def _delete_torrent(torrent, form, banform): editor = flask.g.user uploader = torrent.user # Only allow admins edit deleted torrents if torrent.deleted and not (editor and editor.is_moderator): flask.abort(404) action = None url = flask.url_for('main.home') ban_torrent = form.ban.data if banform: ban_torrent = ban_torrent or banform.ban_user.data or banform.ban_userip.data if form.delete.data and not torrent.deleted: action = 'deleted' torrent.deleted = True db.session.add(torrent) elif ban_torrent and not torrent.banned and editor.is_moderator: action = 'banned' torrent.banned = True if not torrent.deleted: torrent.deleted = True action = 'deleted and banned' backend.tracker_api([torrent.info_hash], 'ban') db.session.add(torrent) elif form.undelete.data and torrent.deleted: action = 'undeleted' torrent.deleted = False if torrent.banned: action = 'undeleted and unbanned' torrent.banned = False backend.tracker_api([torrent.info_hash], 'unban') db.session.add(torrent) elif form.unban.data and torrent.banned: action = 'unbanned' torrent.banned = False backend.tracker_api([torrent.info_hash], 'unban') db.session.add(torrent) if not action and not ban_torrent: flask.flash(flask.Markup('What the f**k are you doing?'), 'danger') return flask.redirect( flask.url_for('torrents.edit', torrent_id=torrent.id)) if action and editor.is_moderator: url = flask.url_for('torrents.view', torrent_id=torrent.id) if editor is not uploader: log = "Torrent [#{0}]({1}) has been {2}".format( torrent.id, url, action) adminlog = models.AdminLog(log=log, admin_id=editor.id) db.session.add(adminlog) if action: db.session.commit() flask.flash( flask.Markup('Torrent has been successfully {0}.'.format(action)), 'success') if not banform or not (banform.ban_user.data or banform.ban_userip.data): return flask.redirect(url) if banform.ban_userip.data: tbanned = models.Ban.banned(None, torrent.uploader_ip).first() ubanned = True if uploader: ubanned = models.Ban.banned(None, uploader.last_login_ip).first() ipbanned = (tbanned and ubanned) if (banform.ban_user.data and (not uploader or uploader.is_banned)) or \ (banform.ban_userip.data and ipbanned): flask.flash(flask.Markup('What the f**k are you doing?'), 'danger') return flask.redirect( flask.url_for('torrents.edit', torrent_id=torrent.id)) flavor = "Nyaa" if app.config['SITE_FLAVOR'] == 'nyaa' else "Sukebei" eurl = flask.url_for('torrents.view', torrent_id=torrent.id, _external=True) reason = "[{0}#{1}]({2}) {3}".format(flavor, torrent.id, eurl, banform.reason.data) ban1 = models.Ban(admin_id=editor.id, reason=reason) ban2 = models.Ban(admin_id=editor.id, reason=reason) db.session.add(ban1) if uploader: uploader.status = models.UserStatusType.BANNED db.session.add(uploader) ban1.user_id = uploader.id ban2.user_id = uploader.id if banform.ban_userip.data: if not ubanned: ban1.user_ip = ip_address(uploader.last_login_ip) if not tbanned: uploader_ip = ip_address(torrent.uploader_ip) if ban1.user_ip != uploader_ip: ban2.user_ip = uploader_ip db.session.add(ban2) else: ban1.user_ip = ip_address(torrent.uploader_ip) uploader_str = "Anonymous" if uploader: uploader_url = flask.url_for('users.view_user', user_name=uploader.username) uploader_str = "[{0}]({1})".format(uploader.username, uploader_url) if ban1.user_ip: uploader_str += " IP({0})".format(ban1.user_ip) ban1.user_ip = ban1.user_ip.packed if ban2.user_ip: uploader_str += " IP({0})".format(ban2.user_ip) ban2.user_ip = ban2.user_ip.packed log = "Uploader {0} of torrent [#{1}]({2}) has been banned.".format( uploader_str, torrent.id, flask.url_for('torrents.view', torrent_id=torrent.id), action) adminlog = models.AdminLog(log=log, admin_id=editor.id) db.session.add(adminlog) db.session.commit() flask.flash(flask.Markup('Uploader has been successfully banned.'), 'success') return flask.redirect(url)
def index(): return flask.render_template('escaping_template.html', text=text, html=flask.Markup(text))
def index(): flask.flash(u'Hello World') flask.flash(u'Hello World', 'error') flask.flash(flask.Markup(u'<em>Testing</em>'), 'warning') return ''
def number_field_data(label): return flask.Markup(nf_knowl_guts(label, db()))
def modify_session(response): flask.session['m'] = flask.Markup('Hello!') flask.session['u'] = the_uuid flask.session['dt'] = now flask.session['t'] = (1, 2, 3) return response
for algorithm improvements on get_data() Rodrigo Serrão [https://github.com/RojerGS]: for exec(templates) """ import flask import os import time from random import choice from math import ceil pineblog = flask.Flask(__name__) pineblog.jinja_env.trim_blocks = True pineblog.jinja_env.lstrip_blocks = True # http://stackoverflow.com/questions/9767585/insert-static-files-literally-into-jinja-templates-without-parsing-them pineblog.jinja_env.globals['include_raw'] = lambda filename: flask.Markup( pineblog.jinja_loader.get_source(pineblog.jinja_env, filename)[0]) # Constants posts_per_page = 3 # Globals data = [] number_of_pages = None def log(message): with open('log', 'a') as logfile: epoch = str(time.time()) microseconds = epoch.split('.')[-1] # extra resolution for seconds logtime = time.strftime('[%d/%m/%Y %H:%M:%S.{0}]'.format(microseconds)) logfile.write('{0} {1}\n'.format(logtime, message))
def group_cclasses_data(n, t): return flask.Markup(group_cclasses_knowl_guts(n, t, db()))
def _preprocess_variables(config, strings): in_page_link = flask.Markup('<a target="_blank" href=%s>%s</a>') strings['in_page'] = \ flask.Markup(strings['in_page']) % in_page_link if config.lead_section_policy_link: lead_section_policy_link = flask.Markup( '<a target="_blank" href=%s>%s</a>') % ( config.lead_section_policy_link, config.lead_section_policy_link_title) strings['lead_section_hint'] = \ flask.Markup(strings['lead_section_hint']) % \ lead_section_policy_link else: strings['lead_section_hint'] = '' beginners_hint_link = flask.Markup('<a target="_blank" href=%s>%s</a>') % ( config.beginners_link, config.beginners_link_title) strings['beginners_hint'] = \ flask.Markup(strings['beginners_hint']) % beginners_hint_link if '404' not in config.flagged_off: page_not_found_link = flask.Markup('<a href=%s>Citation Hunt</a>') % ( config.lang_code) strings['page_not_found_text'] = \ flask.Markup(strings['page_not_found_text']) % page_not_found_link strings.setdefault('instructions_goal', '') strings.setdefault('instructions_details', '') if strings['instructions_details']: strings['instructions_details'] = flask.Markup( strings['instructions_details']) % ( flask.Markup('<b>' + strings['button_wikilink'] + '</b>'), flask.Markup('<b>' + strings['button_next'] + '</b>'), beginners_hint_link) return strings
def _get_charts_markup(self): return {n: flask.Markup(c.html()) for n, c in self.charts.items()}
def test(): ts = TAINTED_STRING # class `Markup` can be used for things that are already safe. # if used with any text in a string operation, that other text will be escaped. # # see https://markupsafe.palletsprojects.com/en/2.0.x/ m_unsafe = Markup(TAINTED_STRING) m_safe = Markup(SAFE) # this 3 tests might look strange, but the purpose is to check we still treat `ts` # as tainted even after it has been escaped in some place. This _might_ not be the # case since data-flow library has taint-steps from adjacent uses... ensure_tainted(ts) # $ tainted ensure_not_tainted( escape(ts)) # $ escapeInput=ts escapeKind=html escapeOutput=escape(..) ensure_tainted(ts) # $ tainted ensure_tainted( ts, # $ tainted m_unsafe, # $ tainted m_unsafe + SAFE, # $ escapeInput=SAFE escapeKind=html escapeOutput=BinaryExpr MISSING: tainted SAFE + m_unsafe, # $ escapeInput=SAFE escapeKind=html escapeOutput=BinaryExpr MISSING: tainted m_unsafe.format( SAFE ), # $ escapeInput=SAFE escapeKind=html escapeOutput=m_unsafe.format(..) MISSING: tainted m_unsafe % SAFE, # $ escapeInput=SAFE escapeKind=html escapeOutput=BinaryExpr MISSING: tainted m_unsafe + ts, # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr MISSING: tainted m_safe.format(m_unsafe), # $ tainted m_safe % m_unsafe, # $ tainted escape(ts).unescape( ), # $ escapeInput=ts escapeKind=html escapeOutput=escape(..) MISSING: tainted escape_silent(ts).unescape( ), # $ escapeInput=ts escapeKind=html escapeOutput=escape_silent(..) MISSING: tainted ) ensure_not_tainted( escape(ts), # $ escapeInput=ts escapeKind=html escapeOutput=escape(..) escape_silent( ts ), # $ escapeInput=ts escapeKind=html escapeOutput=escape_silent(..) Markup.escape( ts ), # $ escapeInput=ts escapeKind=html escapeOutput=Markup.escape(..) m_safe, m_safe + ts, # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr ts + m_safe, # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr m_safe.format( ts ), # $ escapeInput=ts escapeKind=html escapeOutput=m_safe.format(..) m_safe % ts, # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr escape(ts) + ts, # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr escapeOutput=escape(..) escape_silent(ts) + ts, # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr escapeOutput=escape_silent(..) Markup.escape(ts) + ts, # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr escapeOutput=Markup.escape(..) ) # flask re-exports these, as: # flask.escape = markupsafe.escape # flask.Markup = markupsafe.Markup import flask ensure_tainted( flask.Markup(ts), # $ tainted ) ensure_not_tainted( flask.escape( ts ), # $ escapeInput=ts escapeKind=html escapeOutput=flask.escape(..) flask.Markup.escape( ts ), # $ escapeInput=ts escapeKind=html escapeOutput=flask.Markup.escape(..) )
