X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;ds=sidebyside;f=geekigeeki.py;h=4450aead0d3617848117f6c7ad6098a758b8877d;hb=042882ca5918a6f84a176e4ef9dc19428ac4566f;hp=dba75a28afe2493b8cf42f06ac92b5614a630d85;hpb=6ea5bc45761e688cc888c7a17a6399b31d04bcc7;p=geekigeeki.git diff --git a/geekigeeki.py b/geekigeeki.py index dba75a2..4450aea 100755 --- a/geekigeeki.py +++ b/geekigeeki.py @@ -24,46 +24,54 @@ from time import clock start_time = clock() import cgi, sys, os, re, errno, stat -from os import path, environ # Regular expression defining a WikiWord # (but this definition is also assumed in other places) word_re = re.compile(r"^\b((([A-Z][a-z0-9]+){2,}/)*([A-Z][a-z0-9]+){2,})\b$") # FIXME: we accept stuff like foo/../bar and we shouldn't file_re = re.compile(r"^\b([A-Za-z0-9_\-][A-Za-z0-9_\.\-/]*)\b$") -img_re = re.compile(r"^.*\.(png|gif|jpg|jpeg)$", re.IGNORECASE) +img_re = re.compile(r"^.*\.(png|gif|jpg|jpeg|bmp|ico|ogm|ogg|mkv|mpg|mpeg|mp4|avi|asf|flv|wmv|qt)$", re.IGNORECASE) +video_re = re.compile(r"^.*\.(ogm|ogg|mkv|mpg|mpeg|mp4|avi|asf|flv|wmv|qt)$", re.IGNORECASE) url_re = re.compile(r"^[a-z]{3,8}://[^\s'\"]+\S$") link_re = re.compile("(?:\[\[|{{)([^\s\|]+)(?:\s*\|\s*([^\]]+)|)(?:\]\]|}})") title_done = False - # CGI stuff --------------------------------------------------------- - def script_name(): - return environ.get('SCRIPT_NAME', '') + return os.environ.get('SCRIPT_NAME', '') + +def query_string(): + path_info = os.environ.get('PATH_INFO', '') + if len(path_info) and path_info[0] == '/': + return path_info[1:] or 'FrontPage' + else: + return os.environ.get('QUERY_STRING', '') or 'FrontPage' def privileged_path(): return privileged_url or script_name() def remote_user(): - user = environ.get('REMOTE_USER', '') + user = os.environ.get('REMOTE_USER', '') if user is None or user == '' or user == 'anonymous': user = 'AnonymousCoward' return user def remote_host(): - return environ.get('REMOTE_ADDR', '') + return os.environ.get('REMOTE_ADDR', '') def get_hostname(addr): try: from socket import gethostbyaddr return gethostbyaddr(addr)[0] + ' (' + addr + ')' - except Exception, er: + except Exception: return addr +def is_external_url(pathname): + return (url_re.match(pathname) or pathname.startswith('/')) + def relative_url(pathname, privileged=False): - if not (url_re.match(pathname) or pathname.startswith('/')): + if not is_external_url(pathname): if privileged: url = privileged_path() else: @@ -78,6 +86,13 @@ def permalink(s): def emit_header(mime_type="text/html"): print "Content-type: " + mime_type + "; charset=utf-8\n" +def sendfile(dest_file, src_file): + """Efficiently copy file data between file descriptors""" + while 1: + data = src_file.read(65536) + if not data: break + dest_file.write(data) + def send_guru(msg_text, msg_type): if not msg_text: return print '
' @@ -85,32 +100,14 @@ def send_guru(msg_text, msg_type): print ' Software Failure. Press left mouse button to continue.\n' print msg_text if msg_type == 'error': - print ' Guru Meditation #DEADBEEF.ABADC0DE' + print '\n Guru Meditation #DEADBEEF.ABADC0DE' print '' - # FIXME: This little JS snippet is harder to pass than ACID 3.0 - print """ - """ + try: + sendfile(sys.stdout, open('gurumeditation.js', 'rb')) + except IOError, err: + pass -def send_title(name, text="Limbo", msg_text=None, msg_type='error'): +def send_title(name, text="Limbo", msg_text=None, msg_type='error', writable=False): global title_done if title_done: return @@ -120,17 +117,31 @@ def send_title(name, text="Limbo", msg_text=None, msg_type='error'): print ' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">' print '' - site_name = globals().get('site_name', 'Unconfigured Site') print "
' + Page(page_name).link_to() + print '
' + link_tag(page_name) print ' . . . . ' + `count` print ['match', 'matches'][count != 1] print '
' + Page(filename).link_to() + "
' + link_tag(filename) + "
%d hits out of %d pages searched.
" % (hits, searched) def handle_raw(pagename): + if not file_re.match(pagename): + send_httperror("403 Forbidden", pagename) + return + Page(pagename).send_raw() def handle_edit(pagename): + if not file_re.match(pagename): + send_httperror("403 Forbidden", pagename) + return + pg = Page(pagename) if 'save' in form: if form['file'].value: - pg.save(form['file'].file.read()) + pg.save(form['file'].file.read(), form['changelog'].value) else: - pg.save(form['savetext'].value.replace('\r\n', '\n')) + pg.save(form['savetext'].value.replace('\r\n', '\n'), form['changelog'].value) pg.format() elif 'cancel' in form: pg.msg_text = 'Editing canceled' @@ -249,18 +286,21 @@ def make_index_key(): links = map(lambda ch: '%s' % (ch, ch), 'abcdefghijklmnopqrstuvwxyz') return '