def publicObject(toObject, defs, action=None, get=None):
if 'request_token' in session and 'login' in session:
request_token = request.cookies.get('request_token')
if session['request_token'] != request_token:
if session['login'] != False:
session['login'] = False
cache.set('dologin', True)
return redirect('/login')
if not get: get = get_input()
if action: get.action = action
if hasattr(get, 'path'):
get.path = get.path.replace('//', '/').replace('\\', '/')
if get.path.find('->') != -1:
get.path = get.path.split('->')[0].strip()
not_acts = [
'GetTaskSpeed', 'GetNetWork', 'check_pay_status',
'get_re_order_status', 'get_order_stat'
]
for key in defs:
if key == get.action:
fun = 'toObject.' + key + '(get)'
if not key in not_acts: public.write_request_log()
if hasattr(get, 'html') or hasattr(get, 's_module'):
return eval(fun)
else:
return public.GetJson(eval(fun)), json_header
return public.ReturnJson(False, 'ARGS_ERR'), json_header
def publicObject(toObject,defs,action=None,get = None):
if 'request_token' in session and 'login' in session:
if not check_csrf(): return public.ReturnJson(False,'Csrf-Token error.'),json_header
if not get: get = get_input()
if action: get.action = action
if hasattr(get,'path'):
get.path = get.path.replace('//','/').replace('\\','/');
if get.path.find('./') != -1: return public.ReturnJson(False,public.GetMsg("UNSAFE_PATH")),json_header
if get.path.find('->') != -1:
get.path = get.path.split('->')[0].strip();
if hasattr(get,'sfile'):
get.sfile = get.sfile.replace('//','/').replace('\\','/');
if hasattr(get,'dfile'):
get.dfile = get.dfile.replace('//','/').replace('\\','/');
if hasattr(toObject,'site_path_check'):
if not toObject.site_path_check(get): return public.ReturnJson(False,'Excessive operation!'),json_header
for key in defs:
if key == get.action:
fun = 'toObject.'+key+'(get)'
if hasattr(get,'html') or hasattr(get,'s_module'):
return eval(fun)
else:
return public.GetJson(eval(fun)),json_header
return public.ReturnJson(False,'ARGS_ERR'),json_header
def publicObject(toObject,defs,action=None,get = None):
if 'request_token' in session and 'login' in session:
if not check_csrf(): return public.ReturnJson(False,'CSRF校验失败,请重新登录面板'),json_header
if not get: get = get_input()
if action: get.action = action
if hasattr(get,'path'):
get.path = get.path.replace('//','/').replace('\\','/');
if get.path.find('./') != -1: return public.ReturnJson(False,'不安全的路径'),json_header
if get.path.find('->') != -1:
get.path = get.path.split('->')[0].strip();
if hasattr(toObject,'site_path_check'):
if not toObject.site_path_check(get): return public.ReturnJson(False,'越权的操作!'),json_header
for key in defs:
if key == get.action:
fun = 'toObject.'+key+'(get)'
if hasattr(get,'html') or hasattr(get,'s_module'):
return eval(fun)
else:
return public.GetJson(eval(fun)),json_header
return public.ReturnJson(False,'ARGS_ERR'),json_header
def publicObject(toObject,defs,action=None,get = None):
if 'request_token' in session and 'login' in session:
if not check_csrf(): return public.ReturnJson(False,'Csrf-Token error.'),json_header
if not get: get = get_input()
if action: get.action = action
if hasattr(get,'path'):
get.path = get.path.replace('//','/').replace('\\','/');
if get.path.find('..') != -1: return public.ReturnJson(False,public.GetMsg("UNSAFE_PATH")),json_header
if get.path.find('->') != -1:
get.path = get.path.split('->')[0].strip();
not_acts = ['GetTaskSpeed','GetNetWork','check_pay_status','get_re_order_status','get_order_stat']
for key in defs:
if key == get.action:
fun = 'toObject.'+key+'(get)'
if not key in not_acts: public.write_request_log()
if hasattr(get,'html') or hasattr(get,'s_module'):
return eval(fun)
else:
return public.GetJson(eval(fun)),json_header
return public.ReturnJson(False,'ARGS_ERR'),json_header