Mercurial > moin > 1.9
changeset 3271:99e7f184541f
merged main
| author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
|---|---|
| date | Sun, 16 Mar 2008 21:07:30 +0100 |
| parents | e06e15e90ba7 (current diff) 753f234085c2 (diff) |
| children | ca2d37e7c9d0 9c6900a92a64 |
| files | MoinMoin/action/AttachFile.py |
| diffstat | 6 files changed, 68 insertions(+), 47 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/action/AttachFile.py Sun Mar 16 21:04:16 2008 +0100 +++ b/MoinMoin/action/AttachFile.py Sun Mar 16 21:07:30 2008 +0100 @@ -88,10 +88,10 @@ if upload: if not drawing: url = attachUrl(request, pagename, filename, - rename=filename, action=action_name) + rename=wikiutil.taintfilename(filename), action=action_name) else: url = attachUrl(request, pagename, filename, - rename=filename, drawing=drawing, action=action_name) + rename=wikiutil.taintfilename(filename), drawing=drawing, action=action_name) else: if not drawing: url = attachUrl(request, pagename, filename, @@ -991,14 +991,15 @@ request.write("</pre>") return - # reuse class tmp from Despam to define macro - from MoinMoin.action.Despam import tmp - macro = tmp() + from MoinMoin import macro + from MoinMoin.parser.text import Parser + macro.request = request macro.formatter = request.html_formatter + p = Parser("##\n", request) + m = macro.Macro(p) # use EmbedObject to view valid mime types - from MoinMoin.macro import EmbedObject if mt is None: request.write('<p>' + _("Unknown file type, cannot display this attachment inline.") + '</p>') link = (fmt.url(1, getAttachUrl(pagename, filename, request)) + @@ -1006,8 +1007,7 @@ fmt.url(0)) request.write('For using an external program follow this link %s' % link) return - - request.write(EmbedObject.macro_EmbedObject(macro, filename, pagename=pagename)) + request.write(m.execute('EmbedObject', u'target=%s, pagename=%s' % (filename, pagename))) return
--- a/MoinMoin/action/_tests/test_attachfile.py Sun Mar 16 21:04:16 2008 +0100 +++ b/MoinMoin/action/_tests/test_attachfile.py Sun Mar 16 21:07:30 2008 +0100 @@ -45,3 +45,14 @@ shutil.rmtree(fpath, True) assert expect == result + +def test_getAttachUrl(request): + """ + Tests if AttachFile.getAttachUrl taints a filename + """ + pagename = "ThisPageDoesOnlyExistForThisTest" + filename = "<test2.txt>" + expect = "rename=_test2.txt_&" + result = AttachFile.getAttachUrl(pagename, filename, request, upload=True) + + assert expect in result
--- a/MoinMoin/config/multiconfig.py Sun Mar 16 21:04:16 2008 +0100 +++ b/MoinMoin/config/multiconfig.py Sun Mar 16 21:07:30 2008 +0100 @@ -286,7 +286,7 @@ # MUST be in wiki markup, even if the help is not for the wiki parser! 'wiki': _(u"""\ Emphasis:: <<Verbatim('')>>''italics''<<Verbatim('')>>; <<Verbatim(''')>>'''bold'''<<Verbatim(''')>>; <<Verbatim(''''')>>'''''bold italics'''''<<Verbatim(''''')>>; <<Verbatim('')>>''mixed ''<<Verbatim(''')>>'''''bold'''<<Verbatim(''')>> and italics''<<Verbatim('')>>; <<Verbatim(----)>> horizontal rule. - Headings:: <<Verbatim("=")>> Title 1 <<Verbatim("=")>>; <<Verbatim("==")>> Title 2 <<Verbatim("==")>>; <<Verbatim("===")>> Title 3 <<Verbatim("===")>>; <<Verbatim("====")>> Title 4 <<Verbatim("====")>>; <<Verbatim("=====")>> Title 5 <<Verbatim("=====")>>. + Headings:: = Title 1 =; == Title 2 ==; === Title 3 ===; ==== Title 4 ====; ===== Title 5 =====. Lists:: space and one of: * bullets; 1., a., A., i., I. numbered items; 1.#n start numbering at n; space alone indents. Links:: <<Verbatim(JoinCapitalizedWords)>>; <<Verbatim([[target|linktext]])>>. Tables:: || cell text |||| cell text spanning 2 columns ||; no trailing white space allowed after tables or titles.
