")
if request.user.may.admin(page):
admin_label = (
"""<p>Permanently remove old versions: <input type="checkbox" """
"""id="noshowrctoggle" name="permanent" value="1">\n"""
"""<span id="noshowrc">Don't log on Recent Changes: """
'<input type="checkbox" name="noshowrc" value="1"></span></p>\n'
'<script type="text/javascript">\n'
"document.getElementById('noshowrc').style.visibility = 'hidden';"
"document.getElementById('noshowrc').style.paddingLeft = '1em';"
"document.getElementById('noshowrctoggle').onclick = "
"function () {"
"document.getElementById('noshowrc').style.visibility = "
"document.getElementById('noshowrctoggle').checked ? "
"'visible' : 'hidden';"
"}"
"</script>")
else:
admin_label = ''
formhtml = (
'<form method="GET" action="%(url)s">\n'
'<input type="hidden" name="action" value="%(actname)s">\n'
'<input type="hidden" name="ticket" value="%(ticket)s">\n'
'<p>\n'
'%(comment_label)s\n'
'</p>\n'
'<p>\n'
'<input type="text" name="comment" size="60" maxlength="80">\n'
'<input type="submit" name="button" value="%(button)s">\n'
'</p>\n'
'%(admin_label)s\n'
'</form>' %
{
'url': url,
'actname': actname,
'ticket': ticket,
'button': button,
'comment_label': comment_label,
'admin_label': admin_label,
})
return page.send_page(msg=formhtml)
def execute(pagename, request):
_ = request.getText
actname = __name__.split('.')[-1]
page = PageEditor(pagename, request)
pagetext = page.get_raw_body()
msg = ''
# be extra paranoid in dangerous actions
if (actname in config.excluded_actions or not request.user.may.edit(page)
or not request.user.may.delete(page)):
msg = _('You are not allowed to rename pages in this wiki!')
# check whether page exists at all
elif not page.exists():
msg = _('This page is already deleted or was never created!')
# check whether the user clicked the delete button
elif (request.form.has_key('button')
and request.form.has_key('newpagename')
and request.form.has_key('ticket')):
# check whether this is a valid renaming request (make outside
# attacks harder by requiring two full HTTP transactions)
if not _checkTicket(request.form['ticket'][0]):
msg = _('Please use the interactive user '
'interface to rename pages!')
else:
renamecomment = request.form.get('comment', [''])[0]
# strip to ensure naming consistency
newpagename = request.form.get('newpagename')[0].strip()
if newpagename == pagename:
return Page(pagename, request).send_page(
msg="You can't rename a page to the name it already has!")
try:
newpage = PageEditor(newpagename, request)
except Page.ExcessiveLength, msg:
return Page(pagename, request).send_page(msg=msg)
if len(renamecomment) > wikiaction.MAX_COMMENT_LENGTH:
msg = _('Comments must be less than %s characters long.' %
wikiaction.MAX_COMMENT_LENGTH)
elif len(newpagename) > MAX_PAGENAME_LENGTH:
msg = _('Page names must be less than %s characters long.' %
MAX_PAGENAME_LENGTH)
# check whether a page with the new name already exists
elif (newpage.exists()
and not (newpagename.lower() == pagename.lower())):
msg = _('A page with the name "%s" already exists!') % (
newpagename)
elif not wikiaction.isValidPageName(newpagename):
msg = _('Invalid pagename: Only the characters A-Z, a-z, 0-9, '
'"$", "&", ",", ".", "!", "\'", ":", ";", " ", "/", '
'"-", "(", ")" are allowed in page names.')
