X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=geekigeeki.py;h=f403885ec31c77a88853dd1163e673398531ad4c;hb=b17bc44fb398f4ed071ed0028fd4f2bdf05e9b94;hp=b34f152188b0544747471a796258d521f9eb0aba;hpb=014d5c705784bfe7b47731ad5cc50568fc5e63cf;p=geekigeeki.git

diff --git a/geekigeeki.py b/geekigeeki.py
index b34f152..f403885 100755
--- a/geekigeeki.py
+++ b/geekigeeki.py
@@ -28,8 +28,9 @@ from os import path, environ
 
 # Regular expression defining a WikiWord
 # (but this definition is also assumed in other places)
-file_re = re.compile(r"^\b([A-Za-z0-9_\.\-/]+)\b$")
 word_re = re.compile(r"^\b((([A-Z][a-z]+){2,}/)*([A-Z][a-z]+){2,})\b$")
+# FIXME: we accept stuff like foo/../bar and we shouldn't
+file_re = re.compile(r"^\b([A-Za-z0-9_\-][A-Za-z0-9_\.\-/]*)\b$")
 img_re = re.compile(r"^.*\.(png|gif|jpg|jpeg)$", re.IGNORECASE)
 url_re = re.compile(r"^[a-z]{3,8}://[^\s'\"]+\S$")
 
@@ -136,14 +137,13 @@ def send_title(name, text="Limbo", msg_text=None, msg_type='error'):
 
     # Navbar
     print '<div class="nav">'
-    print '  <b>' + site_name + ': ',
     if name:
-        print link_tag('?fullsearch=' + name, text, 'navlink') + '</b> '
+        print '  <b>' + link_tag('?fullsearch=' + name, text, 'navlink') + '</b> '
     else:
-        print text + '</b> '
+        print '  <b>' + text + '</b> '
     print ' | ' + link_tag('FrontPage', 'Front Page', 'navlink')
     print ' | ' + link_tag('FindPage', 'Find Page', 'navlink')
-    if globals().has_key('history_url'):
+    if 'history_url' in globals():
         print ' | <a href="' + history_url + '" class="navlink">Recent Changes</a>'
         if name:
             print ' | <a href="' + history_url + '?a=history;f=' + name + '" class="navlink">Page History</a>'
@@ -176,7 +176,7 @@ def link_tag(params, text=None, ss_class=None, privileged=False):
 
 # Search ---------------------------------------------------
 
-def do_fullsearch(needle):
+def handle_fullsearch(needle):
     send_title(None, 'Full text search for "%s"' % (needle))
 
     needle_re = re.compile(needle, re.IGNORECASE)
@@ -203,7 +203,7 @@ def do_fullsearch(needle):
 
     print_search_stats(len(hits), len(all_pages))
 
-def do_titlesearch(needle):
+def handle_titlesearch(needle):
     # TODO: check needle is legal -- but probably we can just accept any RE
     send_title(None, "Title search for \"" + needle + '"')
 
@@ -221,22 +221,26 @@ def do_titlesearch(needle):
 def print_search_stats(hits, searched):
     print "<p>%d hits out of %d pages searched.</p>" % (hits, searched)
 
-def do_raw(pagename):
+def handle_raw(pagename):
     Page(pagename).send_raw()
 
-def do_edit(pagename):
+def handle_edit(pagename):
     pg = Page(pagename)
-    if 'preview' in form:
-        pg.send_editor(form['savetext'].value)
-    elif 'save' in form:
-        pg.save_text(form['savetext'].value)
+    if 'save' in form:
+        if form['file'].value:
+            pg.save(form['file'].file.read())
+        else:
+            pg.save(form['savetext'].value.replace('\r\n', '\n'))
         pg.send_page()
     elif 'cancel' in form:
         pg.msg_text = 'Editing canceled'
         pg.msg_type = 'notice'
         pg.send_page()
-    else:
-        pg.send_editor()
+    else: # preview or edit
+        text = None
+        if 'preview' in form:
+            text = form['savetext'].value
+        pg.send_editor(text)
 
 def make_index_key():
     links = map(lambda ch: '<a href="#%s">%s</a>' % (ch, ch), 'abcdefghijklmnopqrstuvwxyz')
@@ -248,7 +252,7 @@ def page_list():
 def send_footer(name, mod_string=None):
     if globals().get('debug_cgi', False):
         cgi.print_arguments()
-        cgi.print_form(cgi.FieldStorage())
+        cgi.print_form(form)
         cgi.print_environ()
     print '<div id="footer"><hr />'
     print ('<p class="copyright"><span class="benchmark">generated in %0.3fs</span>' +
@@ -267,10 +271,9 @@ def _macro_FullSearch(*vargs):
     return _macro_search("fullsearch")
 
 def _macro_search(type):
-    if form.has_key('value'):
-        default = form["value"].value
-    else:
-        default = ''
+    default = ''
+    if 'value' in form:
+        default = form['value'].value
     return """<form method="get"><input name="%s" size="30" value="%s" /><input type="submit" value="Search" /></form>""" % (type, default)
 
 def _macro_WordIndex(*vargs):
@@ -335,7 +338,7 @@ class PageFormatter:
         self.in_pre = self.in_table = False
         self.in_header = True
         self.list_indents = []
-        self.tr_cnt = self.h_cnt = 0
+        self.tr_cnt = 0
         self.styles = {
             #wiki   html   enabled?
             "//":  ["em",  False],
@@ -360,9 +363,8 @@ class PageFormatter:
             self.h_level = 0
         else:
             self.h_level = len(word) - 1
-            self.h_cnt += 1
-            #abridged = re.sub('[^a-z_]', '', word.lower().replace(' ', '_'))
-            result = '<h%d id="%d"><a class="heading" href="#%d">¶</a> ' % (self.h_level, self.h_cnt, self.h_cnt)
+            abridged = re.sub('[^A-Za-z0-9_]', '', self.line).lower()
+            result = '<h%d id="%s"><a class="heading" href="#%s">¶</a> ' % (self.h_level, abridged, abridged)
         return result
 
     def _br_repl(self, word):
@@ -391,7 +393,7 @@ class PageFormatter:
 
         macro = globals().get('_macro_' + name)
         if macro:
-            return apply(macro, (name, descr))
+            return macro(name, descr)
         elif img_re.match(name):
             name = relative_url(name)
             # The "extthumb" nonsense works around a limitation of the HTML block model
@@ -474,7 +476,7 @@ class PageFormatter:
     def replace(self, match):
         for type, hit in match.groupdict().items():
             if hit:
-                return apply(getattr(self, '_' + type + '_repl'), (hit,))
+                return getattr(self, '_' + type + '_repl')(hit)
         else:
             raise "Can't handle match " + `match`
 
@@ -520,26 +522,26 @@ class PageFormatter:
         indent_re = re.compile(r"^\s*")
         tr_re = re.compile(r"^\s*\|\|")
         eol_re = re.compile(r"\r?\n")
-        for line in eol_re.split(self.raw.expandtabs()):
+        for self.line in eol_re.split(self.raw.expandtabs()):
             # Skip ACLs
             if self.in_header:
-                if line.startswith('#'):
+                if self.line.startswith('#'):
                     continue
                 self.in_header = False
 
             if self.in_pre:
-                print re.sub(pre_re, self.replace, line)
+                print re.sub(pre_re, self.replace, self.line)
             else:
-                if self.in_table and not tr_re.match(line):
+                if self.in_table and not tr_re.match(self.line):
                     self.in_table = False
                     print '</tbody></table><p>'
 
-                if blank_re.match(line):
+                if blank_re.match(self.line):
                     print '</p><p>'
                 else:
-                    indent = indent_re.match(line)
+                    indent = indent_re.match(self.line)
                     print self._indent_to(len(indent.group(0)))
-                    print re.sub(scan_re, self.replace, line)
+                    print re.sub(scan_re, self.replace, self.line)
 
         if self.in_pre: print '</pre>'
         if self.in_table: print '</tbody></table><p>'
@@ -590,7 +592,7 @@ class Page:
             raise er
 
     def get_attrs(self):
-        if self.__dict__.has_key('attrs'):
+        if 'attrs' in self.__dict__:
             return self.attrs
         self.attrs = {}
         try:
@@ -620,7 +622,8 @@ class Page:
                     return action in perms.split(',')
             return False
         except Exception, er:
-            pass
+            if acl:
+                self.msg_text = 'Illegal acl line: ' + acl
         return default
 
     def can_write(self):
@@ -661,13 +664,18 @@ class Page:
             send_guru("Write access denied by ACLs", "error")
             return
 
+        file = ''
+        if 'file' in form:
+            file = form['file'].value
+
         print ('<p><b>Editing ' + self.page_name
             + ' for ' + cgi.escape(remote_user())
             + ' from ' + cgi.escape(get_hostname(remote_host()))
             + '</b></p>')
-        print '<div class="editor"><form method="post" action="%s">' % relative_url(self.page_name)
+        print '<div class="editor"><form method="post" enctype="multipart/form-data" action="%s">' % relative_url(self.page_name)
         print '<input type="hidden" name="edit" value="%s">' % (self.page_name)
-        print """<textarea wrap="off" spellcheck="true" id="editor" name="savetext" rows="17" cols="100">%s</textarea>""" % (preview or self.get_raw_body())
+        print '<textarea wrap="off" spellcheck="true" id="editor" name="savetext" rows="17" cols="100">%s</textarea>' % (preview or self.get_raw_body())
+        print 'Or upload a file: <input type="file" name="file" value="%s" />' % file
         print """
             <br />
             <input type="submit" name="save" value="Save" />
@@ -691,25 +699,25 @@ class Page:
         else:
             send_title(None, msg_text='Read access denied by ACLs', msg_type='notice')
 
-    def _write_file(self, text):
+    def _write_file(self, data):
         tmp_filename = self._tmp_filename()
-        open(tmp_filename, 'wt').write(text.replace('\r\n', '\n'))
-        text = self._text_filename()
+        open(tmp_filename, 'wb').write(data)
+        name = self._text_filename()
         if os.name == 'nt':
             # Bad Bill!  POSIX rename ought to replace. :-(
             try:
-                os.remove(text)
+                os.remove(name)
             except OSError, er:
                 if er.errno != errno.ENOENT: raise er
-        os.rename(tmp_filename, text)
+        os.rename(tmp_filename, name)
 
-    def save_text(self, newtext):
+    def save(self, newdata):
         if not self.can_write():
             self.msg_text = 'Write access denied by ACLs'
             self.msg_type = 'error'
             return
 
-        self._write_file(newtext)
+        self._write_file(newdata)
         rc = 0
         if post_edit_hook:
             # FIXME: what's the std way to perform shell quoting in python?
@@ -734,16 +742,11 @@ class Page:
 try:
     execfile("geekigeeki.conf.py")
     form = cgi.FieldStorage()
-    handlers = {
-        'fullsearch':  do_fullsearch,
-        'titlesearch': do_titlesearch,
-        'edit':        do_edit,
-        'raw':         do_raw,
-    }
-
-    for cmd in handlers.keys():
-        if form.has_key(cmd):
-            apply(handlers[cmd], (form[cmd].value,))
+
+    for cmd in form:
+        handler = globals().get('handle_' + cmd)
+        if handler:
+            handler(form[cmd].value)
             break
     else:
         path_info = environ.get('PATH_INFO', '')
@@ -755,14 +758,15 @@ try:
         if file_re.match(query):
             if word_re.match(query):
                 Page(query).send_page()
-            elif img_re.match(query):
-                #FIXME: use correct mime type
-                Page(query).send_raw(mimetype='image/jpeg')
             else:
-                Page(query).send_raw(mimetype='application/octet-stream')
+                from mimetypes import MimeTypes
+                type, encoding = MimeTypes().guess_type(query)
+                type = type or 'text/plain'
+                Page(query).send_raw(mimetype=type)
         else:
             print "Status: 404 Not Found"
             send_title(None, msg_text='Can\'t work out query: ' + query)
+            send_footer(None)
 except Exception:
     import traceback
     msg_text = traceback.format_exc()