def test_filters2(): messages = flask.get_flashed_messages(category_filter=['message', 'warning']) self.assert_equal(len(messages), 2) self.assert_equal(messages[0], u'Hello World') self.assert_equal(messages[1], flask.Markup(u'<em>Testing</em>')) return ''
def lemmas_spans(lemmas: LexemeLemmas) -> flask.Markup: return flask.Markup(r'/').join(term_span(lemma) for lemma in lemmas.values())
def form2input(context, form, first=False, readonly=False, template_language_code=None, representation_language_code=None): (prefix, placeholder, suffix) = split_example(form) if 'lexeme_forms' in form and template_language_code != representation_language_code: placeholder = '/'.join(lexeme_form['representations'][template_language_code]['value'] for lexeme_form in form['lexeme_forms'] if template_language_code in lexeme_form['representations']) optional = context['advanced'] or form.get('optional', False) return (flask.Markup.escape(prefix) + flask.Markup(r'<input type="text" name="form_representation" placeholder="') + flask.Markup.escape(placeholder) + flask.Markup(r'"') + flask.Markup(r' pattern="[^/]+(?:/[^/]+)*"') + (flask.Markup(r' required') if not optional else flask.Markup('')) + (flask.Markup(r' disabled') if readonly else flask.Markup('')) + (flask.Markup(r' autofocus') if first else flask.Markup('')) + (flask.Markup(r' value="') + flask.Markup.escape(form['value']) + flask.Markup(r'"') if 'value' in form else flask.Markup('')) + flask.Markup(r' spellcheck="true"') + (flask.Markup(r' lang="') + flask.Markup.escape(representation_language_code) + flask.Markup(r'"') if representation_language_code != template_language_code else flask.Markup('')) + flask.Markup(r'>') + flask.Markup.escape(suffix))
def edit_torrent(torrent_id): torrent = models.Torrent.by_id(torrent_id) form = forms.EditForm(flask.request.form) form.category.choices = _create_upload_category_choices() delete_form = forms.DeleteForm() ban_form = None editor = flask.g.user if not torrent: flask.abort(404) # Only allow admins edit deleted torrents if torrent.deleted and not (editor and editor.is_moderator): flask.abort(404) # Only allow torrent owners or admins edit torrents if not editor or not (editor is torrent.user or editor.is_moderator): flask.abort(403) torrent_user_level = torrent.user and torrent.user.level if editor and editor.is_moderator and \ (torrent_user_level is None or editor.level > torrent_user_level): ban_form = forms.BanForm() if flask.request.method == 'POST' and form.submit.data and form.validate(): # Form has been sent, edit torrent with data. torrent.main_category_id, torrent.sub_category_id = \ form.category.parsed_data.get_category_ids() torrent.display_name = (form.display_name.data or '').strip() torrent.information = (form.information.data or '').strip() torrent.description = (form.description.data or '').strip() torrent.hidden = form.is_hidden.data torrent.remake = form.is_remake.data torrent.complete = form.is_complete.data torrent.anonymous = form.is_anonymous.data if editor.is_trusted: torrent.trusted = form.is_trusted.data deleted_changed = torrent.deleted != form.is_deleted.data if editor.is_moderator: torrent.deleted = form.is_deleted.data url = flask.url_for('torrents.view', torrent_id=torrent.id) if deleted_changed and editor.is_moderator: log = "Torrent [#{0}]({1}) marked as {2}".format( torrent.id, url, "deleted" if torrent.deleted else "undeleted") adminlog = models.AdminLog(log=log, admin_id=editor.id) db.session.add(adminlog) db.session.commit() flask.flash( flask.Markup( 'Torrent has been successfully edited! Changes might take a few minutes to show up.' ), 'success') return flask.redirect(url) elif flask.request.method == 'POST' and delete_form.validate() and \ (not ban_form or ban_form.validate()): return _delete_torrent(torrent, delete_form, ban_form) else: if flask.request.method != 'POST': # Fill form data only if the POST didn't fail form.category.data = torrent.sub_category.id_as_string form.display_name.data = torrent.display_name form.information.data = torrent.information form.description.data = torrent.description form.is_hidden.data = torrent.hidden form.is_remake.data = torrent.remake form.is_complete.data = torrent.complete form.is_anonymous.data = torrent.anonymous form.is_trusted.data = torrent.trusted form.is_deleted.data = torrent.deleted ipbanned = None if editor.is_moderator: torrent_ip_banned = True user_ip_banned = True # Archived torrents do not have a null uploader_ip if torrent.uploader_ip: torrent_ip_banned = models.Ban.banned( None, torrent.uploader_ip).first() if torrent.user: user_ip_banned = models.Ban.banned( None, torrent.user.last_login_ip).first() ipbanned = (torrent_ip_banned and user_ip_banned) return flask.render_template('edit.html', form=form, delete_form=delete_form, ban_form=ban_form, torrent=torrent, ipbanned=ipbanned)
def _check_rpmfusion(repos): if "rpmfusion" in repos: message = flask.Markup( 'Using rpmfusion as dependency is nearly always wrong. Please see <a href="https://docs.pagure.org/copr.copr/user_documentation.html#what-i-can-build-in-copr">What I can build in Copr</a>.' ) flask.flash(message, "error")
def _get_script_markup(self): return flask.Markup(self.templates['init'].render( charts=self.charts, config=self.config, packages=self.packages(), include_tags=True))
index_php = 'https://{{ cookiecutter.wiki_domain }}/w/index.php' @app.template_global() def csrf_token(){% if cookiecutter.set_up_mypy == "True" %} -> str{% endif %}: if 'csrf_token' not in flask.session: characters = string.ascii_letters + string.digits random_string = ''.join(random.choice(characters) for _ in range(64)) flask.session['csrf_token'] = random_string return flask.session['csrf_token'] @app.template_global() def form_value(name{% if cookiecutter.set_up_mypy == "True" %}: str{% endif %}){% if cookiecutter.set_up_mypy == "True" %} -> flask.Markup{% endif %}: if 'repeat_form' in flask.g and name in flask.request.form: return (flask.Markup(r' value="') + flask.Markup.escape(flask.request.form[name]) + flask.Markup(r'" ')) else: return flask.Markup() @app.template_global() def form_attributes(name{% if cookiecutter.set_up_mypy == "True" %}: str{% endif %}){% if cookiecutter.set_up_mypy == "True" %} -> flask.Markup{% endif %}: return (flask.Markup(r' id="') + flask.Markup.escape(name) + flask.Markup(r'" name="') + flask.Markup.escape(name) + flask.Markup(r'" ') + form_value(name))
def _preprocess_variables(config, strings): strings['in_page'] = \ flask.Markup(strings['in_page']) % _link('%s', '%s') strings.setdefault('tooltitle', 'Citation Hunt') if config.lead_section_policy_link: strings['lead_section_hint'] = \ flask.Markup(strings['lead_section_hint']) % _link( config.lead_section_policy_link, config.lead_section_policy_link_title) else: strings['lead_section_hint'] = '' strings['page_not_found_text'] = \ flask.Markup(strings['page_not_found_text']) % _link( 'https://tools.wmflabs.org/citationhunt/' + config.lang_code, 'Citation Hunt', "_self") strings.setdefault('instructions_goal', '') if strings['instructions_goal']: if hasattr(config, 'reliable_sources_link'): link_start, link_end = ( _link_start(config.reliable_sources_link), '</a>') else: link_start = link_end = '' # Note that format() doesn't raise an exception if the string doesn't # have any formatters, so this is fine even if instructions_goal is # outdated and doesn't contain the {link_start}/{link_end} markers. strings['instructions_goal'] = flask.Markup( strings['instructions_goal'].format( link_start = link_start, link_end = link_end)) strings.setdefault('instructions_details', '') if strings['instructions_details'].count('%s') == 3: beginners_hint_link = _link( config.beginners_link, config.beginners_link_title) # Support the extra link pre-#129. strings['instructions_details'] = flask.Markup( strings['instructions_details']) % ( flask.Markup('<b>' + strings['button_wikilink'] + '</b>'), flask.Markup('<b>' + strings['button_next'] + '</b>'), beginners_hint_link) else: # Support beginner's link, optionally. if hasattr(config, 'beginners_link'): link_start, link_end = (_link_start(config.beginners_link), '</a>') else: link_start = link_end = '' strings['instructions_details'] = flask.Markup( (strings['instructions_details'] % ( flask.Markup('<b>' + strings['button_wikilink'] + '</b>'), flask.Markup('<b>' + strings['button_next'] + '</b>'))).format( link_start = link_start, link_end = link_end)) strings.setdefault('footer', '') if strings['footer']: # We replace the URLs in the template itself strings['footer'] = flask.Markup(strings['footer']) % ( strings['tooltitle'], _link('%s', 'Tools Labs'), _link('%s', 'translatewiki.net')) strings.setdefault('leaderboard_title', '') strings.setdefault('leaderboard_description', '') if strings['leaderboard_title'] and strings['leaderboard_description']: strings['leaderboard_title'] = strings['leaderboard_title'] % ( strings['tooltitle']) strings['leaderboard_description'] = ( strings['leaderboard_description'].format( tooltitle = strings['tooltitle'], days = '%s')) # The template swaps in the actual number. strings.setdefault('custom_intro', '') if strings['custom_intro']: strings['custom_intro'] = strings['custom_intro'].format( tooltitle = strings['tooltitle']) strings.setdefault('import_articles_prompt', '') if strings['import_articles_prompt']: strings['import_articles_prompt'] = flask.Markup( strings['import_articles_prompt'].format( em_start = '<b>', em_end = '</b>')) strings.setdefault('import_petscan_intro', '') if strings['import_petscan_intro']: strings['import_petscan_intro'] = flask.Markup( strings['import_petscan_intro'].format( em_start = '<b>', em_end = '</b>')) strings.setdefault('import_petscan_prompt', '') if strings['import_petscan_prompt']: strings['import_petscan_prompt'] = flask.Markup( strings['import_petscan_prompt'].format( link_start = _link_start(make_petscan_url(config)), link_end = '</a>')) strings.setdefault('import_petscan_category_tip', '') if strings['import_petscan_category_tip']: strings['import_petscan_category_tip'] = flask.Markup( strings['import_petscan_category_tip'].format( tooltitle = strings['tooltitle'], category = '<i>' + config.citation_needed_category + '</i>')) strings.setdefault('back_to_cancel', '') if strings['back_to_cancel'] and strings['back']: strings['back_to_cancel'] = flask.Markup( strings['back_to_cancel'].format( em_start = '<b>', back = strings['back'], em_end = '</b>')) strings['custom_please_wait'] = flask.Markup( strings.get('custom_please_wait', '').format( tooltitle = strings['tooltitle'])) strings['custom_failed'] = flask.Markup( strings.get('custom_failed', '').format( tooltitle = strings['tooltitle'])) strings.setdefault('custom_notice', '') if strings['custom_notice']: strings['custom_notice'] = flask.Markup( strings['custom_notice'].format( tooltitle = strings['tooltitle'], link_start = _link_start('/' + config.lang_code, ''), link_end = '</a>')) strings['custom_created'] = strings.get( 'custom_created', '').format( tooltitle = strings['tooltitle']) strings.setdefault('js-leaving-custom', '') if strings['js-leaving-custom']: strings['js-leaving-custom'] = ( strings['js-leaving-custom'].format( tooltitle = strings['tooltitle'])) strings.setdefault('custom_end_copy_link', '') if strings['custom_end_copy_link']: strings['custom_end_copy_link'] = flask.Markup( strings['custom_end_copy_link'].format( link_start = _link_start('', ''), link_end = '</a>')) strings.setdefault('select_articles', '') if strings['select_articles']: strings['select_articles'] = strings['select_articles'].format( tooltitle = strings['tooltitle']) strings.setdefault('select_articles_prompt', '') if strings['select_articles_prompt']: strings['select_articles_prompt'] = flask.Markup( strings['select_articles_prompt'].format( em_start = '<b>', em_end = '</b>', tooltitle = strings['tooltitle'])) strings.setdefault('custom_import_prompt', '') if strings['custom_import_prompt']: strings['custom_import_prompt'] = ( strings['custom_import_prompt'].format( tooltitle = strings['tooltitle'])) return strings
def galois_group_data(n, t): return flask.Markup(group_knowl_guts(n, t, db()))
def _link_start(url, target = '_blank'): return flask.Markup('<a target="%s" href="%s">' % (target, url))
def group_character_table_data(n, t): return flask.Markup(group_character_table_knowl_guts(n, t, db()))
def _link(url, title, target = "_blank"): return flask.Markup('%s%s</a>' % (_link_start(url, target), title))
def edit_torrent(torrent_id): torrent = models.Torrent.by_id(torrent_id) form = forms.EditForm(flask.request.form) form.category.choices = _create_upload_category_choices() editor = flask.g.user if not torrent: flask.abort(404) # Only allow admins edit deleted torrents if torrent.deleted and not (editor and editor.is_admin): flask.abort(404) # Only allow torrent owners or admins edit torrents if not editor or not (editor is torrent.user or editor.is_admin): flask.abort(403) if flask.request.method == 'POST' and form.validate(): # Form has been sent, edit torrent with data. torrent.main_category_id, torrent.sub_category_id = \ form.category.parsed_data.get_category_ids() torrent.display_name = (form.display_name.data or '').strip() torrent.information = (form.information.data or '').strip() torrent.description = (form.description.data or '').strip() torrent.hidden = form.is_hidden.data torrent.remake = form.is_remake.data torrent.complete = form.is_complete.data torrent.anonymous = form.is_anonymous.data if editor.is_trusted: torrent.trusted = form.is_trusted.data if editor.is_admin: torrent.deleted = form.is_deleted.data db.session.commit() flask.flash( flask.Markup( 'Torrent has been successfully edited! Changes might take a few minutes to show up.' ), 'info') return flask.redirect( flask.url_for('view_torrent', torrent_id=torrent.id)) else: if flask.request.method != 'POST': # Fill form data only if the POST didn't fail form.category.data = torrent.sub_category.id_as_string form.display_name.data = torrent.display_name form.information.data = torrent.information form.description.data = torrent.description form.is_hidden.data = torrent.hidden form.is_remake.data = torrent.remake form.is_complete.data = torrent.complete form.is_anonymous.data = torrent.anonymous form.is_trusted.data = torrent.trusted form.is_deleted.data = torrent.deleted return flask.render_template('edit.html', form=form, torrent=torrent, editor=editor)
def view_user(user_name): user = models.User.by_username(user_name) if not user: flask.abort(404) admin_form = None ban_form = None bans = None ipbanned = None nuke_form = None if flask.g.user and flask.g.user.is_moderator and flask.g.user.level > user.level: admin_form = forms.UserForm() default, admin_form.user_class.choices = _create_user_class_choices( user) if flask.request.method == 'GET': admin_form.user_class.data = default ban_form = forms.BanForm() nuke_form = forms.NukeForm() if flask.request.method == 'POST': doban = (ban_form.ban_user.data or ban_form.unban.data or ban_form.ban_userip.data) bans = models.Ban.banned(user.id, user.last_login_ip).all() ipbanned = list(filter(lambda b: b.user_ip == user.last_login_ip, bans)) url = flask.url_for('users.view_user', user_name=user.username) if flask.request.method == 'POST' and admin_form and not doban and admin_form.validate( ): selection = admin_form.user_class.data mapping = { 'regular': models.UserLevelType.REGULAR, 'trusted': models.UserLevelType.TRUSTED, 'moderator': models.UserLevelType.MODERATOR } if mapping[selection] != user.level: user.level = mapping[selection] log = "[{}]({}) changed to {} user".format(user_name, url, selection) adminlog = models.AdminLog(log=log, admin_id=flask.g.user.id) db.session.add(adminlog) if admin_form.activate_user.data and not user.is_banned: if user.status != models.UserStatusType.ACTIVE: user.status = models.UserStatusType.ACTIVE adminlog = models.AdminLog( "[{}]({}) was manually activated".format(user_name, url), admin_id=flask.g.user.id) db.session.add(adminlog) flask.flash('{} was manually activated'.format(user_name), 'success') db.session.add(user) db.session.commit() return flask.redirect(url) if flask.request.method == 'POST' and ban_form and doban and ban_form.validate( ): if (ban_form.ban_user.data and user.is_banned) or \ (ban_form.ban_userip.data and ipbanned) or \ (ban_form.unban.data and not user.is_banned and not bans): flask.flash(flask.Markup('What the f**k are you doing?'), 'danger') return flask.redirect(url) user_str = "[{0}]({1})".format(user.username, url) if ban_form.unban.data: action = "unbanned" user.status = models.UserStatusType.ACTIVE db.session.add(user) for ban in bans: if ban.user_ip: user_str += " IP({0})".format(ip_address(ban.user_ip)) db.session.delete(ban) else: action = "banned" user.status = models.UserStatusType.BANNED db.session.add(user) ban = models.Ban(admin_id=flask.g.user.id, user_id=user.id, reason=ban_form.reason.data) db.session.add(ban) if ban_form.ban_userip.data: ban.user_ip = ip_address(user.last_login_ip) user_str += " IP({0})".format(ban.user_ip) ban.user_ip = ban.user_ip.packed log = "User {0} has been {1}.".format(user_str, action) adminlog = models.AdminLog(log=log, admin_id=flask.g.user.id) db.session.add(adminlog) db.session.commit() flask.flash( flask.Markup('User has been successfully {0}.'.format(action)), 'success') return flask.redirect(url) req_args = flask.request.args search_term = chain_get(req_args, 'q', 'term') sort_key = req_args.get('s') sort_order = req_args.get('o') category = chain_get(req_args, 'c', 'cats') quality_filter = chain_get(req_args, 'f', 'filter') page_number = chain_get(req_args, 'p', 'page', 'offset') try: page_number = max(1, int(page_number)) except (ValueError, TypeError): page_number = 1 results_per_page = app.config.get('RESULTS_PER_PAGE', DEFAULT_PER_PAGE) query_args = { 'term': search_term or '', 'user': user.id, 'sort': sort_key or 'id', 'order': sort_order or 'desc', 'category': category or '0_0', 'quality_filter': quality_filter or '0', 'page': page_number, 'rss': False, 'per_page': results_per_page } if flask.g.user: query_args['logged_in_user'] = flask.g.user if flask.g.user.is_moderator: # God mode query_args['admin'] = True # Use elastic search for term searching rss_query_string = _generate_query_string(search_term, category, quality_filter, user_name) use_elastic = app.config.get('USE_ELASTIC_SEARCH') if use_elastic and search_term: query_args['term'] = search_term max_search_results = app.config.get('ES_MAX_SEARCH_RESULT', DEFAULT_MAX_SEARCH_RESULT) # Only allow up to (max_search_results / page) pages max_page = min(query_args['page'], int(math.ceil(max_search_results / results_per_page))) query_args['page'] = max_page query_args['max_search_results'] = max_search_results query_results = search_elastic(**query_args) max_results = min(max_search_results, query_results['hits']['total']) # change p= argument to whatever you change page_parameter to or pagination breaks pagination = Pagination(p=query_args['page'], per_page=results_per_page, total=max_results, bs_version=3, page_parameter='p', display_msg=SERACH_PAGINATE_DISPLAY_MSG) return flask.render_template('user.html', use_elastic=True, pagination=pagination, torrent_query=query_results, search=query_args, user=user, user_page=True, rss_filter=rss_query_string, admin_form=admin_form, ban_form=ban_form, nuke_form=nuke_form, bans=bans, ipbanned=ipbanned) # Similar logic as home page else: if use_elastic: query_args['term'] = '' else: query_args['term'] = search_term or '' query = search_db(**query_args) return flask.render_template('user.html', use_elastic=False, torrent_query=query, search=query_args, user=user, user_page=True, rss_filter=rss_query_string, admin_form=admin_form, ban_form=ban_form, nuke_form=nuke_form, bans=bans, ipbanned=ipbanned)
def view_docs(repo, username=None, namespace=None, filename=None): """ Display the documentation """ if "." in repo: namespace, repo = repo.split(".", 1) repo = pagure.lib.query.get_authorized_project(SESSION, repo, user=username, namespace=namespace) if not repo: flask.abort(404, description="Project not found") if not repo.settings.get("project_documentation", True): flask.abort(404, description="This project has documentation disabled") reponame = repo.repopath("docs") if not os.path.exists(reponame): flask.abort(404, description="Documentation not found") repo_obj = pygit2.Repository(reponame) if not repo_obj.is_empty: commit = repo_obj[repo_obj.head.target] else: flask.abort( 404, flask.Markup( "No content found in the repository, you may want to read " 'the <a href="' 'https://docs.pagure.org/pagure/usage/using_doc.html">' "Using the doc repository of your project</a> documentation."), ) content = None tree = None if not filename: path = [""] else: path = [it for it in filename.split("/") if it] if commit: try: (tree, content, filename) = __get_tree_and_content(repo_obj, commit, path) except pagure.exceptions.FileNotFoundException as err: flask.flash("%s" % err, "error") except Exception as err: _log.exception(err) flask.abort(500, description="Unkown error encountered and reported") if not content: if not tree or not len(tree): flask.abort(404, description="No content found in the repository") html = "<li>" for el in tree: name = el.name # Append a trailing '/' to the folders if el.filemode == 16384: name += "/" html += '<ul><a href="{0}">{1}</a></ul>'.format(name, name) html += "</li>" content = TMPL_HTML.format(content=html) mimetype = "text/html" else: mimetype, _ = pagure.lib.mimetype.guess_type(filename, content) return flask.Response(content, mimetype=mimetype)
def nl2br(text): return flask.Markup('<br>').join(text.splitlines())
def _shorten(addr, n=5): return flask.Markup( '<span class="not-ellipsed">%s</span><span class="ellipsed">%s' '</span>' % (addr, "%s … %s" % (addr[:n], addr[-n:])))
def index(): return flask.render_template("non_escaping_template.txt", text=text, html=flask.Markup(text))
def view_docs(repo, username=None, namespace=None, filename=None): """ Display the documentation """ if '.' in repo: namespace, repo = repo.split('.', 1) repo = pagure.get_authorized_project(SESSION, repo, user=username, namespace=namespace) if not repo: flask.abort(404, 'Project not found') if not repo.settings.get('project_documentation', True): flask.abort(404, 'This project has documentation disabled') reponame = os.path.join(APP.config['DOCS_FOLDER'], repo.path) if not os.path.exists(reponame): flask.abort(404, 'Documentation not found') repo_obj = pygit2.Repository(reponame) if not repo_obj.is_empty: commit = repo_obj[repo_obj.head.target] else: flask.abort( 404, flask.Markup( 'No content found in the repository, you may want to read ' 'the <a href="' 'https://docs.pagure.org/pagure/usage/using_doc.html">' 'Using the doc repository of your project</a> documentation.')) content = None tree = None if not filename: path = [''] else: path = [it for it in filename.split('/') if it] if commit: try: (tree, content, filename) = __get_tree_and_content(repo_obj, commit, path) except pagure.exceptions.FileNotFoundException as err: flask.flash(err.message, 'error') except Exception as err: _log.exception(err) flask.abort(500, 'Unkown error encountered and reported') if not content: if not tree or not len(tree): flask.abort(404, 'No content found in the repository') html = '<li>' for el in tree: name = el.name # Append a trailing '/' to the folders if el.filemode == 16384: name += '/' html += '<ul><a href="{0}">{1}</a></ul>'.format(name, name) html += '</li>' content = TMPL_HTML.format(content=html) mimetype = 'text/html' else: mimetype, _ = pagure.lib.mimetype.guess_type(filename, content) return flask.Response(content, mimetype=mimetype)
def dispatch_request(self): """ Mandatory interface required by the :py:func:`flask.views.View.dispatch_request`. Will be called by the *Flask* framework to service the request. """ form = RegistrationForm( choices_locales = list(flask.current_app.config['MYDOJO_LOCALES'].items()) ) if form.validate_on_submit(): form_data = form.data if form_data[mydojo.const.FORM_ACTION_CANCEL]: self.flash( gettext('Account registration canceled.'), mydojo.const.FLASH_INFO ) return self.redirect( default_url = flask.url_for( flask.current_app.config['MYDOJO_ENDPOINT_HOME'] ) ) if form_data[mydojo.const.FORM_ACTION_SUBMIT]: try: # Populate the user object from form data and make sure the # account has default 'user' role and is disabled by default. item = UserModel() form.populate_obj(item) item.roles = [mydojo.const.ROLE_USER] item.enabled = False self.dbsession.add(item) self.dbsession.commit() # Send information about new account registration to system # admins. Use default locale for email content translations. mail_locale = flask.current_app.config['BABEL_DEFAULT_LOCALE'] with force_locale(mail_locale): msg = flask_mail.Message( gettext( "%(prefix)s Account registration - %(item_id)s", prefix = flask.current_app.config['MAIL_SUBJECT_PREFIX'], item_id = item.login ), recipients = flask.current_app.config['MYDOJO_ADMINS'] ) msg.body = flask.render_template( 'auth_pwd/email_registration_admins.txt', account = item, justification = form_data['justification'] ) MAILER.send(msg) # Send information about new account registration to the user. # Use user`s preferred locale for email content translations. mail_locale = item.locale if not mail_locale: mail_locale = flask.current_app.config['BABEL_DEFAULT_LOCALE'] with force_locale(mail_locale): msg = flask_mail.Message( gettext( "%(prefix)s Account registration - %(item_id)s", prefix = flask.current_app.config['MAIL_SUBJECT_PREFIX'], item_id = item.login ), recipients = [item.email] ) msg.body = flask.render_template( 'auth_pwd/email_registration_user.txt', account = item, justification = form_data['justification'] ) MAILER.send(msg) self.flash( flask.Markup(gettext( 'User account <strong>%(login)s (%(name)s)</strong> was successfully registered.', login = item.login, name = item.fullname )), mydojo.const.FLASH_SUCCESS ) self.logger.info( "New user account '{}' was successfully registered with 'auth_pwd'.".format( item.login ) ) return self.redirect( default_url = flask.url_for( flask.current_app.config['MYDOJO_ENDPOINT_HOME'] ) ) except Exception: # pylint: disable=locally-disabled,broad-except self.flash( gettext('Unable to register new user account.'), mydojo.const.FLASH_FAILURE ) flask.current_app.log_exception_with_label( traceback.TracebackException(*sys.exc_info()), 'Unable to register new user account.', ) self.response_context.update( form_url = flask.url_for('{}.{}'.format( self.module_name, self.get_view_name() )), form = form ) return self.generate_response()