X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=geekigeeki.py;h=0c1423a97d7534e64d9e9da53cf64e3578e641a5;hb=71ec383a3cf5f913055172eb966f3b95ea7fa8d3;hp=57992d288b93eb1774a2a82ce051dba49cfea5ab;hpb=10a9870db7d40c7375470061274902fc9f38f3a6;p=geekigeeki.git diff --git a/geekigeeki.py b/geekigeeki.py index 57992d2..0c1423a 100755 --- a/geekigeeki.py +++ b/geekigeeki.py @@ -154,8 +154,7 @@ def link_tag(params, text=None, ss_class=None, authentication=False): classattr = '' if ss_class: classattr += 'class="%s" ' % ss_class - # Prevent crawlers from following links to generated pages - # and links added by potential spammers + # Prevent crawlers from following links potentially added by spammers or to generated pages if ss_class == 'external' or ss_class == 'navlink': classattr += 'rel="nofollow" ' if authentication: @@ -220,9 +219,6 @@ def do_raw(pagename): Page(pagename).send_raw() def do_savepage(pagename): - if privileged_url is None: - raise 'editing disallowed for ' + pagename - global form pg = Page(pagename) if 'preview' in form: @@ -231,7 +227,7 @@ def do_savepage(pagename): pg.save_text(form['savetext'].value) pg.send_page() elif 'cancel' in form: - pg.msg = 'Editing cancelled' + pg.msg = 'Editing canceled' pg.msg_type = 'notice' pg.send_page() else: @@ -264,10 +260,10 @@ def send_footer(name, mod_string=None): # ---------------------------------------------------------- # Macros -def _macro_TitleSearch(): +def _macro_TitleSearch(*vargs): return _macro_search("titlesearch") -def _macro_FullSearch(): +def _macro_FullSearch(*vargs): return _macro_search("fullsearch") def _macro_search(type): @@ -275,9 +271,9 @@ def _macro_search(type): default = form["value"].value else: default = '' - return """
""" % (type, default) + return """
""" % (type, default) -def _macro_WordIndex(): +def _macro_WordIndex(*vargs): s = make_index_key() pages = list(page_list()) map = {} @@ -310,7 +306,7 @@ def _macro_WordIndex(): return s -def _macro_TitleIndex(): +def _macro_TitleIndex(*vargs): s = make_index_key() pages = list(page_list()) pages.sort() @@ -337,6 +333,7 @@ class PageFormatter: self.raw = raw self.is_em = self.is_b = 0 self.h_level = 0 + self.h_count = 0 self.list_indents = [] self.in_pre = False self.in_table = False @@ -354,60 +351,61 @@ class PageFormatter: def _tit_repl(self, word): if self.h_level: - result = "" % self.h_level + result = '' % self.h_level self.h_level = 0 else: self.h_level = len(word) - 1 - result = "" % self.h_level + self.h_count += 1 + result = '* ' % (self.h_level, self.h_count, self.h_count) return result def _rule_repl(self, word): - s = self._undent() - if len(word) <= 3: - s = s + "\n
\n" - else: - s = s + "\n
\n" % (len(word) - 2 ) - return s + return self._undent() + '\n
\n' % (len(word) - 2) def _word_repl(self, word): return Page(word).link_to() def _img_repl(self, word): - return '' % (script_name(), word) + path = script_name() + '/' + word; + return '' % (path, path) def _url_repl(self, word): if img_re.match(word): - return '' % word + return '' % (word, word) else: return '%s' % (word, word) def _hurl_repl(self, word): - m = re.compile("\[\[(\S+)\ (.+)\]\]").match(word) - anchor = m.group(1) - descr = m.group(2) - if img_re.match(anchor): - return '%s' % (anchor, descr) - elif url_re.match(anchor): - return '%s' % (anchor, descr) - elif anchor.startswith('/'): - return '%s' % (anchor, descr) + m = re.compile("\[\[(\S+)([^\]]*)\]\]").match(word) + name = m.group(1) + descr = m.group(2).strip() or name + + macro = globals().get('_macro_' + name) + if macro: + return apply(macro, (name, descr)) + elif img_re.match(name): + return '%s' % (name, name, descr) + elif url_re.match(name): + return '%s' % (name, descr) + elif name.startswith('/'): + return '%s' % (name, descr) else: - return link_tag(anchor, descr) + return link_tag(name, descr) def _email_repl(self, word): return '%s' % (word, word) + def _html_repl(self, word): + return word; # Pass through def _ent_repl(self, s): return {'&': '&', '<': '<', '>': '>'}[s] - def _li_repl(self, match): return '
  • ' - def _pre_repl(self, word): if word == '{{{' and not self.in_pre: self.in_pre = True @@ -454,11 +452,6 @@ class PageFormatter: return '' return '' - def _macro_repl(self, word): - macro_name = word[2:-2] - # TODO: Somehow get the default value into the search field - return apply(globals()['_macro_' + macro_name], ()) - def _indent_level(self): return len(self.list_indents) and self.list_indents[-1] @@ -490,7 +483,7 @@ class PageFormatter: raise "Can't handle match " + `match` def print_html(self): - print "

    " + print '

    ' # For each line, we scan through looking for magic # strings, outputting verbatim any intervening text @@ -501,14 +494,15 @@ class PageFormatter: + r"(?P'{2,3})" + r"|(?P\={2,6})" + r"|(?P^-{3,})" + + r"|(?P<(/|)(div|span|iframe)[^<>]*>)" + r"|(?P[<>&])" + r"|(?P\b(FIXME|TODO|DONE)\b)" # Links + r"|(?P\b[a-zA-Z0-9_-]+\.(png|gif|jpg|jpeg|bmp))" + r"|(?P\b(?:[A-Z][a-z]+){2,}\b)" - + r"|(?P\[\[\S+\s+.+\]\])" - + r"|(?P(http|ftp|nntp|news|mailto)\:[^\s'\"]+\S)" + + r"|(?P\[\[\S+[^\]]*\]\])" + + r"|(?P(http|https|ftp|mailto)\:[^\s'\"]+\S)" + r"|(?P[-\w._+]+\@[\w.-]+)" # Lists, divs, spans @@ -520,9 +514,6 @@ class PageFormatter: + r"|(?P^\s*\|\|\s*)" + r"|(?P\s*\|\|\s*$)" + r"|(?P\s*\|\|\s*)" - - # Macros - + r"|(?P\[\[(TitleSearch|FullSearch|WordIndex|TitleIndex)\]\])" + r")") pre_re = re.compile( r"(?:" @@ -557,7 +548,7 @@ class PageFormatter: if self.in_pre: print '' if self.in_table: print '

    ' print self._undent() - print "

    " + print '

    ' # ---------------------------------------------------------- class Page: @@ -598,7 +589,6 @@ class Page: else: return link_tag(word, word, 'nonexistent') - def get_raw_body(self): try: return open(self._text_filename(), 'rt').read() @@ -626,27 +616,38 @@ class Page: raise er return self.attrs - def can_edit(self): + def can(self, action, default=True): attrs = self.get_attrs() try: # SomeUser:read,write All:read acl = attrs["acl"] for rule in acl.split(): - (user,perms) = acl.split(':') + (user,perms) = rule.split(':') if user == remote_user() or user == "All": - if 'write' in perms.split(','): + if action in perms.split(','): return True + else: + return False return False - except: + except Exception, er: pass - return True + return default + + def can_write(self): + return self.can("write", True) + + def can_read(self): + return self.can("read", True) def send_page(self): page_name = None - if self.can_edit(): + if self.can_write(): page_name = self.page_name send_title(page_name, self.split_title(), msg=self.msg, msg_type=self.msg_type) - PageFormatter(self.get_raw_body()).print_html() + if self.can_read(): + PageFormatter(self.get_raw_body()).print_html() + else: + send_guru("Read access denied by ACLs", "notice") send_footer(page_name, self._last_modified()) def _last_modified(self): @@ -658,6 +659,9 @@ class Page: def send_editor(self, preview=None): send_title(None, 'Edit ' + self.split_title(), msg=self.msg, msg_type=self.msg_type) + if not self.can_write(): + send_guru("Write access denied by ACLs", "error") + return print ('

    Editing ' + self.page_name + ' for ' + cgi.escape(remote_user()) @@ -682,6 +686,9 @@ class Page: send_footer(self.page_name) def send_raw(self): + if not self.can_read(): + send_title(None, msg='Read access denied by ACLs', msg_type='notice') + return emit_header("text/plain") print self.get_raw_body() @@ -698,6 +705,11 @@ class Page: os.rename(tmp_filename, text) def save_text(self, newtext): + if not self.can_write(): + self.msg = 'Write access denied by ACLs' + self.msg_type = 'error' + return + self._write_file(newtext) rc = 0 if post_edit_hook: @@ -716,7 +728,7 @@ class Page: if msg: self.msg += 'Output follows:\n' + msg else: - self.msg = 'Thankyou for your contribution. Your attention to detail is appreciated.' + self.msg = 'Thank you for your contribution. Your attention to detail is appreciated.' self.msg_type = 'success' def send_verbatim(filename, mime_type='application/octet-stream'): @@ -730,8 +742,7 @@ try: # Configuration values site_name = 'Codewiz' - # set to None for read-only sites - # leave empty ('') to allow anonymous edits + # set to None for read-only sites, leave empty ('') to allow anonymous edits # otherwise, set to a URL that requires authentication privileged_url = 'https://www.codewiz.org/~bernie/wiki'