# we actually do a rename!
else:
if renamecomment: renamecomment = " (" + renamecomment + ")"
if newpagename.lower() != pagename.lower():
page.saveText("#redirect %s" % newpagename,
'0',
comment='Renamed to "%s"' % newpagename,
action='RENAME',
force_save=True)
# copy images over
copy_files(pagename, newpagename, request)
newpage.saveText(pagetext,
'0',
comment='Renamed from "%s"%s' %
(pagename, renamecomment),
action="RENAME",
proper_name=newpagename)
msg = _('Page "%s" was successfully renamed to "%s"!') % (
pagename, newpagename)
if newpagename.lower() != pagename.lower():
# check favorites because the redirect will
# process before the bookmarks get updated
if request.user.valid:
request.user.checkFavorites(page)
request.http_redirect(
'%s/%s?action=show&redirect=%s' %
(request.getScriptname(),
wikiutil.quoteWikiname(newpagename),
urllib.quote_plus(pagename.encode(config.charset),
'')))
request.req_cache['pagenames'][(
newpagename.lower(),
request.config.wiki_name)] = newpagename
# we clear so the new page name appears
caching.CacheEntry(newpagename.lower(), request).clear()
return
else:
request.req_cache['pagenames'][(
newpagename.lower(),
request.config.wiki_name)] = newpagename
# we clear so the new page name appears
caching.CacheEntry(newpagename.lower(), request).clear()
return newpage.send_page(msg)
def execute(pagename, request):
_ = request.getText
actname = __name__.split('.')[-1]
page = PageEditor(pagename, request)
pagetext = page.get_raw_body()
msg = ''
# be extra paranoid in dangerous actions
if (actname in config.excluded_actions or not
request.user.may.edit(page) or not request.user.may.delete(page)):
msg = _('You are not allowed to rename pages in this wiki!')
# check whether page exists at all
elif not page.exists():
msg = _('This page is already deleted or was never created!')
# check whether the user clicked the delete button
elif (request.form.has_key('button') and
request.form.has_key('newpagename') and
request.form.has_key('ticket')):
# check whether this is a valid renaming request (make outside
# attacks harder by requiring two full HTTP transactions)
if not _checkTicket(request.form['ticket'][0]):
msg = _('Please use the interactive user '
'interface to rename pages!')
else:
renamecomment = request.form.get('comment', [''])[0]
# strip to ensure naming consistency
newpagename = request.form.get('newpagename')[0].strip()
if newpagename == pagename:
return Page(pagename, request).send_page(
msg="You can't rename a page to the name it already has!")
try:
newpage = PageEditor(newpagename, request)
except Page.ExcessiveLength, msg:
return Page(pagename, request).send_page(msg=msg)
if len(renamecomment) > wikiaction.MAX_COMMENT_LENGTH:
msg = _('Comments must be less than %s characters long.' %
wikiaction.MAX_COMMENT_LENGTH)
elif len(newpagename) > MAX_PAGENAME_LENGTH:
msg = _('Page names must be less than %s characters long.' %
MAX_PAGENAME_LENGTH)
# check whether a page with the new name already exists
elif (newpage.exists() and not
(newpagename.lower() == pagename.lower())):
msg = _('A page with the name "%s" already exists!') % (
newpagename)
elif not wikiaction.isValidPageName(newpagename):
msg = _('Invalid pagename: Only the characters A-Z, a-z, 0-9, '
'"$", "&", ",", ".", "!", "\'", ":", ";", " ", "/", '
'"-", "(", ")" are allowed in page names.')
# we actually do a rename!
else:
if renamecomment: renamecomment = " (" + renamecomment + ")"
if newpagename.lower() != pagename.lower():
page.saveText("#redirect %s" % newpagename, '0',
comment='Renamed to "%s"' % newpagename,
action='RENAME', force_save=True)
# copy images over
copy_files(pagename, newpagename, request)
newpage.saveText(pagetext, '0',
comment='Renamed from "%s"%s' %
(pagename, renamecomment),
action="RENAME", proper_name=newpagename)
msg = _('Page "%s" was successfully renamed to "%s"!') % (
pagename,newpagename)
if newpagename.lower() != pagename.lower():
# check favorites because the redirect will
# process before the bookmarks get updated
if request.user.valid:
request.user.checkFavorites(page)
request.http_redirect('%s/%s?action=show&redirect=%s' % (
request.getScriptname(),
wikiutil.quoteWikiname(newpagename),
urllib.quote_plus(pagename.encode(config.charset), '')))
request.req_cache['pagenames'][
(newpagename.lower(),
request.config.wiki_name)] = newpagename
# we clear so the new page name appears
caching.CacheEntry(newpagename.lower(), request).clear()
return
else:
request.req_cache['pagenames'][
(newpagename.lower(),
request.config.wiki_name)] = newpagename
# we clear so the new page name appears
caching.CacheEntry(newpagename.lower(), request).clear()
return newpage.send_page(msg)
def execute(pagename, request):
_ = request.getText
actname = __name__.split('.')[-1]
page = PageEditor(pagename, request)
permanent = False
showrc = True
msg = ''
# be extra paranoid in dangerous actions
if actname in config.excluded_actions \
or not request.user.may.edit(page) \
or not request.user.may.delete(page):
return page.send_page(
msg=_('You are not allowed to delete this page.'))
# check whether page exists at all
if not page.exists():
return page.send_page(
msg=_('This page is already deleted or was never created!'))
# check whether the user clicked the delete button
if request.form.has_key('button') and request.form.has_key('ticket'):
# check whether this is a valid deletion request (make outside
# attacks harder by requiring two full HTTP transactions)
if not _checkTicket(request.form['ticket'][0]):
return page.send_page(
msg=_('Please use the interactive user interface '
'to delete pages!'))
# Delete the page
comment = request.form.get('comment', [''])[0]
if len(comment) > wikiaction.MAX_COMMENT_LENGTH:
msg = ("Comments must be less than %s characters long." %
wikiaction.MAX_COMMENT_LENGTH)
return page.send_page(msg)
if (request.form.has_key('permanent') and request.form['permanent'][0]
and request.user.may.admin(page)):
permanent = True
if request.form.has_key(
'noshowrc') and request.form['noshowrc'][0]:
showrc = False
msg = page.deletePage(comment, permanent=permanent, showrc=showrc)
return page.send_page(msg=_('Page "%s" was successfully deleted!') %
(pagename, ))
# send deletion form
url = page.url()
ticket = _createTicket()
button = _('Delete')
comment_label = _("Reason for deletion:")
if request.user.may.admin(page):
admin_label = (
"""<p>Permanently remove old versions: <input type="checkbox" """
"""id="noshowrctoggle" name="permanent" value="1">\n"""
"""<span id="noshowrc">Don't log on Recent Changes: """
'<input type="checkbox" name="noshowrc" value="1"></span></p>\n'
'<script type="text/javascript">\n'
"document.getElementById('noshowrc').style.visibility = 'hidden';"
"document.getElementById('noshowrc').style.paddingLeft = '1em';"
"document.getElementById('noshowrctoggle').onclick = "
"function () {"
"document.getElementById('noshowrc').style.visibility = "
"document.getElementById('noshowrctoggle').checked ? "
"'visible' : 'hidden';"
"}"
"</script>")
else:
admin_label = ''
formhtml = ('<form method="GET" action="%(url)s">\n'
'<input type="hidden" name="action" value="%(actname)s">\n'
'<input type="hidden" name="ticket" value="%(ticket)s">\n'
'<p>\n'
'%(comment_label)s\n'
'</p>\n'
'<p>\n'
'<input type="text" name="comment" size="60" maxlength="80">\n'
'<input type="submit" name="button" value="%(button)s">\n'
'</p>\n'
'%(admin_label)s\n'
'</form>' % {
'url': url,
'actname': actname,
'ticket': ticket,
'button': button,
'comment_label': comment_label,
'admin_label': admin_label,
})
return page.send_page(msg=formhtml)