changeset 3271:99e7f184541f

merged main
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 16 Mar 2008 21:07:30 +0100
parents e06e15e90ba7 (current diff) 753f234085c2 (diff)
children ca2d37e7c9d0 9c6900a92a64
files MoinMoin/action/AttachFile.py
diffstat 6 files changed, 68 insertions(+), 47 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/AttachFile.py	Sun Mar 16 21:04:16 2008 +0100
+++ b/MoinMoin/action/AttachFile.py	Sun Mar 16 21:07:30 2008 +0100
@@ -88,10 +88,10 @@
     if upload:
         if not drawing:
             url = attachUrl(request, pagename, filename,
-                            rename=filename, action=action_name)
+                            rename=wikiutil.taintfilename(filename), action=action_name)
         else:
             url = attachUrl(request, pagename, filename,
-                            rename=filename, drawing=drawing, action=action_name)
+                            rename=wikiutil.taintfilename(filename), drawing=drawing, action=action_name)
     else:
         if not drawing:
             url = attachUrl(request, pagename, filename,
@@ -991,14 +991,15 @@
         request.write("</pre>")
         return
 
-    # reuse class tmp from Despam to define macro
-    from MoinMoin.action.Despam import tmp
-    macro = tmp()
+    from MoinMoin import macro
+    from MoinMoin.parser.text import Parser
+
     macro.request = request
     macro.formatter = request.html_formatter
+    p = Parser("##\n", request)
+    m = macro.Macro(p)
 
     # use EmbedObject to view valid mime types
-    from MoinMoin.macro import EmbedObject
     if mt is None:
         request.write('<p>' + _("Unknown file type, cannot display this attachment inline.") + '</p>')
         link = (fmt.url(1, getAttachUrl(pagename, filename, request)) +
@@ -1006,8 +1007,7 @@
                 fmt.url(0))
         request.write('For using an external program follow this link %s' % link)
         return
-
-    request.write(EmbedObject.macro_EmbedObject(macro, filename, pagename=pagename))
+    request.write(m.execute('EmbedObject', u'target=%s, pagename=%s' % (filename, pagename)))
     return
 
 
--- a/MoinMoin/action/_tests/test_attachfile.py	Sun Mar 16 21:04:16 2008 +0100
+++ b/MoinMoin/action/_tests/test_attachfile.py	Sun Mar 16 21:07:30 2008 +0100
@@ -45,3 +45,14 @@
     shutil.rmtree(fpath, True)
 
     assert expect == result
+    
+def test_getAttachUrl(request):
+    """
+    Tests if AttachFile.getAttachUrl taints a filename
+    """
+    pagename = "ThisPageDoesOnlyExistForThisTest"
+    filename = "<test2.txt>"
+    expect = "rename=_test2.txt_&"
+    result = AttachFile.getAttachUrl(pagename, filename, request, upload=True)
+
+    assert expect in result 
--- a/MoinMoin/config/multiconfig.py	Sun Mar 16 21:04:16 2008 +0100
+++ b/MoinMoin/config/multiconfig.py	Sun Mar 16 21:07:30 2008 +0100
@@ -286,7 +286,7 @@
         # MUST be in wiki markup, even if the help is not for the wiki parser!
         'wiki': _(u"""\
  Emphasis:: <<Verbatim('')>>''italics''<<Verbatim('')>>; <<Verbatim(''')>>'''bold'''<<Verbatim(''')>>; <<Verbatim(''''')>>'''''bold italics'''''<<Verbatim(''''')>>; <<Verbatim('')>>''mixed ''<<Verbatim(''')>>'''''bold'''<<Verbatim(''')>> and italics''<<Verbatim('')>>; <<Verbatim(----)>> horizontal rule.
- Headings:: <<Verbatim("=")>> Title 1 <<Verbatim("=")>>; <<Verbatim("==")>> Title 2 <<Verbatim("==")>>; <<Verbatim("===")>> Title 3 <<Verbatim("===")>>;   <<Verbatim("====")>> Title 4 <<Verbatim("====")>>; <<Verbatim("=====")>> Title 5 <<Verbatim("=====")>>.
+ Headings:: = Title 1 =; == Title 2 ==; === Title 3 ===; ==== Title 4 ====; ===== Title 5 =====.
  Lists:: space and one of: * bullets; 1., a., A., i., I. numbered items; 1.#n start numbering at n; space alone indents.
  Links:: <<Verbatim(JoinCapitalizedWords)>>; <<Verbatim([[target|linktext]])>>.
  Tables:: || cell text |||| cell text spanning 2 columns ||;    no trailing white space allowed after tables or titles.
--- a/MoinMoin/macro/EmbedObject.py	Sun Mar 16 21:04:16 2008 +0100
+++ b/MoinMoin/macro/EmbedObject.py	Sun Mar 16 21:07:30 2008 +0100
@@ -28,7 +28,7 @@
     @param value: value of param
     """
     if value:
-        return '%(param)s="%(value)s"' % {"param": param, "value": value}
+        return '%(param)s="%(value)s"' % {"param": param, "value": wikiutil.escape(value)}
     else:
         return ""
 
@@ -41,29 +41,30 @@
     if value:
         return '''
 <param name="%(param)s" value="%(value)s" valuetype="%(valuetype)s">''' % {"param": param,
-                                                                           "value": value,
+                                                                           "value": wikiutil.escape(value),
                                                                            "valuetype": valuetype}
     else:
         return ""
 
-def macro_EmbedObject(macro, target=None, pagename=None, width=wikiutil.UnitArgument('0px', float, ['px', 'em', 'mm', '%']),
-                      height=wikiutil.UnitArgument('0px', float, ['px', 'em', 'mm', '%']), alt=u'',
+def macro_EmbedObject(macro, target=None, pagename=None, width=wikiutil.UnitArgument(None, float, ['px', 'em', 'mm', '%']),
+                      height=wikiutil.UnitArgument(None, float, ['px', 'em', 'mm', '%']), alt=u'',
                       play=False, stop=True, loop=False, quality=(u'high', u'low', u'medium'),
                       op=True, repeat=False, autostart=False, align=(u'middle', u'top', u'bottom'), hidden=False,
-                      menu=True, wmode='transparent', url_mimetype=None):
+                      menu=True, wmode=u'transparent', url_mimetype=None):
 
     """ This macro is used to embed an object into a wiki page """
-
     # Join unit arguments with their units
-    if width[1] == 'px':
-        width = '%dpx' % int(width[0])
-    else:
-        width = '%f%s' % width
+    if width:
+        if width[1] == 'px':
+            width = '%dpx' % int(width[0])
+        else:
+            width = '%g%s' % width
 
-    if height[1] == 'px':
-        height = '%dpx' % int(height[0])
-    else:
-        height = '%f%s' % height
+    if height:
+        if height[1] == 'px':
+            height = '%dpx' % int(height[0])
+        else:
+            height = '%g%s' % height
 
     request = macro.request
     _ = macro.request.getText
@@ -98,7 +99,7 @@
         else:
             mt = wikiutil.MimeType() # initialize dict
             mt.major, mt.minor = url_mimetype.split('/')
-            url = wikiutil.escape(target)
+            url = target
 
         # XXX Should better use formatter.embed if available?
         if not mt:
@@ -124,9 +125,10 @@
                       }
     embed_src = ''
     if mt.major == 'video':
-        # default for video otherweise it may be shown in an external viewer
-        # xxx check the argument parser
-        width = width or '400px'
+        if not width and not height:
+            width = '400px'
+            height = '400px'
+
         embed_src = '''
 <object %(ob_data)s %(ob_type)s %(ob_width)s %(ob_height)s %(ob_align)s %(ob_standby)s %(ob_stop)s>
 %(wmode)s%(movie)s%(play)s%(stop)s%(repeat)s%(autostart)s%(op)s%(menu)s
@@ -147,7 +149,7 @@
     "autostart": _check_param_value("autostart", autostart, "data"),
     "op": _check_param_value("op", op, "data"),
     "menu": _check_param_value("menu", menu, "data"),
-    "alt": alt,
+    "alt": wikiutil.escape(alt),
 }
 
     if mt.major in ['image', 'chemical', 'x-world']:
@@ -162,10 +164,13 @@
     "ob_type": _check_object_value("type", mime_type),
     "ob_align": _check_object_value("align", align),
     "name": _check_param_value("name", url, "data"),
-    "alt": alt,
+    "alt": wikiutil.escape(alt),
 }
 
     if mt.major == 'audio':
+        if not width and not height:
+            width = '400px'
+            height = '100px'
         embed_src = '''
 <object %(ob_data)s %(ob_type)s  %(ob_width)s %(ob_height)s %(ob_align)s>
 %(audio)s%(repeat)s%(autostart)s%(op)s%(play)s%(stop)s%(hidden)s<p>%(alt)s</p>
@@ -182,7 +187,7 @@
     "play": _check_param_value("play", play, "data"),
     "stop": _check_param_value("stop", stop, "data"),
     "hidden": _check_param_value("hidden", hidden, "data"),
-    "alt": alt,
+    "alt": wikiutil.escape(alt),
 }
 
     if mt.major == 'application':
@@ -206,8 +211,8 @@
     "play": _check_param_value("play", play, "data"),
     "loop": _check_param_value("loop", loop, "data"),
     "menu": _check_param_value("menu", menu, "data"),
-    "alt": alt,
+    "alt": wikiutil.escape(alt),
 }
 
-    return fmt.rawHTML(embed_src)
+    return embed_src
 
--- a/MoinMoin/macro/_tests/test_EmbedObject.py	Sun Mar 16 21:04:16 2008 +0100
+++ b/MoinMoin/macro/_tests/test_EmbedObject.py	Sun Mar 16 21:07:30 2008 +0100
@@ -39,7 +39,7 @@
                 os.remove(fpath)
 
     def _make_macro(self):
-        """Test helper"""
+        """ Test helper """
         from MoinMoin.parser.text import Parser
         from MoinMoin.formatter.text_html import Formatter
         p = Parser("##\n", self.request)
@@ -57,29 +57,36 @@
         self.page.saveText(body, 0)
 
     def testEmbedObjectDefaultValues(self):
-        """ tests default values of macro EmbedObject"""
+        """ tests default values of macro EmbedObject """
         text = '= Example ='
         self._createTestPage(text)
         m = self._make_macro()
         filename = 'test.ogg'
         result = m.execute('EmbedObject', u'%s' % filename)
-        assert '<object data="./AutoCreatedMoinMoinTemporaryTestPageForEmbedObject?action=AttachFile&do=get&target=test.ogg"' in result
-        assert 'height="0px"' in result
-        assert 'width="0px"' in result
+        assert '<object data="./AutoCreatedMoinMoinTemporaryTestPageForEmbedObject?action=AttachFile&amp;do=get&amp;target=test.ogg"' in result
         assert 'align="middle"' in result
+        assert 'value="transparent"' in result
 
     def testEmbedObjectPercentHeight(self):
-        """ tests default values of macro EmbedObject"""
+        """ tests a unit value for macro EmbedObject """
         text = '= Example2 ='
         self._createTestPage(text)
         m = self._make_macro()
         filename = 'test.ogg'
         height = '50 %' # also tests that space is allowed in there
         result = m.execute('EmbedObject', u'target=%s, height=%s' % (filename, height))
-        assert '<object data="./AutoCreatedMoinMoinTemporaryTestPageForEmbedObject?action=AttachFile&do=get&target=test.ogg"' in result
-        assert 'height="50.000000%"' in result
-        assert 'width="0px"' in result
+        assert '<object data="./AutoCreatedMoinMoinTemporaryTestPageForEmbedObject?action=AttachFile&amp;do=get&amp;target=test.ogg"' in result
+        assert 'height="50%"' in result
         assert 'align="middle"' in result
 
+    def testEmbedObjectFromUrl(self):
+        """ tests using a URL for macro EmbedObject """
+        text = '= Example3 ='
+        self._createTestPage(text)
+        m = self._make_macro()
+        target = 'http://localhost/%s?action=AttachFile&do=view&target=test.ogg' % self.pagename
+        result = m.execute('EmbedObject', u'target=%s, url_mimetype=application/ogg' % target)
+        assert '<object data="http://localhost/AutoCreatedMoinMoinTemporaryTestPageForEmbedObject?action=AttachFile&amp;do=view&amp;target=test.ogg" type="application/ogg"' in result
+
 coverage_modules = ['MoinMoin.macro.EmbedObject']
 
--- a/MoinMoin/parser/text_moin_wiki.py	Sun Mar 16 21:04:16 2008 +0100
+++ b/MoinMoin/parser/text_moin_wiki.py	Sun Mar 16 21:07:30 2008 +0100
@@ -733,16 +733,14 @@
                         #NOT USED CURRENTLY:
 
                         # use EmbedObject for other mimetypes
-                        from MoinMoin.macro import EmbedObject
                         if mt is not None:
-                            # reuse class tmp from Despam to define macro
-                            from MoinMoin.action.Despam import tmp
-                            macro = tmp()
+                            from MoinMoin import macro
                             macro.request = self.request
                             macro.formatter = self.request.html_formatter
+                            p = Parser("##\n", request)
+                            m = macro.Macro(p)
                             pagename = self.formatter.page.page_name
-                            href = AttachFile.getAttachUrl(pagename, url, self.request, escaped=1)
-                            return EmbedObject.macro_EmbedObject(macro, url)
+                            return m.execute('EmbedObject', u'target=%s' % url)
                 elif scheme == 'drawing':
                     desc = self._transclude_description(desc, url)
                     return self.formatter.attachment_drawing(url, desc)