X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;ds=sidebyside;f=geekigeeki.py;h=a7e99ed10121c9af816cfc76eddc0707edeeec94;hb=5f99f96a7a102bb8f2c491dd1e11fe8686c7c0a0;hp=794350389c8def020777bfe47efa8733a001a0f4;hpb=09b5f67a8739349f30bbeff13aeb475131850244;p=geekigeeki.git

diff --git a/geekigeeki.py b/geekigeeki.py
index 7943503..a7e99ed 100755
--- a/geekigeeki.py
+++ b/geekigeeki.py
@@ -85,7 +85,7 @@ def send_guru(msg_text, msg_type):
         print '    Software Failure.  Press left mouse button to continue.\n'
     print msg_text
     if msg_type == 'error':
-        print '      Guru Meditation #DEADBEEF.ABADC0DE'
+        print '\n      Guru Meditation #DEADBEEF.ABADC0DE'
     print '</pre>'
     # FIXME: This little JS snippet is harder to pass than ACID 3.0 
     print """
@@ -179,6 +179,11 @@ def send_title(name, text="Limbo", msg_text=None, msg_type='error', writable=Fal
 
     print '<hr /></div>'
 
+def send_httperror(status="403 Not Found", query=""):
+    print "Status: %s" % status
+    send_title(None, msg_text=("%s: on query '%s'" % (status, query)))
+    send_footer(None)
+
 def link_tag(params, text=None, ss_class=None, privileged=False):
     if text is None:
         text = params # default
@@ -240,9 +245,17 @@ def print_search_stats(hits, searched):
     print "<p>%d hits out of %d pages searched.</p>" % (hits, searched)
 
 def handle_raw(pagename):
+    if not file_re.match(pagename):
+        send_httperror("403 Forbidden", pagename)
+        return
+
     Page(pagename).send_raw()
 
 def handle_edit(pagename):
+    if not file_re.match(pagename):
+        send_httperror("403 Forbidden", pagename)
+        return
+
     pg = Page(pagename)
     if 'save' in form:
         if form['file'].value:
@@ -694,19 +707,25 @@ class Page:
             + ' for ' + cgi.escape(remote_user())
             + ' from ' + cgi.escape(get_hostname(remote_host()))
             + '</b></p>')
-        print '<div class="editor"><form method="post" enctype="multipart/form-data" action="%s">' % relative_url(self.page_name)
+        print '<div class="editor"><form name="editform" method="post" enctype="multipart/form-data" action="%s">' % relative_url(self.page_name)
         print '<input type="hidden" name="edit" value="%s">' % (self.page_name)
-        print '<textarea wrap="off" spellcheck="true" id="editor" name="savetext" rows="17" cols="100">%s</textarea>' % (preview or self.get_raw_body())
-        print 'Or upload a file: <input type="file" name="file" value="%s" />' % file
+        print '<input type="input" id="editor" name="changelog" value="Edit page %s" accesskey="c" /><br />' % (self.page_name)
+        print '<textarea wrap="off" spellcheck="true" id="editor" name="savetext" rows="17" cols="100" accesskey="e">%s</textarea>' % (preview or self.get_raw_body())
+        print '<label for="file" accesskey="u">Or Upload a file:</label> <input type="file" name="file" value="%s" />' % file
         print """
             <br />
-            <input type="submit" name="save" value="Save" />
-            <input type="submit" name="preview" value="Preview" />
+            <input type="submit" name="save" value="Save" accesskey="s">
+            <input type="submit" name="preview" value="Preview" accesskey="p" />
             <input type="reset" value="Reset" />
             <input type="submit" name="cancel" value="Cancel" />
-            <br />"""
-	print "Changelog: <input type=\"input\" name=\"changelog\" value=\"Edit page %s\"/>" % self.page_name
-	print"</form></div>"
+            <br />
+            </form></div>
+            <script language="javascript">
+            <!--
+            document.editform.savetext.focus()
+            //-->
+            </script>
+            """
         print "<p>" + Page('EditingTips').link_to() + "</p>"
         if preview:
             print "<div class='preview'>"
@@ -805,9 +824,7 @@ try:
                 else:
                     Page(query).format()
         else:
-            print "Status: 404 Not Found"
-            send_title(None, msg_text='Can\'t work out query: ' + query)
-            send_footer(None)
+            send_httperror("403 Forbidden", query)
 except Exception:
     import traceback
     msg_text = traceback.format_exc()