--- a/MoinMoin/macro/EmbedObject.py Sun Mar 16 21:04:16 2008 +0100 +++ b/MoinMoin/macro/EmbedObject.py Sun Mar 16 21:07:30 2008 +0100 @@ -28,7 +28,7 @@ @param value: value of param """ if value: - return '%(param)s="%(value)s"' % {"param": param, "value": value} + return '%(param)s="%(value)s"' % {"param": param, "value": wikiutil.escape(value)} else: return "" @@ -41,29 +41,30 @@ if value: return ''' <param name="%(param)s" value="%(value)s" valuetype="%(valuetype)s">''' % {"param": param, - "value": value, + "value": wikiutil.escape(value), "valuetype": valuetype} else: return "" -def macro_EmbedObject(macro, target=None, pagename=None, width=wikiutil.UnitArgument('0px', float, ['px', 'em', 'mm', '%']), - height=wikiutil.UnitArgument('0px', float, ['px', 'em', 'mm', '%']), alt=u'', +def macro_EmbedObject(macro, target=None, pagename=None, width=wikiutil.UnitArgument(None, float, ['px', 'em', 'mm', '%']), + height=wikiutil.UnitArgument(None, float, ['px', 'em', 'mm', '%']), alt=u'', play=False, stop=True, loop=False, quality=(u'high', u'low', u'medium'), op=True, repeat=False, autostart=False, align=(u'middle', u'top', u'bottom'), hidden=False, - menu=True, wmode='transparent', url_mimetype=None): + menu=True, wmode=u'transparent', url_mimetype=None): """ This macro is used to embed an object into a wiki page """ - # Join unit arguments with their units - if width[1] == 'px': - width = '%dpx' % int(width[0]) - else: - width = '%f%s' % width + if width: + if width[1] == 'px': + width = '%dpx' % int(width[0]) + else: + width = '%g%s' % width - if height[1] == 'px': - height = '%dpx' % int(height[0]) - else: - height = '%f%s' % height + if height: + if height[1] == 'px': + height = '%dpx' % int(height[0]) + else: + height = '%g%s' % height request = macro.request _ = macro.request.getText @@ -98,7 +99,7 @@ else: mt = wikiutil.MimeType() # initialize dict mt.major, mt.minor = url_mimetype.split('/') - url = wikiutil.escape(target) + url = target # XXX Should better use formatter.embed if available? if not mt: @@ -124,9 +125,10 @@ } embed_src = '' if mt.major == 'video': - # default for video otherweise it may be shown in an external viewer - # xxx check the argument parser - width = width or '400px' + if not width and not height: + width = '400px' + height = '400px' + embed_src = ''' <object %(ob_data)s %(ob_type)s %(ob_width)s %(ob_height)s %(ob_align)s %(ob_standby)s %(ob_stop)s> %(wmode)s%(movie)s%(play)s%(stop)s%(repeat)s%(autostart)s%(op)s%(menu)s @@ -147,7 +149,7 @@ "autostart": _check_param_value("autostart", autostart, "data"), "op": _check_param_value("op", op, "data"), "menu": _check_param_value("menu", menu, "data"), - "alt": alt, + "alt": wikiutil.escape(alt), } if mt.major in ['image', 'chemical', 'x-world']: @@ -162,10 +164,13 @@ "ob_type": _check_object_value("type", mime_type), "ob_align": _check_object_value("align", align), "name": _check_param_value("name", url, "data"), - "alt": alt, + "alt": wikiutil.escape(alt), } if mt.major == 'audio': + if not width and not height: + width = '400px' + height = '100px' embed_src = ''' <object %(ob_data)s %(ob_type)s %(ob_width)s %(ob_height)s %(ob_align)s> %(audio)s%(repeat)s%(autostart)s%(op)s%(play)s%(stop)s%(hidden)s<p>%(alt)s</p> @@ -182,7 +187,7 @@ "play": _check_param_value("play", play, "data"), "stop": _check_param_value("stop", stop, "data"), "hidden": _check_param_value("hidden", hidden, "data"), - "alt": alt, + "alt": wikiutil.escape(alt), } if mt.major == 'application': @@ -206,8 +211,8 @@ "play": _check_param_value("play", play, "data"), "loop": _check_param_value("loop", loop, "data"), "menu": _check_param_value("menu", menu, "data"), - "alt": alt, + "alt": wikiutil.escape(alt), } - return fmt.rawHTML(embed_src) + return embed_src
--- a/MoinMoin/macro/_tests/test_EmbedObject.py Sun Mar 16 21:04:16 2008 +0100 +++ b/MoinMoin/macro/_tests/test_EmbedObject.py Sun Mar 16 21:07:30 2008 +0100 @@ -39,7 +39,7 @@ os.remove(fpath) def _make_macro(self): - """Test helper""" + """ Test helper """ from MoinMoin.parser.text import Parser from MoinMoin.formatter.text_html import Formatter p = Parser("##\n", self.request) @@ -57,29 +57,36 @@ self.page.saveText(body, 0) def testEmbedObjectDefaultValues(self): - """ tests default values of macro EmbedObject""" + """ tests default values of macro EmbedObject """ text = '= Example =' self._createTestPage(text) m = self._make_macro() filename = 'test.ogg' result = m.execute('EmbedObject', u'%s' % filename) - assert '<object data="./AutoCreatedMoinMoinTemporaryTestPageForEmbedObject?action=AttachFile&do=get&target=test.ogg"' in result - assert 'height="0px"' in result - assert 'width="0px"' in result + assert '<object data="./AutoCreatedMoinMoinTemporaryTestPageForEmbedObject?action=AttachFile&do=get&target=test.ogg"' in result assert 'align="middle"' in result + assert 'value="transparent"' in result def testEmbedObjectPercentHeight(self): - """ tests default values of macro EmbedObject""" + """ tests a unit value for macro EmbedObject """ text = '= Example2 =' self._createTestPage(text) m = self._make_macro() filename = 'test.ogg' height = '50 %' # also tests that space is allowed in there result = m.execute('EmbedObject', u'target=%s, height=%s' % (filename, height)) - assert '<object data="./AutoCreatedMoinMoinTemporaryTestPageForEmbedObject?action=AttachFile&do=get&target=test.ogg"' in result - assert 'height="50.000000%"' in result - assert 'width="0px"' in result + assert '<object data="./AutoCreatedMoinMoinTemporaryTestPageForEmbedObject?action=AttachFile&do=get&target=test.ogg"' in result + assert 'height="50%"' in result assert 'align="middle"' in result + def testEmbedObjectFromUrl(self): + """ tests using a URL for macro EmbedObject """ + text = '= Example3 =' + self._createTestPage(text) + m = self._make_macro() + target = 'http://localhost/%s?action=AttachFile&do=view&target=test.ogg' % self.pagename + result = m.execute('EmbedObject', u'target=%s, url_mimetype=application/ogg' % target) + assert '<object data="http://localhost/AutoCreatedMoinMoinTemporaryTestPageForEmbedObject?action=AttachFile&do=view&target=test.ogg" type="application/ogg"' in result + coverage_modules = ['MoinMoin.macro.EmbedObject']
--- a/MoinMoin/parser/text_moin_wiki.py Sun Mar 16 21:04:16 2008 +0100 +++ b/MoinMoin/parser/text_moin_wiki.py Sun Mar 16 21:07:30 2008 +0100 @@ -733,16 +733,14 @@ #NOT USED CURRENTLY: # use EmbedObject for other mimetypes - from MoinMoin.macro import EmbedObject if mt is not None: - # reuse class tmp from Despam to define macro - from MoinMoin.action.Despam import tmp - macro = tmp() + from MoinMoin import macro macro.request = self.request macro.formatter = self.request.html_formatter + p = Parser("##\n", request) + m = macro.Macro(p) pagename = self.formatter.page.page_name - href = AttachFile.getAttachUrl(pagename, url, self.request, escaped=1) - return EmbedObject.macro_EmbedObject(macro, url) + return m.execute('EmbedObject', u'target=%s' % url) elif scheme == 'drawing': desc = self._transclude_description(desc, url) return self.formatter.attachment_drawing(url, desc)