Mercurial > moin > 1.9
changeset 6065:bbbfb024a967
log abuse when abused action is not presented to user
author | 'Karl O. Pinc' <kop@meme.com> |
---|---|
date | Thu, 04 Sep 2014 13:16:01 -0500 |
parents | b40799be6932 |
children | 68092d872ecc |
files | MoinMoin/util/abuse.py MoinMoin/wsgiapp.py |
diffstat | 2 files changed, 6 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/util/abuse.py Thu Sep 04 11:47:12 2014 -0500 +++ b/MoinMoin/util/abuse.py Thu Sep 04 13:16:01 2014 -0500 @@ -25,7 +25,7 @@ @param username: user's name (optional, if None: determined from request) """ if username is None: - if request and request.user.valid: + if request and hasattr(request, 'user') and request.user.valid: username = request.user.name else: username = u'anonymous'
--- a/MoinMoin/wsgiapp.py Thu Sep 04 11:47:12 2014 -0500 +++ b/MoinMoin/wsgiapp.py Thu Sep 04 13:16:01 2014 -0500 @@ -19,6 +19,7 @@ from MoinMoin.Page import Page from MoinMoin import auth, config, i18n, user, wikiutil, xmlrpc, error from MoinMoin.action import get_names, get_available_actions +from MoinMoin.util.abuse import log_attempt def set_umask(new_mask=0777^config.umask): @@ -133,12 +134,12 @@ response = redirect_last_visited(context) # 2. handle action else: - response = handle_action(context, pagename, action_name) + response = handle_action(request, context, pagename, action_name) if isinstance(response, Context): response = response.request return response -def handle_action(context, pagename, action_name='show'): +def handle_action(request, context, pagename, action_name='show'): """ Actual dispatcher function for non-XMLRPC actions. Also sets up the Page object for this request, normalizes and @@ -170,6 +171,7 @@ # Disallow non available actions elif action_name[0].isupper() and not action_name in \ get_available_actions(cfg, context.page, context.user): + log_attempt(action_name, False, request) msg = _("You are not allowed to do %(action_name)s on this page.") % { 'action_name': wikiutil.escape(action_name), } if not context.user.valid: @@ -184,6 +186,7 @@ from MoinMoin import action handler = action.getHandler(context, action_name) if handler is None: + log_attempt(action_name, False, request) msg = _("You are not allowed to do %(action_name)s on this page.") % { 'action_name': wikiutil.escape(action_name), } if not context.user.valid: