Mercurial > moin > 1.9

changeset 6065:bbbfb024a967

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
log abuse when abused action is not presented to user
author 'Karl O. Pinc' <kop@meme.com>
date Thu, 04 Sep 2014 13:16:01 -0500
parents b40799be6932
children 68092d872ecc
files MoinMoin/util/abuse.py MoinMoin/wsgiapp.py
diffstat 2 files changed, 6 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/util/abuse.py	Thu Sep 04 11:47:12 2014 -0500
+++ b/MoinMoin/util/abuse.py	Thu Sep 04 13:16:01 2014 -0500
@@ -25,7 +25,7 @@
     @param username: user's name (optional, if None: determined from request)
     """
     if username is None:
-        if request and request.user.valid:
+        if request and hasattr(request, 'user') and request.user.valid:
             username = request.user.name
         else:
             username = u'anonymous'
--- a/MoinMoin/wsgiapp.py	Thu Sep 04 11:47:12 2014 -0500
+++ b/MoinMoin/wsgiapp.py	Thu Sep 04 13:16:01 2014 -0500
@@ -19,6 +19,7 @@
 from MoinMoin.Page import Page
 from MoinMoin import auth, config, i18n, user, wikiutil, xmlrpc, error
 from MoinMoin.action import get_names, get_available_actions
+from MoinMoin.util.abuse import log_attempt
 
 
 def set_umask(new_mask=0777^config.umask):
@@ -133,12 +134,12 @@
         response = redirect_last_visited(context)
     # 2. handle action
     else:
-        response = handle_action(context, pagename, action_name)
+        response = handle_action(request, context, pagename, action_name)
     if isinstance(response, Context):
         response = response.request
     return response
 
-def handle_action(context, pagename, action_name='show'):
+def handle_action(request, context, pagename, action_name='show'):
     """ Actual dispatcher function for non-XMLRPC actions.
 
     Also sets up the Page object for this request, normalizes and
@@ -170,6 +171,7 @@
     # Disallow non available actions
     elif action_name[0].isupper() and not action_name in \
             get_available_actions(cfg, context.page, context.user):
+        log_attempt(action_name, False, request)
         msg = _("You are not allowed to do %(action_name)s on this page.") % {
                 'action_name': wikiutil.escape(action_name), }
         if not context.user.valid:
@@ -184,6 +186,7 @@
         from MoinMoin import action
         handler = action.getHandler(context, action_name)
         if handler is None:
+            log_attempt(action_name, False, request)
             msg = _("You are not allowed to do %(action_name)s on this page.") % {
                     'action_name': wikiutil.escape(action_name), }
             if not context.user.valid: