本文整理汇总了Python中MoinMoin.wikiutil.taintfilename函数的典型用法代码示例。如果您正苦于以下问题:Python taintfilename函数的具体用法?Python taintfilename怎么用?Python taintfilename使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了taintfilename函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: do_addattachment
def do_addattachment(self, zipname, filename, pagename, author=u"Scripting Subsystem", comment=u""):
"""
Installs an attachment
@param pagename: Page where the file is attached. Or in 2.0, the file itself.
@param zipname: Filename of the attachment from the zip file
@param filename: Filename of the attachment (just applicable for MoinMoin < 2.0)
"""
if self.request.user.may.write(pagename):
_ = self.request.getText
attachments = Page(self.request, pagename).getPagePath("attachments", check_create=1)
filename = wikiutil.taintfilename(filename)
zipname = wikiutil.taintfilename(zipname)
target = os.path.join(attachments, filename)
page = PageEditor(self.request, pagename, do_editor_backup=0, uid_override=author)
rev = page.current_rev()
path = page.getPagePath(check_create=0)
if not os.path.exists(target):
self._extractToFile(zipname, target)
if os.path.exists(target):
os.chmod(target, config.umask )
action = 'ATTNEW'
edit_logfile_append(self, pagename, path, rev, action, logname='edit-log',
comment=u'%(filename)s' % {"filename": filename}, author=author)
self.msg += u"%(filename)s attached \n" % {"filename": filename}
else:
self.msg += u"%(filename)s not attached \n" % {"filename": filename}
else:
self.msg += u"action add attachment: not enough rights - nothing done \n"示例2: _do_attachment_move
def _do_attachment_move(pagename, request):
_ = request.getText
if 'cancel' in request.form:
return _('Move aborted!')
if not wikiutil.checkTicket(request, request.form.get('ticket', '')):
return _('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'AttachFile.move' }
if not request.user.may.delete(pagename):
return _('You are not allowed to move attachments from this page.')
if 'newpagename' in request.form:
new_pagename = request.form.get('newpagename')
else:
upload_form(pagename, request, msg=_("Move aborted because new page name is empty."))
if 'newattachmentname' in request.form:
new_attachment = request.form.get('newattachmentname')
if new_attachment != wikiutil.taintfilename(new_attachment):
upload_form(pagename, request, msg=_("Please use a valid filename for attachment '%(filename)s'.") % {
'filename': new_attachment})
return
else:
upload_form(pagename, request, msg=_("Move aborted because new attachment name is empty."))
attachment = request.form.get('oldattachmentname')
if attachment != wikiutil.taintfilename(attachment):
upload_form(pagename, request, msg=_("Please use a valid filename for attachment '%(filename)s'.") % {
'filename': attachment})
return
move_file(request, pagename, new_pagename, attachment, new_attachment)示例3: xmlrpc_putAttachment
def xmlrpc_putAttachment(self, pagename, attachname, data):
"""
Store <data> as content of attachment <attachname> of page <pagename>.
@param pagename: pagename (utf-8)
@param attachname: attachment name (utf-8)
@param data: file data (base64)
@rtype: bool
@return: True if attachment was successfully stored
"""
pagename = self._instr(pagename)
# User may read page?
if not self.request.user.may.read(pagename):
return self.notAllowedFault()
# also check ACLs
if not self.request.user.may.write(pagename):
return xmlrpclib.Fault(1, "You are not allowed to edit this page")
attachname = wikiutil.taintfilename(self._instr(attachname))
filename = AttachFile.getFilename(self.request, pagename, attachname)
if os.path.exists(filename) and not os.path.isfile(filename):
return self.noSuchPageFault()
open(filename, 'wb+').write(data.data)
AttachFile._addLogEntry(self.request, 'ATTNEW', pagename, attachname)
return xmlrpclib.Boolean(1)示例4: package
def package(self):
""" Calls collectpackage() with the arguments specified. """
_ = self.request.getText
# Get new name from form and normalize.
pagelist = self.request.values.get('pagelist', u'')
packagename = self.request.values.get('packagename', u'')
include_attachments = self.request.values.get('include_attachments', False)
if not self.request.values.get('submit'):
self.request.theme.add_msg(self.makeform(), "dialog")
raise ActionError
target = wikiutil.taintfilename(packagename)
if not target:
self.request.theme.add_msg(self.makeform(_('Invalid filename "%s"!') % wikiutil.escape(packagename)), "error")
raise ActionError
request = self.request
filelike = cStringIO.StringIO()
package = self.collectpackage(unpackLine(pagelist, ","), filelike, target, include_attachments)
request.headers['Content-Type'] = 'application/zip'
request.headers['Content-Length'] = filelike.tell()
request.headers['Content-Disposition'] = 'inline; filename="%s"' % target
request.write(filelike.getvalue())
filelike.close()示例5: attachment_inlined
def attachment_inlined(self, url, text, **kw):
from MoinMoin.action import AttachFile
import os
_ = self.request.getText
pagename, filename = AttachFile.absoluteName(url, self.page.page_name)
fname = wikiutil.taintfilename(filename)
fpath = AttachFile.getFilename(self.request, pagename, fname)
ext = os.path.splitext(filename)[1]
Parser = wikiutil.getParserForExtension(self.request.cfg, ext)
if Parser is not None:
try:
content = file(fpath, "r").read()
# Try to decode text. It might return junk, but we don't
# have enough information with attachments.
content = wikiutil.decodeUnknownInput(content)
if ".csv" in getattr(Parser, "extensions", list()):
colorizer = Parser(content, self.request, filename=filename, format_args=kw.get("format_args", ""))
else:
colorizer = Parser(content, self.request, filename=filename)
colorizer.format(self)
except IOError:
pass
return self.attachment_link(1, url) + self.text(text) + self.attachment_link(0)示例6: xmlrpc_putAttachment
def xmlrpc_putAttachment(self, pagename, attachname, data):
""" Set attachname associated with pagename to data
@param pagename: pagename (utf-8)
@param attachname: attachment name (utf-8)
@param data: file data (base64)
@rtype boolean
@return True if attachment was set
"""
pagename = self._instr(pagename)
# User may read page?
if not self.request.user.may.read(pagename):
return self.notAllowedFault()
# also check ACLs
if not self.request.user.may.write(pagename):
return xmlrpclib.Fault(1, "You are not allowed to edit this page")
attachname = wikiutil.taintfilename(attachname)
filename = AttachFile.getFilename(self.request, pagename, attachname)
if os.path.exists(filename) and not os.path.isfile(filename):
return self.noSuchPageFault()
open(filename, 'wb+').write(data.data)
AttachFile._addLogEntry(self.request, 'ATTNEW', pagename, filename)
return xmlrpclib.Boolean(1)示例7: add_attachment
def add_attachment(request, pagename, target, filecontent, overwrite=0):
""" save <filecontent> to an attachment <target> of page <pagename>
filecontent can be either a str (in memory file content),
or an open file object (file content in e.g. a tempfile).
"""
# replace illegal chars
target = wikiutil.taintfilename(target)
# get directory, and possibly create it
attach_dir = getAttachDir(request, pagename, create=1)
fpath = os.path.join(attach_dir, target).encode(config.charset)
exists = os.path.exists(fpath)
if exists:
if overwrite:
remove_attachment(request, pagename, target)
else:
raise AttachmentAlreadyExists
# save file
stream = open(fpath, 'wb')
try:
_write_stream(filecontent, stream)
finally:
stream.close()
_addLogEntry(request, 'ATTNEW', pagename, target)
filesize = os.path.getsize(fpath)
event = FileAttachedEvent(request, pagename, target, filesize)
send_event(event)
return target, filesize示例8: do_delattachment
def do_delattachment(self, filename, pagename, author=u"Scripting Subsystem", comment=u""):
"""
Removes an attachment
@param pagename: Page where the file is attached. Or in 2.0, the file itself.
@param filename: Filename of the attachment (just applicable for MoinMoin < 2.0)
"""
if self.request.user.may.write(pagename):
_ = self.request.getText
attachments = Page(self.request, pagename).getPagePath("attachments", check_create=1)
filename = wikiutil.taintfilename(filename)
target = os.path.join(attachments, filename)
page = PageEditor(self.request, pagename, do_editor_backup=0, uid_override=author)
rev = page.current_rev()
path = page.getPagePath(check_create=0)
if os.path.exists(target):
os.remove(target)
action = 'ATTDEL'
edit_logfile_append(self, pagename, path, rev, action, logname='edit-log',
comment=u'%(filename)s' % {"filename": filename}, author=author)
self.msg += u"%(filename)s removed \n" % {"filename": filename}
else:
self.msg += u"%(filename)s does not exist \n" % {"filename": filename}
else:
self.msg += u"action delete attachment: not enough rights - nothing done \n"示例9: attachment_drawing
def attachment_drawing(self, url, text, **kw):
_ = self.request.getText
pagename = self.page.page_name
image = url + u'.png'
fname = wikiutil.taintfilename(image)
fpath = AttachFile.getFilename(self.request, pagename, fname)
return self.image(
title="drawing:%s" % wikiutil.quoteWikinameURL(url),
src=AttachFile.getAttachUrl(pagename, image, self.request, addts=1))示例10: getAttachUrl
def getAttachUrl(pagename, filename, request, addts=0, escaped=0, do='get', drawing='', upload=False):
""" Get URL that points to attachment `filename` of page `pagename`. """
if upload:
if not drawing:
url = attachUrl(request, pagename, filename,
rename=wikiutil.taintfilename(filename), action=action_name)
else:
url = attachUrl(request, pagename, filename,
rename=wikiutil.taintfilename(filename), drawing=drawing, action=action_name)
else:
if not drawing:
url = attachUrl(request, pagename, filename,
target=filename, action=action_name, do=do)
else:
url = attachUrl(request, pagename, filename,
drawing=drawing, action=action_name)
if escaped:
url = wikiutil.escape(url)
return url示例11: attachment_link
def attachment_link(self, on, url=None, **kw):
assert on in (0, 1, False, True) # make sure we get called the new way, not like the 1.5 api was
# we do not output a "upload link" when outputting docbook
if on:
pagename, filename = AttachFile.absoluteName(url, self.page.page_name)
fname = wikiutil.taintfilename(filename)
target = AttachFile.getAttachUrl(pagename, filename, self.request)
return self.url(1, target, title="attachment:%s" % url)
else:
return self.url(0)示例12: check_attachfile
def check_attachfile(request, pagename, aname):
# Check that the attach dir exists
getAttachDir(request, pagename, create=1)
aname = wikiutil.taintfilename(aname)
fpath = getFilename(request, pagename, aname)
# Trying to make sure the target is a regular file
if os.path.isfile(fpath) and not os.path.islink(fpath):
return fpath, True
return fpath, False示例13: addAttachment
def addAttachment(self, name, content):
"""add image to attachment"""
if os.path.splitext(name)[1].lower() not in \
['.' + x for x in self.image_extenstions]:
name += '.jpg' # if the url didn't contain a image extention
AttachFile.add_attachment(self.request,
self.pagename,
name,
content,
True)
return wikiutil.taintfilename(name)示例14: attachment_link
def attachment_link(self, url, text, **kw):
_ = self.request.getText
pagename, filename = AttachFile.absoluteName(url, self.page.page_name)
fname = wikiutil.taintfilename(filename)
fpath = AttachFile.getFilename(self.request, pagename, fname)
target = AttachFile.getAttachUrl(pagename, filename, self.request)
if not os.path.exists(fpath):
return self.text("[attachment:%s]" % url)
else:
return (self.url(1, target, title="attachment:%s" % url) +
self.text(text) +
self.url(0))示例15: attachment_image
def attachment_image(self, url, **kw):
_ = self.request.getText
pagename, filename = AttachFile.absoluteName(url, self.page.page_name)
fname = wikiutil.taintfilename(filename)
fpath = AttachFile.getFilename(self.request, pagename, fname)
if not os.path.exists(fpath):
return self.text("[attachment:%s]" % url)
else:
return self.image(
title="attachment:%s" % url,
src=AttachFile.getAttachUrl(pagename, filename,
self.request, addts=1))