annotate MoinMoin/action/AttachFile.py @ 5948:378bfb1d0eec

AttachList: introduced search_term parameter (optional) for listing attachments by a regular expression
author Reimar Bauer <rb.proj AT googlemail DOT com>
date Fri, 08 Mar 2013 08:39:57 +0100
parents 3c27131a3c52
children 3460b27e7f3e
rev   line source
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1 # -*- coding: iso-8859-1 -*-
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
2 """
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
3 MoinMoin - AttachFile action
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
4
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
5 This action lets a page have multiple attachment files.
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
6 It creates a folder <data>/pages/<pagename>/attachments
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
7 and keeps everything in there.
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
8
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
9 Form values: action=Attachment
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
10 1. with no 'do' key: returns file upload form
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
11 2. do=attach: accept file upload and saves the file in
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
12 ../attachment/pagename/
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
13 3. /pagename/fname?action=Attachment&do=get[&mimetype=type]:
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
14 return contents of the attachment file with the name fname.
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
15 4. /pathname/fname, do=view[&mimetype=type]:create a page
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
16 to view the content of the file
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
17
3073
78c516164e01 attachment links now require double brackets
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3040
diff changeset
18 To link to an attachment, use [[attachment:file.txt]],
78c516164e01 attachment links now require double brackets
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3040
diff changeset
19 to embed an attachment, use {{attachment:file.png}}.
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
20
1911
0b2ad3099fcf AttachFile.size to reduce code duplication, fixed docstring
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1910
diff changeset
21 @copyright: 2001 by Ken Sugino (sugino@mediaone.net),
1918
bb2e053067fb fixing copyright headers: remove umlauts (encoding troubles), make epydoc compatible, reformat
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1911
diff changeset
22 2001-2004 by Juergen Hermann <jh@web.de>,
1911
0b2ad3099fcf AttachFile.size to reduce code duplication, fixed docstring
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1910
diff changeset
23 2005 MoinMoin:AlexanderSchremmer,
0b2ad3099fcf AttachFile.size to reduce code duplication, fixed docstring
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1910
diff changeset
24 2005 DiegoOngaro at ETSZONE (diego@etszone.com),
5948
378bfb1d0eec AttachList: introduced search_term parameter (optional) for listing attachments by a regular expression
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5912
diff changeset
25 2005-2013 MoinMoin:ReimarBauer,
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
26 2007-2008 MoinMoin:ThomasWaldmann
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
27 @license: GNU GPL, see COPYING for details.
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
28 """
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
29
4626
25532a36f2b5 AttachFile: reordered imports
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4599
diff changeset
30 import os, time, zipfile, errno, datetime
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
31 from StringIO import StringIO
2490
111868e5cb21 Regenerate xapian index on added attachment, fix PageDeletedEvent, fix header
Karol 'grzywacz' Nowak <grzywacz@sul.uni.lodz.pl>
parents: 2356
diff changeset
32
5199
1992db92a230 fix '304 not modified' response for AttachFile do=get and do=box
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5161
diff changeset
33 from werkzeug import http_date
2490
111868e5cb21 Regenerate xapian index on added attachment, fix PageDeletedEvent, fix header
Karol 'grzywacz' Nowak <grzywacz@sul.uni.lodz.pl>
parents: 2356
diff changeset
34
3591
15e5ca7240ab Load action: remove duplicated code, add comment field, refactor. AttachFile action: refactor. Fix bugs.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3586
diff changeset
35 from MoinMoin import log
15e5ca7240ab Load action: remove duplicated code, add comment field, refactor. AttachFile action: refactor. Fix bugs.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3586
diff changeset
36 logging = log.getLogger(__name__)
15e5ca7240ab Load action: remove duplicated code, add comment field, refactor. AttachFile action: refactor. Fix bugs.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3586
diff changeset
37
4626
25532a36f2b5 AttachFile: reordered imports
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4599
diff changeset
38 # keep both imports below as they are, order is important:
25532a36f2b5 AttachFile: reordered imports
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4599
diff changeset
39 from MoinMoin import wikiutil
25532a36f2b5 AttachFile: reordered imports
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4599
diff changeset
40 import mimetypes
25532a36f2b5 AttachFile: reordered imports
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4599
diff changeset
41
25532a36f2b5 AttachFile: reordered imports
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4599
diff changeset
42 from MoinMoin import config, packages
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
43 from MoinMoin.Page import Page
1115
a349adcabffe 304 response support for attached files
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1068
diff changeset
44 from MoinMoin.util import filesys, timefuncs
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2966
diff changeset
45 from MoinMoin.security.textcha import TextCha
5279
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
46 from MoinMoin.events import FileAttachedEvent, FileRemovedEvent, send_event
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
47 from MoinMoin.support import tarfile
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
48
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
49 action_name = __name__.split('.')[-1]
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
50
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
51 #############################################################################
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
52 ### External interface - these are called from the core code
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
53 #############################################################################
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
54
691
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
55 class AttachmentAlreadyExists(Exception):
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
56 pass
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
57
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
58
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
59 def getBasePath(request):
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
60 """ Get base path where page dirs for attachments are stored. """
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
61 return request.rootpage.getPagePath('pages')
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
62
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
63
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
64 def getAttachDir(request, pagename, create=0):
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
65 """ Get directory where attachments for page `pagename` are stored. """
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
66 if request.page and pagename == request.page.page_name:
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
67 page = request.page # reusing existing page obj is faster
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
68 else:
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
69 page = Page(request, pagename)
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
70 return page.getPagePath("attachments", check_create=create)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
71
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
72
143
11df1156d432 fixed MoinMoinBugs/BrokenAttachmentPaths
Florian Festi <Florian.Festi@trick.informatik.uni-stuttgart.de>
parents: 118
diff changeset
73 def absoluteName(url, pagename):
281
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
74 """ Get (pagename, filename) of an attachment: link
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
75 @param url: PageName/filename.ext or filename.ext (unicode)
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
76 @param pagename: name of the currently processed page (unicode)
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
77 @rtype: tuple of unicode
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
78 @return: PageName, filename.ext
143
11df1156d432 fixed MoinMoinBugs/BrokenAttachmentPaths
Florian Festi <Florian.Festi@trick.informatik.uni-stuttgart.de>
parents: 118
diff changeset
79 """
3084
a6aaae4bded0 fix relative attachment targets
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3073
diff changeset
80 url = wikiutil.AbsPageName(pagename, url)
281
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
81 pieces = url.split(u'/')
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
82 if len(pieces) == 1:
143
11df1156d432 fixed MoinMoinBugs/BrokenAttachmentPaths
Florian Festi <Florian.Festi@trick.informatik.uni-stuttgart.de>
parents: 118
diff changeset
83 return pagename, pieces[0]
11df1156d432 fixed MoinMoinBugs/BrokenAttachmentPaths
Florian Festi <Florian.Festi@trick.informatik.uni-stuttgart.de>
parents: 118
diff changeset
84 else:
145
b11bb396654e make Attachment fix run with Py 2.3
Florian Festi <Florian.Festi@trick.informatik.uni-stuttgart.de>
parents: 143
diff changeset
85 return u"/".join(pieces[:-1]), pieces[-1]
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
86
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
87
5102
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
88 def get_action(request, filename, do):
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
89 generic_do_mapping = {
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
90 # do -> action
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
91 'get': action_name,
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
92 'view': action_name,
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
93 'move': action_name,
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
94 'del': action_name,
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
95 'unzip': action_name,
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
96 'install': action_name,
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
97 'upload_form': action_name,
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
98 }
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
99 basename, ext = os.path.splitext(filename)
5161
d751e9807213 Introduced a new config var "extensions_mapping". You can set up a mapping of attachment extensions to actions. By the drawing syntax these actions are called for the given target.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5108
diff changeset
100 do_mapping = request.cfg.extensions_mapping.get(ext, {})
5102
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
101 action = do_mapping.get(do, None)
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
102 if action is None:
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
103 # we have no special support for this,
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
104 # look up whether we have generic support:
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
105 action = generic_do_mapping.get(do, None)
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
106 return action
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
107
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
108
5102
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
109 def getAttachUrl(pagename, filename, request, addts=0, do='get'):
5098
ff588e9e24d6 simplify getAttachUrl: remove upload parameter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5095
diff changeset
110 """ Get URL that points to attachment `filename` of page `pagename`.
5102
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
111 For upload url, call with do='upload_form'.
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
112 Returns the URL to do the specified "do" action or None,
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
113 if this action is not supported.
5098
ff588e9e24d6 simplify getAttachUrl: remove upload parameter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5095
diff changeset
114 """
5102
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
115 action = get_action(request, filename, do)
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
116 if action:
5524
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
117 args = dict(action=action, do=do, target=filename)
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
118 if do not in ['get', 'view', # harmless
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
119 'modify', # just renders the applet html, which has own ticket
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
120 'move', # renders rename form, which has own ticket
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
121 ]:
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
122 # create a ticket for the not so harmless operations
5588
4a50a70af35d merged moin/1.8
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5524 5587
diff changeset
123 # we need action= here because the current action (e.g. "show" page
4a50a70af35d merged moin/1.8
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5524 5587
diff changeset
124 # with a macro AttachList) may not be the linked-to action, e.g.
4a50a70af35d merged moin/1.8
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5524 5587
diff changeset
125 # "AttachFile". Also, AttachList can list attachments of another page,
4a50a70af35d merged moin/1.8
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5524 5587
diff changeset
126 # thus we need to give pagename= also.
4a50a70af35d merged moin/1.8
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5524 5587
diff changeset
127 args['ticket'] = wikiutil.createTicket(request,
4a50a70af35d merged moin/1.8
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5524 5587
diff changeset
128 pagename=pagename, action=action_name)
5524
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
129 url = request.href(pagename, **args)
5102
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
130 return url
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
131
2701
398af77c7ede fixed attachment_link api - it now has a 'on' parameter like most of the other methods
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2601
diff changeset
132
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
133 def getIndicator(request, pagename):
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
134 """ Get an attachment indicator for a page (linked clip image) or
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
135 an empty string if not attachments exist.
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
136 """
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
137 _ = request.getText
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
138 attach_dir = getAttachDir(request, pagename)
1920
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
139 if not os.path.exists(attach_dir):
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
140 return ''
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
141
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
142 files = os.listdir(attach_dir)
1920
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
143 if not files:
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
144 return ''
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
145
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
146 fmt = request.formatter
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
147 attach_count = _('[%d attachments]') % len(files)
889
ad62767ffd0c pep8 style changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 869
diff changeset
148 attach_icon = request.theme.make_icon('attach', vars={'attach_count': attach_count})
4231
a29fd3a9e91f Try using werkzeugs Href object for URL generation (first in AttachFile)
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4226
diff changeset
149 attach_link = (fmt.url(1, request.href(pagename, action=action_name), rel='nofollow') +
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
150 attach_icon +
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
151 fmt.url(0))
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
152 return attach_link
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
153
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
154
281
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
155 def getFilename(request, pagename, filename):
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
156 """ make complete pathfilename of file "name" attached to some page "pagename"
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
157 @param request: request object
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
158 @param pagename: name of page where the file is attached to (unicode)
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
159 @param filename: filename of attached file (unicode)
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
160 @rtype: string (in config.charset encoding)
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
161 @return: complete path/filename of attached file
8155e50e94ca fixed crash with non-ASCII attachment filename
Thomas Waldmann <tw@waldmann-edv.de>
parents: 280
diff changeset
162 """
1911
0b2ad3099fcf AttachFile.size to reduce code duplication, fixed docstring
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1910
diff changeset
163 if isinstance(filename, unicode):
0b2ad3099fcf AttachFile.size to reduce code duplication, fixed docstring
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1910
diff changeset
164 filename = filename.encode(config.charset)
2885
48a1f6b6b6c5 AttachFile.getFilename: creates attachment dir on requesting filename
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2846
diff changeset
165 return os.path.join(getAttachDir(request, pagename, create=1), filename)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
166
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
167
1910
5c3dffe2abf1 new function AttachFile.exists to reduce code duplication
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1904
diff changeset
168 def exists(request, pagename, filename):
5c3dffe2abf1 new function AttachFile.exists to reduce code duplication
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1904
diff changeset
169 """ check if page <pagename> has a file <filename> attached """
5c3dffe2abf1 new function AttachFile.exists to reduce code duplication
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1904
diff changeset
170 fpath = getFilename(request, pagename, filename)
5c3dffe2abf1 new function AttachFile.exists to reduce code duplication
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1904
diff changeset
171 return os.path.exists(fpath)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
172
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
173
1911
0b2ad3099fcf AttachFile.size to reduce code duplication, fixed docstring
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1910
diff changeset
174 def size(request, pagename, filename):
0b2ad3099fcf AttachFile.size to reduce code duplication, fixed docstring
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1910
diff changeset
175 """ return file size of file attachment """
0b2ad3099fcf AttachFile.size to reduce code duplication, fixed docstring
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1910
diff changeset
176 fpath = getFilename(request, pagename, filename)
0b2ad3099fcf AttachFile.size to reduce code duplication, fixed docstring
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1910
diff changeset
177 return os.path.getsize(fpath)
0b2ad3099fcf AttachFile.size to reduce code duplication, fixed docstring
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1910
diff changeset
178
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
179
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
180 def info(pagename, request):
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
181 """ Generate snippet with info on the attachment for page `pagename`. """
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
182 _ = request.getText
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
183
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
184 attach_dir = getAttachDir(request, pagename)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
185 files = []
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
186 if os.path.isdir(attach_dir):
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
187 files = os.listdir(attach_dir)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
188 page = Page(request, pagename)
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
189 link = page.url(request, {'action': action_name})
3122
a1322262398a refactored _() getText calls to match new api
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3084
diff changeset
190 attach_info = _('There are <a href="%(link)s">%(count)s attachment(s)</a> stored for this page.') % {
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
191 'count': len(files),
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
192 'link': wikiutil.escape(link)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
193 }
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
194 return "\n<p>\n%s\n</p>\n" % attach_info
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
195
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
196
3568
6fe1ea4d9d1a use the open temporary file for file uploads (fixes big memory consumption for big file uploads) - Twisted and mod_python is completely untested
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3553
diff changeset
197 def _write_stream(content, stream, bufsize=8192):
3603
43aa566b0ec7 AttachFile: fix uploading of < 1K files (FieldStorage seems to behave different for that case)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3595
diff changeset
198 if hasattr(content, 'read'): # looks file-like
3568
6fe1ea4d9d1a use the open temporary file for file uploads (fixes big memory consumption for big file uploads) - Twisted and mod_python is completely untested
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3553
diff changeset
199 import shutil
6fe1ea4d9d1a use the open temporary file for file uploads (fixes big memory consumption for big file uploads) - Twisted and mod_python is completely untested
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3553
diff changeset
200 shutil.copyfileobj(content, stream, bufsize)
3603
43aa566b0ec7 AttachFile: fix uploading of < 1K files (FieldStorage seems to behave different for that case)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3595
diff changeset
201 elif isinstance(content, str):
43aa566b0ec7 AttachFile: fix uploading of < 1K files (FieldStorage seems to behave different for that case)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3595
diff changeset
202 stream.write(content)
43aa566b0ec7 AttachFile: fix uploading of < 1K files (FieldStorage seems to behave different for that case)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3595
diff changeset
203 else:
43aa566b0ec7 AttachFile: fix uploading of < 1K files (FieldStorage seems to behave different for that case)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3595
diff changeset
204 logging.error("unsupported content object: %r" % content)
43aa566b0ec7 AttachFile: fix uploading of < 1K files (FieldStorage seems to behave different for that case)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3595
diff changeset
205 raise
3568
6fe1ea4d9d1a use the open temporary file for file uploads (fixes big memory consumption for big file uploads) - Twisted and mod_python is completely untested
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3553
diff changeset
206
1791
6dd2e29acffe Eclipse PyDev Check: fixed lots of its errors and warnings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1777
diff changeset
207 def add_attachment(request, pagename, target, filecontent, overwrite=0):
3568
6fe1ea4d9d1a use the open temporary file for file uploads (fixes big memory consumption for big file uploads) - Twisted and mod_python is completely untested
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3553
diff changeset
208 """ save <filecontent> to an attachment <target> of page <pagename>
6fe1ea4d9d1a use the open temporary file for file uploads (fixes big memory consumption for big file uploads) - Twisted and mod_python is completely untested
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3553
diff changeset
209
6fe1ea4d9d1a use the open temporary file for file uploads (fixes big memory consumption for big file uploads) - Twisted and mod_python is completely untested
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3553
diff changeset
210 filecontent can be either a str (in memory file content),
6fe1ea4d9d1a use the open temporary file for file uploads (fixes big memory consumption for big file uploads) - Twisted and mod_python is completely untested
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3553
diff changeset
211 or an open file object (file content in e.g. a tempfile).
6fe1ea4d9d1a use the open temporary file for file uploads (fixes big memory consumption for big file uploads) - Twisted and mod_python is completely untested
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3553
diff changeset
212 """
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
213 # replace illegal chars
691
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
214 target = wikiutil.taintfilename(target)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
215
691
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
216 # get directory, and possibly create it
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
217 attach_dir = getAttachDir(request, pagename, create=1)
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
218 fpath = os.path.join(attach_dir, target).encode(config.charset)
5279
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
219
1765
6e438de156d9 AttachFile: allow overwriting files when user chooses that option (ported from 1.5-802)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1662
diff changeset
220 exists = os.path.exists(fpath)
5279
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
221 if exists:
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
222 if overwrite:
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
223 remove_attachment(request, pagename, target)
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
224 else:
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
225 raise AttachmentAlreadyExists
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
226
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
227 # save file
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
228 stream = open(fpath, 'wb')
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
229 try:
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
230 _write_stream(filecontent, stream)
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
231 finally:
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
232 stream.close()
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
233
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
234 _addLogEntry(request, 'ATTNEW', pagename, target)
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
235
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
236 filesize = os.path.getsize(fpath)
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
237 event = FileAttachedEvent(request, pagename, target, filesize)
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
238 send_event(event)
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
239
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
240 return target, filesize
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
241
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
242
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
243 def remove_attachment(request, pagename, target):
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
244 """ remove attachment <target> of page <pagename>
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
245 """
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
246 # replace illegal chars
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
247 target = wikiutil.taintfilename(target)
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
248
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
249 # get directory, do not create it
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
250 attach_dir = getAttachDir(request, pagename, create=0)
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
251 # remove file
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
252 fpath = os.path.join(attach_dir, target).encode(config.charset)
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
253 try:
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
254 filesize = os.path.getsize(fpath)
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
255 os.remove(fpath)
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
256 except:
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
257 # either it is gone already or we have no rights - not much we can do about it
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
258 filesize = 0
691
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
259 else:
5279
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
260 _addLogEntry(request, 'ATTDEL', pagename, target)
691
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
261
5279
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
262 event = FileRemovedEvent(request, pagename, target, filesize)
2490
111868e5cb21 Regenerate xapian index on added attachment, fix PageDeletedEvent, fix header
Karol 'grzywacz' Nowak <grzywacz@sul.uni.lodz.pl>
parents: 2356
diff changeset
263 send_event(event)
1473
b5864c9492fb ensure new attachments trigger an index update, doc update for MoinMoin.search.Xapian
Franz Pletz <fpletz AT franz-pletz DOT org>
parents: 1318
diff changeset
264
3568
6fe1ea4d9d1a use the open temporary file for file uploads (fixes big memory consumption for big file uploads) - Twisted and mod_python is completely untested
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3553
diff changeset
265 return target, filesize
802
7b2e550c9660 merge moin/1.6
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 801 691
diff changeset
266
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
267
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
268 #############################################################################
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
269 ### Internal helpers
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
270 #############################################################################
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
271
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
272 def _addLogEntry(request, action, pagename, filename):
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
273 """ Add an entry to the edit log on uploads and deletes.
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
274
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
275 `action` should be "ATTNEW" or "ATTDEL"
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
276 """
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
277 from MoinMoin.logfile import editlog
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
278 t = wikiutil.timestamp2version(time.time())
4569
3caaa8c74c41 wikiutil: replace moin's cgi/urllib wrappers by calls to werkzeug.utils code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4549
diff changeset
279 fname = wikiutil.url_quote(filename)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
280
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
281 # Write to global log
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
282 log = editlog.EditLog(request)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
283 log.add(request, t, 99999999, action, pagename, request.remote_addr, fname)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
284
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
285 # Write to local log
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
286 log = editlog.EditLog(request, rootpagename=pagename)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
287 log.add(request, t, 99999999, action, pagename, request.remote_addr, fname)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
288
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
289
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
290 def _access_file(pagename, request):
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
291 """ Check form parameter `target` and return a tuple of
3169
a654cf294f4e AttachFile: fix _access_file return parameter count
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3164
diff changeset
292 `(pagename, filename, filepath)` for an existing attachment.
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
293
3169
a654cf294f4e AttachFile: fix _access_file return parameter count
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3164
diff changeset
294 Return `(pagename, None, None)` if an error occurs.
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
295 """
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
296 _ = request.getText
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
297
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
298 error = None
4222
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
299 if not request.values.get('target'):
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
300 error = _("Filename of attachment not specified!")
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
301 else:
4222
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
302 filename = wikiutil.taintfilename(request.values['target'])
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
303 fpath = getFilename(request, pagename, filename)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
304
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
305 if os.path.isfile(fpath):
3169
a654cf294f4e AttachFile: fix _access_file return parameter count
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3164
diff changeset
306 return (pagename, filename, fpath)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
307 error = _("Attachment '%(filename)s' does not exist!") % {'filename': filename}
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
308
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
309 error_msg(pagename, request, error)
3169
a654cf294f4e AttachFile: fix _access_file return parameter count
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3164
diff changeset
310 return (pagename, None, None)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
311
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
312
5948
378bfb1d0eec AttachList: introduced search_term parameter (optional) for listing attachments by a regular expression
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5912
diff changeset
313 def _build_filelist(request, pagename, showheader, readonly, mime_type='*', filterfn=None):
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
314 _ = request.getText
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
315 fmt = request.html_formatter
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
316
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
317 # access directory
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
318 attach_dir = getAttachDir(request, pagename)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
319 files = _get_files(request, pagename)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
320
1653
5b15b6e010cf AttachList can list files of given mimetype now (ported from 1.5)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1635
diff changeset
321 if mime_type != '*':
5b15b6e010cf AttachList can list files of given mimetype now (ported from 1.5)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1635
diff changeset
322 files = [fname for fname in files if mime_type == mimetypes.guess_type(fname)[0]]
5948
378bfb1d0eec AttachList: introduced search_term parameter (optional) for listing attachments by a regular expression
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5912
diff changeset
323 if filterfn is not None:
378bfb1d0eec AttachList: introduced search_term parameter (optional) for listing attachments by a regular expression
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5912
diff changeset
324 files = [fname for fname in files if filterfn(fname)]
1653
5b15b6e010cf AttachList can list files of given mimetype now (ported from 1.5)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1635
diff changeset
325
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
326 html = []
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
327 if files:
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
328 if showheader:
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
329 html.append(fmt.rawHTML(_(
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
330 "To refer to attachments on a page, use '''{{{attachment:filename}}}''', \n"
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
331 "as shown below in the list of files. \n"
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
332 "Do '''NOT''' use the URL of the {{{[get]}}} link, \n"
3122
a1322262398a refactored _() getText calls to match new api
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3084
diff changeset
333 "since this is subject to change and can break easily.",
a1322262398a refactored _() getText calls to match new api
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3084
diff changeset
334 wiki=True
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
335 )))
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
336
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
337 label_del = _("del")
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
338 label_move = _("move")
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
339 label_get = _("get")
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
340 label_edit = _("edit")
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
341 label_view = _("view")
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
342 label_unzip = _("unzip")
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
343 label_install = _("install")
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
344
5102
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
345 may_read = request.user.may.read(pagename)
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
346 may_write = request.user.may.write(pagename)
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
347 may_delete = request.user.may.delete(pagename)
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
348
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
349 html.append(fmt.bullet_list(1))
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
350 for file in files:
1985
eb5328be394e AttachFile:destinguish between zip and other fileformats using zip archives
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1967
diff changeset
351 mt = wikiutil.MimeType(filename=file)
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
352 fullpath = os.path.join(attach_dir, file).encode(config.charset)
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
353 st = os.stat(fullpath)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
354 base, ext = os.path.splitext(file)
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
355 parmdict = {'file': wikiutil.escape(file),
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
356 'fsize': "%.1f" % (float(st.st_size) / 1024),
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
357 'fmtime': request.user.getFormattedDateTime(st.st_mtime),
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
358 }
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
359
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
360 links = []
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
361 if may_delete and not readonly:
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
362 links.append(fmt.url(1, getAttachUrl(pagename, file, request, do='del')) +
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
363 fmt.text(label_del) +
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
364 fmt.url(0))
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
365
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
366 if may_delete and not readonly:
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
367 links.append(fmt.url(1, getAttachUrl(pagename, file, request, do='move')) +
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
368 fmt.text(label_move) +
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
369 fmt.url(0))
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
370
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
371 links.append(fmt.url(1, getAttachUrl(pagename, file, request)) +
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
372 fmt.text(label_get) +
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
373 fmt.url(0))
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
374
5102
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
375 links.append(fmt.url(1, getAttachUrl(pagename, file, request, do='view')) +
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
376 fmt.text(label_view) +
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
377 fmt.url(0))
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
378
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
379 if may_write and not readonly:
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
380 edit_url = getAttachUrl(pagename, file, request, do='modify')
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
381 if edit_url:
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
382 links.append(fmt.url(1, edit_url) +
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
383 fmt.text(label_edit) +
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
384 fmt.url(0))
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
385
3705
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
386 try:
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
387 is_zipfile = zipfile.is_zipfile(fullpath)
5585
5835fd165996 AttachFile._build_filelist: verifies readonly flag for unzip file link
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5523
diff changeset
388 if is_zipfile and not readonly:
3705
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
389 is_package = packages.ZipPackage(request, fullpath).isPackage()
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
390 if is_package and request.user.isSuperUser():
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
391 links.append(fmt.url(1, getAttachUrl(pagename, file, request, do='install')) +
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
392 fmt.text(label_install) +
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
393 fmt.url(0))
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
394 elif (not is_package and mt.minor == 'zip' and
5102
9ae242080889 drawings/attachments: made editing support more generic (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5101
diff changeset
395 may_read and may_write and may_delete):
3705
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
396 links.append(fmt.url(1, getAttachUrl(pagename, file, request, do='unzip')) +
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
397 fmt.text(label_unzip) +
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
398 fmt.url(0))
5901
b9450db6c129 Attachment handler: catch all Zip-related errors
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5625
diff changeset
399 except (RuntimeError, zipfile.BadZipfile, zipfile.LargeZipFile):
3705
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
400 # We don't want to crash with a traceback here (an exception
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
401 # here could be caused by an uploaded defective zip file - and
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
402 # if we crash here, the user does not get a UI to remove the
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
403 # defective zip file again).
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
404 # RuntimeError is raised by zipfile stdlib module in case of
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
405 # problems (like inconsistent slash and backslash usage in the
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
406 # archive).
5901
b9450db6c129 Attachment handler: catch all Zip-related errors
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5625
diff changeset
407 # BadZipfile/LargeZipFile are raised when there are some
b9450db6c129 Attachment handler: catch all Zip-related errors
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5625
diff changeset
408 # specific problems with the archive file.
3705
ac48fad2e117 AttachFile action: catch runtime error raised by zipfile to not make attachments list unusable if someone attached a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3700
diff changeset
409 logging.exception("An exception within zip file attachment handling occurred:")
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
410
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
411 html.append(fmt.listitem(1))
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
412 html.append("[%s]" % "&nbsp;| ".join(links))
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
413 html.append(" (%(fmtime)s, %(fsize)s KB) [[attachment:%(file)s]]" % parmdict)
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
414 html.append(fmt.listitem(0))
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
415 html.append(fmt.bullet_list(0))
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
416
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
417 else:
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
418 if showheader:
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
419 html.append(fmt.paragraph(1))
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
420 html.append(fmt.text(_("No attachments stored for %(pagename)s") % {
3270
e06e15e90ba7 fix some wrong wikiutil.escape usage causing double-escaping
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3253
diff changeset
421 'pagename': pagename}))
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
422 html.append(fmt.paragraph(0))
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
423
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
424 return ''.join(html)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
425
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
426
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
427 def _get_files(request, pagename):
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
428 attach_dir = getAttachDir(request, pagename)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
429 if os.path.isdir(attach_dir):
1866
0194beaf511e reduce reduce, filter and map usage
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1864
diff changeset
430 files = [fn.decode(config.charset) for fn in os.listdir(attach_dir)]
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
431 files.sort()
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
432 else:
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
433 files = []
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
434 return files
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
435
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
436
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
437 def _get_filelist(request, pagename):
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
438 return _build_filelist(request, pagename, 1, 0)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
439
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
440
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
441 def error_msg(pagename, request, msg):
4699
5f51246a4df1 AttachFile XSS fixes: move escaping to error_msg / upload_form
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4647
diff changeset
442 msg = wikiutil.escape(msg)
2966
ba14d391c2ba Refactor all modules to use the new add_msg interface in 1.7 (done by Frederico Lorenzi). Should not be backported to 1.6 but
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 2885
diff changeset
443 request.theme.add_msg(msg, "error")
ba14d391c2ba Refactor all modules to use the new add_msg interface in 1.7 (done by Frederico Lorenzi). Should not be backported to 1.6 but
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 2885
diff changeset
444 Page(request, pagename).send_page()
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
445
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
446
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
447 #############################################################################
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
448 ### Create parts of the Web interface
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
449 #############################################################################
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
450
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
451 def send_link_rel(request, pagename):
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
452 files = _get_files(request, pagename)
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
453 for fname in files:
5101
d8ccac2f24c5 getAttachUrl: removed escaped=... param (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5098
diff changeset
454 url = getAttachUrl(pagename, fname, request, do='view')
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
455 request.write(u'<link rel="Appendix" title="%s" href="%s">\n' % (
5101
d8ccac2f24c5 getAttachUrl: removed escaped=... param (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5098
diff changeset
456 wikiutil.escape(fname, 1),
d8ccac2f24c5 getAttachUrl: removed escaped=... param (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5098
diff changeset
457 wikiutil.escape(url, 1)))
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
458
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
459 def send_uploadform(pagename, request):
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
460 """ Send the HTML code for the list of already stored attachments and
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
461 the file upload form.
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
462 """
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
463 _ = request.getText
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
464
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
465 if not request.user.may.read(pagename):
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
466 request.write('<p>%s</p>' % _('You are not allowed to view this page.'))
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
467 return
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
468
1635
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
469 writeable = request.user.may.write(pagename)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
470
1635
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
471 # First send out the upload new attachment form on top of everything else.
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
472 # This avoids usability issues if you have to scroll down a lot to upload
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
473 # a new file when the page already has lots of attachments:
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
474 if writeable:
3586
35366465d4fe AttachFile/Load: remove misleading/outdated text, Load: fix UI cosmetics, reuse i18n texts
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3572
diff changeset
475 request.write('<h2>' + _("New Attachment") + '</h2>')
1635
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
476 request.write("""
4231
a29fd3a9e91f Try using werkzeugs Href object for URL generation (first in AttachFile)
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4226
diff changeset
477 <form action="%(url)s" method="POST" enctype="multipart/form-data">
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
478 <dl>
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
479 <dt>%(upload_label_file)s</dt>
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
480 <dd><input type="file" name="file" size="50"></dd>
5098
ff588e9e24d6 simplify getAttachUrl: remove upload parameter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5095
diff changeset
481 <dt>%(upload_label_target)s</dt>
ff588e9e24d6 simplify getAttachUrl: remove upload parameter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5095
diff changeset
482 <dd><input type="text" name="target" size="50" value="%(target)s"></dd>
1765
6e438de156d9 AttachFile: allow overwriting files when user chooses that option (ported from 1.5-802)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1662
diff changeset
483 <dt>%(upload_label_overwrite)s</dt>
6e438de156d9 AttachFile: allow overwriting files when user chooses that option (ported from 1.5-802)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1662
diff changeset
484 <dd><input type="checkbox" name="overwrite" value="1" %(overwrite_checked)s></dd>
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
485 </dl>
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2966
diff changeset
486 %(textcha)s
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
487 <p>
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
488 <input type="hidden" name="action" value="%(action_name)s">
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
489 <input type="hidden" name="do" value="upload">
5522
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
490 <input type="hidden" name="ticket" value="%(ticket)s">
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
491 <input type="submit" value="%(upload_button)s">
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
492 </p>
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
493 </form>
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
494 """ % {
4231
a29fd3a9e91f Try using werkzeugs Href object for URL generation (first in AttachFile)
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4226
diff changeset
495 'url': request.href(pagename),
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
496 'action_name': action_name,
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
497 'upload_label_file': _('File to upload'),
5098
ff588e9e24d6 simplify getAttachUrl: remove upload parameter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5095
diff changeset
498 'upload_label_target': _('Rename to'),
ff588e9e24d6 simplify getAttachUrl: remove upload parameter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5095
diff changeset
499 'target': wikiutil.escape(request.values.get('target', ''), 1),
1765
6e438de156d9 AttachFile: allow overwriting files when user chooses that option (ported from 1.5-802)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1662
diff changeset
500 'upload_label_overwrite': _('Overwrite existing attachment of same name'),
4201
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
501 'overwrite_checked': ('', 'checked')[request.form.get('overwrite', '0') == '1'],
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
502 'upload_button': _('Upload'),
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2966
diff changeset
503 'textcha': TextCha(request).render(),
5522
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
504 'ticket': wikiutil.createTicket(request),
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
505 })
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
506
1635
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
507 request.write('<h2>' + _("Attached Files") + '</h2>')
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
508 request.write(_get_filelist(request, pagename))
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
509
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
510 if not writeable:
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
511 request.write('<p>%s</p>' % _('You are not allowed to attach a file to this page.'))
a41c60e53ddd display upload attachment form at top, avoids lots of scrolling
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1611
diff changeset
512
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
513 #############################################################################
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
514 ### Web interface for file upload, viewing and deletion
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
515 #############################################################################
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
516
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
517 def execute(pagename, request):
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
518 """ Main dispatcher for the 'AttachFile' action. """
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
519 _ = request.getText
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
520
4222
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
521 do = request.values.get('do', 'upload_form')
4201
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
522 handler = globals().get('_do_%s' % do)
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
523 if handler:
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
524 msg = handler(pagename, request)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
525 else:
4703
621c708ecddb merged moin/1.8
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4651 4702
diff changeset
526 msg = _('Unsupported AttachFile sub-action: %s') % do
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
527 if msg:
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
528 error_msg(pagename, request, msg)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
529
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
530
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
531 def _do_upload_form(pagename, request):
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
532 upload_form(pagename, request)
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
533
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
534
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
535 def upload_form(pagename, request, msg=''):
4699
5f51246a4df1 AttachFile XSS fixes: move escaping to error_msg / upload_form
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4647
diff changeset
536 if msg:
5f51246a4df1 AttachFile XSS fixes: move escaping to error_msg / upload_form
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4647
diff changeset
537 msg = wikiutil.escape(msg)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
538 _ = request.getText
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
539
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
540 # Use user interface language for this generated page
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
541 request.setContentLanguage(request.lang)
2966
ba14d391c2ba Refactor all modules to use the new add_msg interface in 1.7 (done by Frederico Lorenzi). Should not be backported to 1.6 but
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 2885
diff changeset
542 request.theme.add_msg(msg, "dialog")
ba14d391c2ba Refactor all modules to use the new add_msg interface in 1.7 (done by Frederico Lorenzi). Should not be backported to 1.6 but
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 2885
diff changeset
543 request.theme.send_title(_('Attachments for "%(pagename)s"') % {'pagename': pagename}, pagename=pagename)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
544 request.write('<div id="content">\n') # start content div
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
545 send_uploadform(pagename, request)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
546 request.write('</div>\n') # end content div
616
3b08d9413589 move send_title/footer from wikiutil to theme.__init__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 520
diff changeset
547 request.theme.send_footer(pagename)
617
cf420addd95c removed MoinMoinNoFooter at many places, added call to theme.send_closing_html() where needed
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 616
diff changeset
548 request.theme.send_closing_html()
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
549
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
550
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
551 def _do_upload(pagename, request):
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
552 _ = request.getText
5522
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
553
5524
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
554 if not wikiutil.checkTicket(request, request.form.get('ticket', '')):
5522
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
555 return _('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'AttachFile.upload' }
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
556
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
557 # Currently we only check TextCha for upload (this is what spammers ususally do),
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
558 # but it could be extended to more/all attachment write access
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
559 if not TextCha(request).check_answer_from_form():
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
560 return _('TextCha: Wrong answer! Go back and try again...')
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
561
3591
15e5ca7240ab Load action: remove duplicated code, add comment field, refactor. AttachFile action: refactor. Fix bugs.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3586
diff changeset
562 form = request.form
4222
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
563
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
564 file_upload = request.files.get('file')
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
565 if not file_upload:
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
566 # This might happen when trying to upload file names
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
567 # with non-ascii characters on Safari.
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
568 return _("No file content. Delete non ASCII characters from the file name and try again.")
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
569
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
570 try:
4222
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
571 overwrite = int(form.get('overwrite', '0'))
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
572 except:
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
573 overwrite = 0
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
574
3595
1dcf6a261c2a AttachFile: make error msg less confusing when trying to overwrite a file attachment without having acl delete rights
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3591
diff changeset
575 if not request.user.may.write(pagename):
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
576 return _('You are not allowed to attach a file to this page.')
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
577
3595
1dcf6a261c2a AttachFile: make error msg less confusing when trying to overwrite a file attachment without having acl delete rights
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3591
diff changeset
578 if overwrite and not request.user.may.delete(pagename):
1dcf6a261c2a AttachFile: make error msg less confusing when trying to overwrite a file attachment without having acl delete rights
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3591
diff changeset
579 return _('You are not allowed to overwrite a file attachment of this page.')
1dcf6a261c2a AttachFile: make error msg less confusing when trying to overwrite a file attachment without having acl delete rights
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3591
diff changeset
580
5098
ff588e9e24d6 simplify getAttachUrl: remove upload parameter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5095
diff changeset
581 target = form.get('target', u'').strip()
ff588e9e24d6 simplify getAttachUrl: remove upload parameter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5095
diff changeset
582 if not target:
4651
aa481a3b6a60 AttachFile: fix another exception when someone just clicks on upload, without giving a file
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4650
diff changeset
583 target = file_upload.filename or u''
3591
15e5ca7240ab Load action: remove duplicated code, add comment field, refactor. AttachFile action: refactor. Fix bugs.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3586
diff changeset
584
15e5ca7240ab Load action: remove duplicated code, add comment field, refactor. AttachFile action: refactor. Fix bugs.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3586
diff changeset
585 target = wikiutil.clean_input(target)
15e5ca7240ab Load action: remove duplicated code, add comment field, refactor. AttachFile action: refactor. Fix bugs.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3586
diff changeset
586
15e5ca7240ab Load action: remove duplicated code, add comment field, refactor. AttachFile action: refactor. Fix bugs.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3586
diff changeset
587 if not target:
15e5ca7240ab Load action: remove duplicated code, add comment field, refactor. AttachFile action: refactor. Fix bugs.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3586
diff changeset
588 return _("Filename of attachment not specified!")
15e5ca7240ab Load action: remove duplicated code, add comment field, refactor. AttachFile action: refactor. Fix bugs.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3586
diff changeset
589
691
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
590 # add the attachment
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
591 try:
4222
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
592 target, bytes = add_attachment(request, pagename, target, file_upload.stream, overwrite=overwrite)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
593 msg = _("Attachment '%(target)s' (remote name '%(filename)s')"
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
594 " with %(bytes)d bytes saved.") % {
4222
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
595 'target': target, 'filename': file_upload.filename, 'bytes': bytes}
691
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
596 except AttachmentAlreadyExists:
f18b06c790d4 Refactored adding attachments.
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 623
diff changeset
597 msg = _("Attachment '%(target)s' (remote name '%(filename)s') already exists.") % {
4222
f77469d98cd2 Fixed: AttachFile upload handling & some form-issues
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4210
diff changeset
598 'target': target, 'filename': file_upload.filename}
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
599
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
600 # return attachment list
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
601 upload_form(pagename, request, msg)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
602
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
603
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
604 class ContainerItem:
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
605 """ A storage container (multiple objects in 1 tarfile) """
3572
870cc4c47705 AttachFile: fix saving of drawing files
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3568
diff changeset
606
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
607 def __init__(self, request, pagename, containername):
5910
7e7e1cbb9d3f security: fix remote code execution vulnerability in twikidraw/anywikidraw actions
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5901
diff changeset
608 """
7e7e1cbb9d3f security: fix remote code execution vulnerability in twikidraw/anywikidraw actions
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5901
diff changeset
609 @param pagename: a wiki page name
7e7e1cbb9d3f security: fix remote code execution vulnerability in twikidraw/anywikidraw actions
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5901
diff changeset
610 @param containername: the filename of the tar file.
7e7e1cbb9d3f security: fix remote code execution vulnerability in twikidraw/anywikidraw actions
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5901
diff changeset
611 Make sure this is a simple filename, NOT containing any path components.
7e7e1cbb9d3f security: fix remote code execution vulnerability in twikidraw/anywikidraw actions
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5901
diff changeset
612 Use wikiutil.taintfilename() to avoid somebody giving a container
7e7e1cbb9d3f security: fix remote code execution vulnerability in twikidraw/anywikidraw actions
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5901
diff changeset
613 name that starts with e.g. ../../filename or you'll create a
7e7e1cbb9d3f security: fix remote code execution vulnerability in twikidraw/anywikidraw actions
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5901
diff changeset
614 directory traversal and code execution vulnerability.
7e7e1cbb9d3f security: fix remote code execution vulnerability in twikidraw/anywikidraw actions
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5901
diff changeset
615 """
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
616 self.request = request
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
617 self.pagename = pagename
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
618 self.containername = containername
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
619 self.container_filename = getFilename(request, pagename, containername)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
620
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
621 def member_url(self, member):
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
622 """ return URL for accessing container member
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
623 (we use same URL for get (GET) and put (POST))
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
624 """
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
625 url = Page(self.request, self.pagename).url(self.request, {
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
626 'action': 'AttachFile',
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
627 'do': 'box', # shorter to type than 'container'
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
628 'target': self.containername,
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
629 #'member': member,
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
630 })
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
631 return url + '&member=%s' % member
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
632 # member needs to be last in qs because twikidraw looks for "file extension" at the end
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
633
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
634 def get(self, member):
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
635 """ return a file-like object with the member file data
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
636 """
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
637 tf = tarfile.TarFile(self.container_filename)
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
638 return tf.extractfile(member)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
639
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
640 def put(self, member, content, content_length=None):
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
641 """ save data into a container's member """
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
642 tf = tarfile.TarFile(self.container_filename, mode='a')
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
643 if isinstance(member, unicode):
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
644 member = member.encode('utf-8')
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
645 ti = tarfile.TarInfo(member)
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
646 if isinstance(content, str):
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
647 if content_length is None:
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
648 content_length = len(content)
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
649 content = StringIO(content) # we need a file obj
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
650 elif not hasattr(content, 'read'):
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
651 logging.error("unsupported content object: %r" % content)
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
652 raise
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
653 assert content_length >= 0 # we don't want -1 interpreted as 4G-1
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
654 ti.size = content_length
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
655 tf.addfile(ti, content)
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
656 tf.close()
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
657
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
658 def truncate(self):
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
659 f = open(self.container_filename, 'w')
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
660 f.close()
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
661
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
662 def exists(self):
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
663 return os.path.exists(self.container_filename)
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
664
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
665 def _do_del(pagename, request):
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
666 _ = request.getText
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
667
5524
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
668 if not wikiutil.checkTicket(request, request.args.get('ticket', '')):
5522
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
669 return _('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'AttachFile.del' }
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
670
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
671 pagename, filename, fpath = _access_file(pagename, request)
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
672 if not request.user.may.delete(pagename):
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
673 return _('You are not allowed to delete attachments on this page.')
1920
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
674 if not filename:
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
675 return # error msg already sent in _access_file
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
676
5279
2aa43685e17b AttachFile: added remove_attachment(), made nuke_page use it (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5276
diff changeset
677 remove_attachment(request, pagename, filename)
1479
b1562b232683 fix for deleting from xapian index
Franz Pletz <fpletz AT franz-pletz DOT org>
parents: 1473
diff changeset
678
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
679 upload_form(pagename, request, msg=_("Attachment '%(filename)s' deleted.") % {'filename': filename})
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
680
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
681
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
682 def move_file(request, pagename, new_pagename, attachment, new_attachment):
5912
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
683 """
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
684 move a file attachment from pagename:attachment to new_pagename:new_attachment
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
685
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
686 @param pagename: original pagename
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
687 @param new_pagename: new pagename (may be same as original pagename)
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
688 @param attachment: original attachment filename
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
689 note: attachment filename must not contain a path,
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
690 use wikiutil.taintfilename() before calling move_file
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
691 @param new_attachment: new attachment filename (may be same as original filename)
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
692 note: attachment filename must not contain a path,
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
693 use wikiutil.taintfilename() before calling move_file
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
694 """
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
695 _ = request.getText
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
696
1609
7f73dafb525d move attachments: remove unneeded imports
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1608
diff changeset
697 newpage = Page(request, new_pagename)
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
698 if newpage.exists(includeDeleted=1) and request.user.may.write(new_pagename) and request.user.may.delete(pagename):
1609
7f73dafb525d move attachments: remove unneeded imports
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1608
diff changeset
699 new_attachment_path = os.path.join(getAttachDir(request, new_pagename,
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
700 create=1), new_attachment).encode(config.charset)
1609
7f73dafb525d move attachments: remove unneeded imports
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1608
diff changeset
701 attachment_path = os.path.join(getAttachDir(request, pagename),
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
702 attachment).encode(config.charset)
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
703
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
704 if os.path.exists(new_attachment_path):
3171
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
705 upload_form(pagename, request,
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
706 msg=_("Attachment '%(new_pagename)s/%(new_filename)s' already exists.") % {
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
707 'new_pagename': new_pagename,
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
708 'new_filename': new_attachment})
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
709 return
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
710
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
711 if new_attachment_path != attachment_path:
5388
cd96baeeec9b AttachFile.move_file: send events (so e.g. xapian index update happens)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5326
diff changeset
712 filesize = os.path.getsize(attachment_path)
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
713 filesys.rename(attachment_path, new_attachment_path)
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
714 _addLogEntry(request, 'ATTDEL', pagename, attachment)
5388
cd96baeeec9b AttachFile.move_file: send events (so e.g. xapian index update happens)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5326
diff changeset
715 event = FileRemovedEvent(request, pagename, attachment, filesize)
cd96baeeec9b AttachFile.move_file: send events (so e.g. xapian index update happens)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5326
diff changeset
716 send_event(event)
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
717 _addLogEntry(request, 'ATTNEW', new_pagename, new_attachment)
5388
cd96baeeec9b AttachFile.move_file: send events (so e.g. xapian index update happens)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5326
diff changeset
718 event = FileAttachedEvent(request, new_pagename, new_attachment, filesize)
cd96baeeec9b AttachFile.move_file: send events (so e.g. xapian index update happens)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5326
diff changeset
719 send_event(event)
3171
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
720 upload_form(pagename, request,
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
721 msg=_("Attachment '%(pagename)s/%(filename)s' moved to '%(new_pagename)s/%(new_filename)s'.") % {
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
722 'pagename': pagename,
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
723 'filename': attachment,
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
724 'new_pagename': new_pagename,
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
725 'new_filename': new_attachment})
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
726 else:
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
727 upload_form(pagename, request, msg=_("Nothing changed"))
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
728 else:
3171
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
729 upload_form(pagename, request, msg=_("Page '%(new_pagename)s' does not exist or you don't have enough rights.") % {
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
730 'new_pagename': new_pagename})
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
731
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
732
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
733 def _do_attachment_move(pagename, request):
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
734 _ = request.getText
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
735
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
736 if 'cancel' in request.form:
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
737 return _('Move aborted!')
5524
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
738 if not wikiutil.checkTicket(request, request.form.get('ticket', '')):
5522
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
739 return _('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'AttachFile.move' }
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
740 if not request.user.may.delete(pagename):
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
741 return _('You are not allowed to move attachments from this page.')
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
742
1868
64507f46beb2 reduce usage of has_key()
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1866
diff changeset
743 if 'newpagename' in request.form:
4201
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
744 new_pagename = request.form.get('newpagename')
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
745 else:
3171
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
746 upload_form(pagename, request, msg=_("Move aborted because new page name is empty."))
1868
64507f46beb2 reduce usage of has_key()
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1866
diff changeset
747 if 'newattachmentname' in request.form:
4201
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
748 new_attachment = request.form.get('newattachmentname')
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
749 if new_attachment != wikiutil.taintfilename(new_attachment):
1662
3338af3c3867 update i18n, fix i18n tools
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1653
diff changeset
750 upload_form(pagename, request, msg=_("Please use a valid filename for attachment '%(filename)s'.") % {
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
751 'filename': new_attachment})
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
752 return
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
753 else:
3171
b23656c17a0b AttachFile: fix messages, remove unused code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3169
diff changeset
754 upload_form(pagename, request, msg=_("Move aborted because new attachment name is empty."))
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
755
4201
40acd13fb3d6 Changed form access to MultiDict forms
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4183
diff changeset
756 attachment = request.form.get('oldattachmentname')
5912
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
757 if attachment != wikiutil.taintfilename(attachment):
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
758 upload_form(pagename, request, msg=_("Please use a valid filename for attachment '%(filename)s'.") % {
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
759 'filename': attachment})
3c27131a3c52 security: fix path traversal vulnerability in AttachFile action
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5910
diff changeset
760 return
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
761 move_file(request, pagename, new_pagename, attachment, new_attachment)
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
762
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
763
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
764 def _do_move(pagename, request):
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
765 _ = request.getText
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
766
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
767 pagename, filename, fpath = _access_file(pagename, request)
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
768 if not request.user.may.delete(pagename):
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
769 return _('You are not allowed to move attachments from this page.')
1920
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
770 if not filename:
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
771 return # error msg already sent in _access_file
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
772
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
773 # move file
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
774 d = {'action': action_name,
4235
a6c315ff8d66 Make more use of werkzeugs Href object for URL-generation in MoinMoin
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4231
diff changeset
775 'url': request.href(pagename),
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
776 'do': 'attachment_move',
1610
48194fc011e5 move attachments: fix ticket calls
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1609
diff changeset
777 'ticket': wikiutil.createTicket(request),
4700
269a1fbc3ed7 AttachFile move: add more escaping (maybe not XSS exploitable though)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4699
diff changeset
778 'pagename': wikiutil.escape(pagename, 1),
269a1fbc3ed7 AttachFile move: add more escaping (maybe not XSS exploitable though)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4699
diff changeset
779 'attachment_name': wikiutil.escape(filename, 1),
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
780 'move': _('Move'),
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
781 'cancel': _('Cancel'),
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
782 'newname_label': _("New page name"),
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
783 'attachment_label': _("New attachment name"),
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
784 }
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
785 formhtml = '''
4235
a6c315ff8d66 Make more use of werkzeugs Href object for URL-generation in MoinMoin
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4231
diff changeset
786 <form action="%(url)s" method="POST">
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
787 <input type="hidden" name="action" value="%(action)s">
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
788 <input type="hidden" name="do" value="%(do)s">
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
789 <input type="hidden" name="ticket" value="%(ticket)s">
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
790 <table>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
791 <tr>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
792 <td class="label"><label>%(newname_label)s</label></td>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
793 <td class="content">
2708
5092edd82058 bug fix for non css browsers like w3m: for input fields set size of textarea and text to cols="80"
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2701
diff changeset
794 <input type="text" name="newpagename" value="%(pagename)s" size="80">
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
795 </td>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
796 </tr>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
797 <tr>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
798 <td class="label"><label>%(attachment_label)s</label></td>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
799 <td class="content">
2708
5092edd82058 bug fix for non css browsers like w3m: for input fields set size of textarea and text to cols="80"
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2701
diff changeset
800 <input type="text" name="newattachmentname" value="%(attachment_name)s" size="80">
1608
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
801 </td>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
802 </tr>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
803 <tr>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
804 <td></td>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
805 <td class="buttons">
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
806 <input type="hidden" name="oldattachmentname" value="%(attachment_name)s">
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
807 <input type="submit" name="move" value="%(move)s">
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
808 <input type="submit" name="cancel" value="%(cancel)s">
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
809 </td>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
810 </tr>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
811 </table>
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
812 </form>''' % d
7a26b4c769f3 attachment move
ReimarBauer <R.Bauer@fz-juelich.de>
parents: 1548
diff changeset
813 thispage = Page(request, pagename)
2966
ba14d391c2ba Refactor all modules to use the new add_msg interface in 1.7 (done by Frederico Lorenzi). Should not be backported to 1.6 but
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 2885
diff changeset
814 request.theme.add_msg(formhtml, "dialog")
ba14d391c2ba Refactor all modules to use the new add_msg interface in 1.7 (done by Frederico Lorenzi). Should not be backported to 1.6 but
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 2885
diff changeset
815 return thispage.send_page()
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
816
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
817
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
818 def _do_box(pagename, request):
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
819 _ = request.getText
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
820
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
821 pagename, filename, fpath = _access_file(pagename, request)
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
822 if not request.user.may.read(pagename):
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
823 return _('You are not allowed to get attachments from this page.')
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
824 if not filename:
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
825 return # error msg already sent in _access_file
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
826
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
827 timestamp = datetime.datetime.fromtimestamp(os.path.getmtime(fpath))
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
828 if_modified = request.if_modified_since
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
829 if if_modified and if_modified >= timestamp:
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
830 request.status_code = 304
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
831 else:
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
832 ci = ContainerItem(request, pagename, filename)
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
833 filename = wikiutil.taintfilename(request.values['member'])
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
834 mt = wikiutil.MimeType(filename=filename)
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
835 content_type = mt.content_type()
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
836 mime_type = mt.mime_type()
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
837
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
838 # TODO: fix the encoding here, plain 8 bit is not allowed according to the RFCs
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
839 # There is no solution that is compatible to IE except stripping non-ascii chars
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
840 filename_enc = filename.encode(config.charset)
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
841
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
842 # for dangerous files (like .html), when we are in danger of cross-site-scripting attacks,
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
843 # we just let the user store them to disk ('attachment').
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
844 # For safe files, we directly show them inline (this also works better for IE).
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
845 dangerous = mime_type in request.cfg.mimetypes_xss_protect
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
846 content_dispo = dangerous and 'attachment' or 'inline'
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
847
5199
1992db92a230 fix '304 not modified' response for AttachFile do=get and do=box
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5161
diff changeset
848 now = time.time()
5591
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
849 request.headers['Date'] = http_date(now)
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
850 request.headers['Content-Type'] = content_type
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
851 request.headers['Last-Modified'] = http_date(timestamp)
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
852 request.headers['Expires'] = http_date(now - 365 * 24 * 3600)
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
853 #request.headers['Content-Length'] = os.path.getsize(fpath)
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
854 content_dispo_string = '%s; filename="%s"' % (content_dispo, filename_enc)
5591
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
855 request.headers['Content-Disposition'] = content_dispo_string
4439
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
856
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
857 # send data
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
858 request.send_file(ci.get(filename))
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
859
ec62380ae400 store a drawing as a single file foo.tdraw (is a tar file with foo.draw, foo.map and foo.png inside)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4433
diff changeset
860
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
861 def _do_get(pagename, request):
3180
6ad1f133b66d AttachFile action: fix AttributeError
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3175
diff changeset
862 _ = request.getText
6ad1f133b66d AttachFile action: fix AttributeError
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3175
diff changeset
863
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
864 pagename, filename, fpath = _access_file(pagename, request)
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
865 if not request.user.may.read(pagename):
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
866 return _('You are not allowed to get attachments from this page.')
801
1f8976e01c3a fix wrong import, make more use of MimeType class
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 799
diff changeset
867 if not filename:
1f8976e01c3a fix wrong import, make more use of MimeType class
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 799
diff changeset
868 return # error msg already sent in _access_file
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
869
4226
b2df0c84140f Fixed handling of if_modified headers (threw exception on attachment-get)
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4222
diff changeset
870 timestamp = datetime.datetime.fromtimestamp(os.path.getmtime(fpath))
5326
1ba150d90d3a custom patch for werkzeug 0.5.1 http.parse_date to catch exceptions raised by stdlib, remove exception handler at moin level
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5302
diff changeset
871 if_modified = request.if_modified_since
4226
b2df0c84140f Fixed handling of if_modified headers (threw exception on attachment-get)
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4222
diff changeset
872 if if_modified and if_modified >= timestamp:
4183
fc20a076aad0 Accomodate for consolidation of Request/Response
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4176
diff changeset
873 request.status_code = 304
1115
a349adcabffe 304 response support for attached files
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1068
diff changeset
874 else:
a349adcabffe 304 response support for attached files
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1068
diff changeset
875 mt = wikiutil.MimeType(filename=filename)
1548
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
876 content_type = mt.content_type()
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
877 mime_type = mt.mime_type()
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
878
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
879 # TODO: fix the encoding here, plain 8 bit is not allowed according to the RFCs
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
880 # There is no solution that is compatible to IE except stripping non-ascii chars
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
881 filename_enc = filename.encode(config.charset)
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
882
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
883 # for dangerous files (like .html), when we are in danger of cross-site-scripting attacks,
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
884 # we just let the user store them to disk ('attachment').
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
885 # For safe files, we directly show them inline (this also works better for IE).
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
886 dangerous = mime_type in request.cfg.mimetypes_xss_protect
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
887 content_dispo = dangerous and 'attachment' or 'inline'
2eb5117aa7de content-disposition for AttachFile downloads either inline or attachment depending on mimetype in cfg.mimetypes_xss_protect list
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1510
diff changeset
888
5199
1992db92a230 fix '304 not modified' response for AttachFile do=get and do=box
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5161
diff changeset
889 now = time.time()
5591
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
890 request.headers['Date'] = http_date(now)
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
891 request.headers['Content-Type'] = content_type
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
892 request.headers['Last-Modified'] = http_date(timestamp)
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
893 request.headers['Expires'] = http_date(now - 365 * 24 * 3600)
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
894 request.headers['Content-Length'] = os.path.getsize(fpath)
4176
85884c67228d Replaced/removed calls to request.emit_http_headers
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4168
diff changeset
895 content_dispo_string = '%s; filename="%s"' % (content_dispo, filename_enc)
5591
1dff6cfdcf90 http headers: for most cases, do not use .add, but .__setitem__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5588
diff changeset
896 request.headers['Content-Disposition'] = content_dispo_string
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
897
1115
a349adcabffe 304 response support for attached files
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1068
diff changeset
898 # send data
3553
1052c105b16f new request.send_file() call, making it possible to use server-specific optimizations
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3525
diff changeset
899 request.send_file(open(fpath, 'rb'))
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
900
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
901
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
902 def _do_install(pagename, request):
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
903 _ = request.getText
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
904
5524
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
905 if not wikiutil.checkTicket(request, request.args.get('ticket', '')):
5522
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
906 return _('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'AttachFile.install' }
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
907
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
908 pagename, target, targetpath = _access_file(pagename, request)
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
909 if not request.user.isSuperUser():
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
910 return _('You are not allowed to install files.')
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
911 if not target:
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
912 return
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
913
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
914 package = packages.ZipPackage(request, targetpath)
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
915
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
916 if package.isPackage():
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
917 if package.installPackage():
4699
5f51246a4df1 AttachFile XSS fixes: move escaping to error_msg / upload_form
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4647
diff changeset
918 msg = _("Attachment '%(filename)s' installed.") % {'filename': target}
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
919 else:
4699
5f51246a4df1 AttachFile XSS fixes: move escaping to error_msg / upload_form
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4647
diff changeset
920 msg = _("Installation of '%(filename)s' failed.") % {'filename': target}
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
921 if package.msg:
4699
5f51246a4df1 AttachFile XSS fixes: move escaping to error_msg / upload_form
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4647
diff changeset
922 msg += " " + package.msg
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
923 else:
4699
5f51246a4df1 AttachFile XSS fixes: move escaping to error_msg / upload_form
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4647
diff changeset
924 msg = _('The file %s is not a MoinMoin package file.') % target
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
925
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
926 upload_form(pagename, request, msg=msg)
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
927
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
928
3700
9426f34f07b9 AttachFile: refactored unzip subaction code:
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3603
diff changeset
929 def _do_unzip(pagename, request, overwrite=False):
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
930 _ = request.getText
5522
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
931
5524
069f75c3d59c merged moin/1.8 + changes needed for ticket support of 1.9 drawings code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5388 5523
diff changeset
932 if not wikiutil.checkTicket(request, request.args.get('ticket', '')):
5522
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
933 return _('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'AttachFile.unzip' }
879674c9320a AttachFile: add ticketing for all operations that do modifications
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4700
diff changeset
934
3700
9426f34f07b9 AttachFile: refactored unzip subaction code:
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3603
diff changeset
935 pagename, filename, fpath = _access_file(pagename, request)
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
936 if not (request.user.may.delete(pagename) and request.user.may.read(pagename) and request.user.may.write(pagename)):
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
937 return _('You are not allowed to unzip attachments of this page.')
3700
9426f34f07b9 AttachFile: refactored unzip subaction code:
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3603
diff changeset
938
116
de898247fbff limit file count when unzipping an attachment
Thomas Waldmann <tw@waldmann-edv.de>
parents: 113
diff changeset
939 if not filename:
de898247fbff limit file count when unzipping an attachment
Thomas Waldmann <tw@waldmann-edv.de>
parents: 113
diff changeset
940 return # error msg already sent in _access_file
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
941
3712
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
942 try:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
943 if not zipfile.is_zipfile(fpath):
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
944 return _('The file %(filename)s is not a .zip file.') % {'filename': filename}
3700
9426f34f07b9 AttachFile: refactored unzip subaction code:
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3603
diff changeset
945
3712
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
946 # determine how which attachment names we have and how much space each is occupying
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
947 curr_fsizes = dict([(f, size(request, pagename, f)) for f in _get_files(request, pagename)])
3700
9426f34f07b9 AttachFile: refactored unzip subaction code:
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3603
diff changeset
948
3712
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
949 # Checks for the existance of one common prefix path shared among
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
950 # all files in the zip file. If this is the case, remove the common prefix.
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
951 # We also prepare a dict of the new filenames->filesizes.
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
952 zip_path_sep = '/' # we assume '/' is as zip standard suggests
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
953 fname_index = None
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
954 mapping = []
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
955 new_fsizes = {}
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
956 zf = zipfile.ZipFile(fpath)
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
957 for zi in zf.infolist():
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
958 name = zi.filename
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
959 if not name.endswith(zip_path_sep): # a file (not a directory)
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
960 if fname_index is None:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
961 fname_index = name.rfind(zip_path_sep) + 1
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
962 path = name[:fname_index]
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
963 if (name.rfind(zip_path_sep) + 1 != fname_index # different prefix len
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
964 or
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
965 name[:fname_index] != path): # same len, but still different
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
966 mapping = [] # zip is not acceptable
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
967 break
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
968 if zi.file_size >= request.cfg.unzip_single_file_size: # file too big
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
969 mapping = [] # zip is not acceptable
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
970 break
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
971 finalname = name[fname_index:] # remove common path prefix
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
972 finalname = finalname.decode(config.charset, 'replace') # replaces trash with \uFFFD char
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
973 mapping.append((name, finalname))
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
974 new_fsizes[finalname] = zi.file_size
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
975
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
976 # now we either have an empty mapping (if the zip is not acceptable),
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
977 # an identity mapping (no subdirs in zip, just all flat), or
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
978 # a mapping (origname, finalname) where origname is the zip member filename
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
979 # (including some prefix path) and finalname is a simple filename.
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
980
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
981 # calculate resulting total file size / count after unzipping:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
982 if overwrite:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
983 curr_fsizes.update(new_fsizes)
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
984 total = curr_fsizes
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
985 else:
3712
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
986 new_fsizes.update(curr_fsizes)
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
987 total = new_fsizes
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
988 total_count = len(total)
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
989 total_size = sum(total.values())
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
990
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
991 if not mapping:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
992 msg = _("Attachment '%(filename)s' not unzipped because some files in the zip "
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
993 "are either not in the same directory or exceeded the single file size limit (%(maxsize_file)d kB)."
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
994 ) % {'filename': filename,
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
995 'maxsize_file': request.cfg.unzip_single_file_size / 1000, }
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
996 elif total_size > request.cfg.unzip_attachments_space:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
997 msg = _("Attachment '%(filename)s' not unzipped because it would have exceeded "
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
998 "the per page attachment storage size limit (%(size)d kB).") % {
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
999 'filename': filename,
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1000 'size': request.cfg.unzip_attachments_space / 1000, }
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1001 elif total_count > request.cfg.unzip_attachments_count:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1002 msg = _("Attachment '%(filename)s' not unzipped because it would have exceeded "
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1003 "the per page attachment count limit (%(count)d).") % {
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1004 'filename': filename,
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1005 'count': request.cfg.unzip_attachments_count, }
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1006 else:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1007 not_overwritten = []
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1008 for origname, finalname in mapping:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1009 try:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1010 # Note: reads complete zip member file into memory. ZipFile does not offer block-wise reading:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1011 add_attachment(request, pagename, finalname, zf.read(origname), overwrite)
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1012 except AttachmentAlreadyExists:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1013 not_overwritten.append(finalname)
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1014 if not_overwritten:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1015 msg = _("Attachment '%(filename)s' partially unzipped (did not overwrite: %(filelist)s).") % {
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1016 'filename': filename,
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1017 'filelist': ', '.join(not_overwritten), }
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1018 else:
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1019 msg = _("Attachment '%(filename)s' unzipped.") % {'filename': filename}
5901
b9450db6c129 Attachment handler: catch all Zip-related errors
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5625
diff changeset
1020 except (RuntimeError, zipfile.BadZipfile, zipfile.LargeZipFile), err:
3712
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1021 # We don't want to crash with a traceback here (an exception
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1022 # here could be caused by an uploaded defective zip file - and
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1023 # if we crash here, the user does not get a UI to remove the
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1024 # defective zip file again).
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1025 # RuntimeError is raised by zipfile stdlib module in case of
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1026 # problems (like inconsistent slash and backslash usage in the
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1027 # archive).
5901
b9450db6c129 Attachment handler: catch all Zip-related errors
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5625
diff changeset
1028 # BadZipfile/LargeZipFile are raised when there are some
b9450db6c129 Attachment handler: catch all Zip-related errors
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5625
diff changeset
1029 # specific problems with the archive file.
3712
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1030 logging.exception("An exception within zip file attachment handling occurred:")
b6dcdf55795e AttachFile action: catch RuntimeError when someone tries to unzip a defective archive
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3708
diff changeset
1031 msg = _("A severe error occurred:") + ' ' + str(err)
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
1032
4699
5f51246a4df1 AttachFile XSS fixes: move escaping to error_msg / upload_form
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4647
diff changeset
1033 upload_form(pagename, request, msg=msg)
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
1034
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
1035
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1036 def send_viewfile(pagename, request):
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1037 _ = request.getText
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
1038 fmt = request.html_formatter
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1039
3169
a654cf294f4e AttachFile: fix _access_file return parameter count
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3164
diff changeset
1040 pagename, filename, fpath = _access_file(pagename, request)
1920
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
1041 if not filename:
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
1042 return
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1043
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1044 request.write('<h2>' + _("Attachment '%(filename)s'") % {'filename': filename} + '</h2>')
2736
2ffae6c847fd change the default link target for attachments to 'do=view', add a download link at top of the view page
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2733
diff changeset
1045 # show a download link above the content
2ffae6c847fd change the default link target for attachments to 'do=view', add a download link at top of the view page
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2733
diff changeset
1046 label = _('Download')
3293
65adbf84a0fb AttachFile: Make the download link more prominent
Radomir Dopieralski <moindev@sheep.art.pl>
parents: 3271
diff changeset
1047 link = (fmt.url(1, getAttachUrl(pagename, filename, request, do='get'), css_class="download") +
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
1048 fmt.text(label) +
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
1049 fmt.url(0))
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
1050 request.write('%s<br><br>' % link)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1051
5108
6c31e9dfdd99 support view action for .adraw/.tdraw
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5102
diff changeset
1052 if filename.endswith('.tdraw') or filename.endswith('.adraw'):
6c31e9dfdd99 support view action for .adraw/.tdraw
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5102
diff changeset
1053 request.write(fmt.attachment_drawing(filename, ''))
6c31e9dfdd99 support view action for .adraw/.tdraw
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5102
diff changeset
1054 return
6c31e9dfdd99 support view action for .adraw/.tdraw
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5102
diff changeset
1055
801
1f8976e01c3a fix wrong import, make more use of MimeType class
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 799
diff changeset
1056 mt = wikiutil.MimeType(filename=filename)
3307
f4212fb5ecb0 EmbedObject: fixed bug for image mimetype and configured when to call EmbedObject
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3293
diff changeset
1057
3338
5f660b3c1cd7 moved browser_supported_images to config and exchanged it
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3307
diff changeset
1058 # destinguishs if browser need a plugin in place
5f660b3c1cd7 moved browser_supported_images to config and exchanged it
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3307
diff changeset
1059 if mt.major == 'image' and mt.minor in config.browser_supported_images:
5101
d8ccac2f24c5 getAttachUrl: removed escaped=... param (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5098
diff changeset
1060 url = getAttachUrl(pagename, filename, request)
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
1061 request.write('<img src="%s" alt="%s">' % (
5101
d8ccac2f24c5 getAttachUrl: removed escaped=... param (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5098
diff changeset
1062 wikiutil.escape(url, 1),
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
1063 wikiutil.escape(filename, 1)))
801
1f8976e01c3a fix wrong import, make more use of MimeType class
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 799
diff changeset
1064 return
1f8976e01c3a fix wrong import, make more use of MimeType class
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 799
diff changeset
1065 elif mt.major == 'text':
1989
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1066 ext = os.path.splitext(filename)[1]
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1067 Parser = wikiutil.getParserForExtension(request.cfg, ext)
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1068 if Parser is not None:
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1069 try:
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1070 content = file(fpath, 'r').read()
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1071 content = wikiutil.decodeUnknownInput(content)
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1072 colorizer = Parser(content, request, filename=filename)
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1073 colorizer.format(request.formatter)
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1074 return
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1075 except IOError:
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1076 pass
6d6379c9a1c9 AttachFile.send_viewfile: uses now colorizing parsers on view for mimetype text
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1988
diff changeset
1077
1833
af0feb0e3c7b AttachFile: more usage of the formatter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1832
diff changeset
1078 request.write(request.formatter.preformatted(1))
2286
01f05e74aa9c Big PEP8 and whitespace cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2210
diff changeset
1079 # If we have text but no colorizing parser we try to decode file contents.
801
1f8976e01c3a fix wrong import, make more use of MimeType class
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 799
diff changeset
1080 content = open(fpath, 'r').read()
1f8976e01c3a fix wrong import, make more use of MimeType class
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 799
diff changeset
1081 content = wikiutil.decodeUnknownInput(content)
1f8976e01c3a fix wrong import, make more use of MimeType class
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 799
diff changeset
1082 content = wikiutil.escape(content)
1833
af0feb0e3c7b AttachFile: more usage of the formatter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1832
diff changeset
1083 request.write(request.formatter.text(content))
af0feb0e3c7b AttachFile: more usage of the formatter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1832
diff changeset
1084 request.write(request.formatter.preformatted(0))
801
1f8976e01c3a fix wrong import, make more use of MimeType class
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 799
diff changeset
1085 return
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1086
3706
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1087 try:
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1088 package = packages.ZipPackage(request, fpath)
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1089 if package.isPackage():
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1090 request.write("<pre><b>%s</b>\n%s</pre>" % (_("Package script:"), wikiutil.escape(package.getScript())))
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1091 return
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
1092
3706
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1093 if zipfile.is_zipfile(fpath) and mt.minor == 'zip':
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1094 zf = zipfile.ZipFile(fpath, mode='r')
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1095 request.write("<pre>%-46s %19s %12s\n" % (_("File Name"), _("Modified")+" "*5, _("Size")))
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1096 for zinfo in zf.filelist:
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1097 date = "%d-%02d-%02d %02d:%02d:%02d" % zinfo.date_time
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1098 request.write(wikiutil.escape("%-46s %s %12d\n" % (zinfo.filename, date, zinfo.file_size)))
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1099 request.write("</pre>")
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1100 return
5901
b9450db6c129 Attachment handler: catch all Zip-related errors
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5625
diff changeset
1101 except (RuntimeError, zipfile.BadZipfile, zipfile.LargeZipFile):
3706
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1102 # We don't want to crash with a traceback here (an exception
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1103 # here could be caused by an uploaded defective zip file - and
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1104 # if we crash here, the user does not get a UI to remove the
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1105 # defective zip file again).
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1106 # RuntimeError is raised by zipfile stdlib module in case of
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1107 # problems (like inconsistent slash and backslash usage in the
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1108 # archive).
5901
b9450db6c129 Attachment handler: catch all Zip-related errors
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5625
diff changeset
1109 # BadZipfile/LargeZipFile are raised when there are some
b9450db6c129 Attachment handler: catch all Zip-related errors
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5625
diff changeset
1110 # specific problems with the archive file.
3706
f0532fa90c6d AttachFile action: catch runtime error raised by zipfile when trying to view a defective zip
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3705
diff changeset
1111 logging.exception("An exception within zip file attachment handling occurred:")
80
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
1112 return
99f0d19d0285 Integrated MoinMoin:PackageInstaller and zip support.
Alexander Schremmer <alex@alexanderweb.de.tla>
parents: 33
diff changeset
1113
3266
f62792cb2d24 macro.EmbedObject: adjusted to changes of argument parser, escaped output.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3253
diff changeset
1114 from MoinMoin import macro
f62792cb2d24 macro.EmbedObject: adjusted to changes of argument parser, escaped output.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3253
diff changeset
1115 from MoinMoin.parser.text import Parser
f62792cb2d24 macro.EmbedObject: adjusted to changes of argument parser, escaped output.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3253
diff changeset
1116
1952
8ab85e3711dc AttachFile:send_viewfile extended for mimetypes presentable by EmbedObject
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1920
diff changeset
1117 macro.request = request
8ab85e3711dc AttachFile:send_viewfile extended for mimetypes presentable by EmbedObject
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1920
diff changeset
1118 macro.formatter = request.html_formatter
3266
f62792cb2d24 macro.EmbedObject: adjusted to changes of argument parser, escaped output.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3253
diff changeset
1119 p = Parser("##\n", request)
f62792cb2d24 macro.EmbedObject: adjusted to changes of argument parser, escaped output.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3253
diff changeset
1120 m = macro.Macro(p)
1952
8ab85e3711dc AttachFile:send_viewfile extended for mimetypes presentable by EmbedObject
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1920
diff changeset
1121
2286
01f05e74aa9c Big PEP8 and whitespace cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2210
diff changeset
1122 # use EmbedObject to view valid mime types
1967
3bc30cdc4555 AttachFile, EmbedObject: code optimisation to use wikiutil.MimeType and refactoring of EmbedObject
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1952
diff changeset
1123 if mt is None:
1952
8ab85e3711dc AttachFile:send_viewfile extended for mimetypes presentable by EmbedObject
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1920
diff changeset
1124 request.write('<p>' + _("Unknown file type, cannot display this attachment inline.") + '</p>')
3149
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
1125 link = (fmt.url(1, getAttachUrl(pagename, filename, request)) +
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
1126 fmt.text(filename) +
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
1127 fmt.url(0))
6749e003d7e2 remove attachments direct serving (cfg.attachments), refactor AttachFile to use formatter for link generation
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3122
diff changeset
1128 request.write('For using an external program follow this link %s' % link)
1952
8ab85e3711dc AttachFile:send_viewfile extended for mimetypes presentable by EmbedObject
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1920
diff changeset
1129 return
4632
81598e8c735b AttachFile do=view: quote filename and pagename params for EmbedObject macro call
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4540
diff changeset
1130 request.write(m.execute('EmbedObject', u'target="%s", pagename="%s"' % (filename, pagename)))
1952
8ab85e3711dc AttachFile:send_viewfile extended for mimetypes presentable by EmbedObject
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 1920
diff changeset
1131 return
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1132
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1133
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
1134 def _do_view(pagename, request):
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1135 _ = request.getText
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1136
3152
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
1137 orig_pagename = pagename
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
1138 pagename, filename, fpath = _access_file(pagename, request)
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
1139 if not request.user.may.read(pagename):
719c5bf80150 AttachFile: move ACL processing to handlers, simplify
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3151
diff changeset
1140 return _('You are not allowed to view attachments of this page.')
1920
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
1141 if not filename:
b06ef2a53efa 'make pylint', fixed lots of minor stuff found by pylint (and there is still lots left to do)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1918
diff changeset
1142 return
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1143
5108
6c31e9dfdd99 support view action for .adraw/.tdraw
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5102
diff changeset
1144 request.formatter.page = Page(request, pagename)
6c31e9dfdd99 support view action for .adraw/.tdraw
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5102
diff changeset
1145
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1146 # send header & title
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1147 # Use user interface language for this generated page
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1148 request.setContentLanguage(request.lang)
3122
a1322262398a refactored _() getText calls to match new api
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3084
diff changeset
1149 title = _('attachment:%(filename)s of %(pagename)s') % {
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1150 'filename': filename, 'pagename': pagename}
616
3b08d9413589 move send_title/footer from wikiutil to theme.__init__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 520
diff changeset
1151 request.theme.send_title(title, pagename=pagename)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1152
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1153 # send body
1833
af0feb0e3c7b AttachFile: more usage of the formatter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1832
diff changeset
1154 request.write(request.formatter.startContent())
3169
a654cf294f4e AttachFile: fix _access_file return parameter count
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3164
diff changeset
1155 send_viewfile(orig_pagename, request)
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1156 send_uploadform(pagename, request)
1833
af0feb0e3c7b AttachFile: more usage of the formatter
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1832
diff changeset
1157 request.write(request.formatter.endContent())
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1158
616
3b08d9413589 move send_title/footer from wikiutil to theme.__init__
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 520
diff changeset
1159 request.theme.send_footer(pagename)
617
cf420addd95c removed MoinMoinNoFooter at many places, added call to theme.send_closing_html() where needed
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 616
diff changeset
1160 request.theme.send_closing_html()
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1161
3151
863d90c05507 AttachFile: more refactorings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3150
diff changeset
1162
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1163 #############################################################################
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1164 ### File attachment administration
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1165 #############################################################################
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1166
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1167 def do_admin_browser(request):
3150
8ae94675b9f9 AttachFile: some cosmetical source changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3149
diff changeset
1168 """ Browser for SystemAdmin macro. """
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1169 from MoinMoin.util.dataset import TupleDataset, Column
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1170 _ = request.getText
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1171
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1172 data = TupleDataset()
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1173 data.columns = [
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1174 Column('page', label=('Page')),
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1175 Column('file', label=('Filename')),
889
ad62767ffd0c pep8 style changes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 869
diff changeset
1176 Column('size', label=_('Size'), align='right'),
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1177 ]
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1178
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1179 # iterate over pages that might have attachments
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1180 pages = request.rootpage.getPageList()
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1181 for pagename in pages:
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1182 # check for attachments directory
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1183 page_dir = getAttachDir(request, pagename)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1184 if os.path.isdir(page_dir):
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1185 # iterate over files of the page
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1186 files = os.listdir(page_dir)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1187 for filename in files:
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1188 filepath = os.path.join(page_dir, filename)
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1189 data.addRow((
5625
78f1be3c8777 MoinMoin.widget.browser: introduced feature for sorting tables (http://moinmo.in/FeatureRequests/SortableTables).
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5591
diff changeset
1190 (Page(request, pagename).link_to(request,
78f1be3c8777 MoinMoin.widget.browser: introduced feature for sorting tables (http://moinmo.in/FeatureRequests/SortableTables).
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5591
diff changeset
1191 querystr="action=AttachFile"), wikiutil.escape(pagename, 1)),
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1192 wikiutil.escape(filename.decode(config.charset)),
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1193 os.path.getsize(filepath),
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1194 ))
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1195
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1196 if data:
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1197 from MoinMoin.widget.browser import DataBrowserWidget
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1198
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1199 browser = DataBrowserWidget(request)
5625
78f1be3c8777 MoinMoin.widget.browser: introduced feature for sorting tables (http://moinmo.in/FeatureRequests/SortableTables).
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5591
diff changeset
1200 browser.setData(data, sort_columns=[0, 1])
4093
742cabb168b9 browser._format: refactored input parameter "method". The default value is changed from "GET" to None. Now it does not add a form tag to the table on default. You have to give a value of "GET" or "POST" to add a form tag using the given method.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3907
diff changeset
1201 return browser.render(method="GET")
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1202
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1203 return ''
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1204