improve language handling and url-parameter sanitizing

pythonrewrite/bin2/CryptoBoxWebserverRender.py

@@ -24,14 +24,15 @@ class CryptoBoxWebserverRender:
 			website.log.error("Couldn't read cs file: %s" % cs_path)
 			return "Couldn't read cs file: %s" % cs_path
 
-		hdf_path = website.cbxPrefs["Locations"]["LangDir"]+"/"+website.cbxPrefs["WebSettings"]["Language"]+".hdf"
+		#hdf_path = website.cbxPrefs["Locations"]["LangDir"]+"/"+website.cbxPrefs["WebSettings"]["Language"]+".hdf"
+		hdf_path = website.cbxPrefs["Locations"]["LangDir"]+"/"+website.settings["Settings.Language"]+".hdf"
 		if not os.access(hdf_path, os.R_OK):
 			website.log.error("Couldn't read hdf file: %s" % hdf_path)
 			return "Couldn't read hdf file: %s" % hdf_path
 
 		hdf = neo_util.HDF()
 		hdf.readFile(hdf_path)
-		#website.log.info(website.settings)
+		website.log.info(website.settings)
 		for key in website.settings.keys():
 			hdf.setValue(key,str(website.settings[key]))
 		cs = neo_cs.CS(hdf)

pythonrewrite/bin2/CryptoBoxWebserverSites.py

@@ -42,19 +42,40 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
 		# RFC: why shouldn't it be called in __init__? [l]
 			there is no such thing like __init__ in cherrypy sites [a]
 		'''
-		niceparams = { 'weblang': self.settings["Settings.AvailableLanguages"],
+		niceparams = { 
-				'loglevel': ('','info', 'warn', 'debug', 'error'),
+				'weblang': ["Settings.Language", self.settings["Settings.AvailableLanguages"]],
-				'type': ('reboot', 'poweroff')
+				'loglevel': ["Log.Level", ('','info', 'warn', 'debug', 'error')],
+				'type': ["Data.Type", ('reboot', 'poweroff')]
 				}
+		## check all given evil parameters against the nice ones
+		## set them to self.settings if accepted, otherwise do nothing
 		for evilkey in evilparams.keys():
+			for nicekey in niceparams.keys():
+				if evilkey == nicekey:
+					#self.log.warn(niceparams[nicekey][0])
+					#self.log.warn(niceparams[nicekey][1])
+					if evilparams[nicekey] and evilparams[nicekey] in niceparams[nicekey][1]: 
+						self.settings[niceparams[nicekey][0]] = evilparams[nicekey]
+						#self.log.warn(niceparams[nicekey][0])
+						#self.log.warn(evilparams[nicekey])
+					
+			'''
+			## e.g. do this manually
 			if evilkey == "weblang":
 				if evilparams["weblang"] and evilparams["weblang"] in niceparams["weblang"]:
 					self.settings["Settings.Language"] = evilparams["weblang"]
 			if evilkey == "loglevel":
 				if evilparams["loglevel"] and evilparams["loglevel"] in niceparams["loglevel"]:
 					self.settings["Log.Level"] = evilparams["loglevel"]
+			if evilkey == "type":
+				if evilparams["type"] and evilparams["type"] in niceparams["type"]:
+					self.settings["Data.Type"] = evilparams["type"]
+			'''
+
 		return
 
+	def __isHDAvailable(self):
+		return False
 
 	def __check_config(self):
 		#TODO
@@ -112,8 +133,9 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
 		TODO: "action" is unnessessary, remove it here and from all html
 		files in doc/html/[de|en]/*
 		'''
-		# RFC: sanitize?
 		self.__prepare("show_doc")
+		# TODO: single pagenames should be sanitized
+		self.__sanitize_input({"weblang":weblang}) 
 		if page:
 			self.settings["Data.Doc.Page"] = page
 		else:
@@ -121,24 +143,26 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
 			self.settings["Data.Doc.Page"] ="CryptoBoxUser"
 		if len(self.settings["Settings.AvailableDocLanguages"]) < 1:
 			self.settings["Data.Error"] = "NoDocumentation"
-		## set doclang to weblang, otherwise the default lang from the config will be used
+		## set doclang to weblang, otherwise the default weblang from the config will be used for doclang
-		elif weblang in ("en","de"):
+		elif self.settings["Settings.Language"] in ("en","de"):
-			self.settings["Settings.DocLang"] = weblang
+			self.settings["Settings.DocLang"] = self.settings["Settings.Language"]
+
 		return website.render(self)
 
 
-	def system(self,typeOfShutdown=""):
+	def system(self, type="", weblang=""):
 		self.__prepare("form_system")
-		if typeOfShutdown == "reboot":
+		self.__sanitize_input({"type":type,"weblang":weblang})
+		if type == "reboot":
 			self.settings["Data.Success"] = "ReBoot"
 			self.settings["Data.Redirect.Action"] = "show_status"
 			self.settings["Data.Redirect.Delay"] = "180"
 			self.log.info("TODO: call function for system reboot")
-		elif typeOfShutdown == "poweroff":
+		elif type == "poweroff":
 			self.settings["Data.Success"] = "PowerOff"
 			self.log.info("TODO: call function for system shutdown")
 		else:
-			self.log.warn("someone tried to shutdown the system in a broken way (%s)" % typeOfShutdown)
+			self.log.warn("This shutdown-mode (%s) is not supplied." % type)
 		return website.render(self)
 
 
@@ -146,6 +170,11 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
 		self.__prepare("show_status")
 		return website.render(self)
 		
+	def umount_do(self):
+		if not __isHDAvailable():
+			pass
+		else:
+			pass
 			
 		'''
 		## DONE: these functions are pythonized
@@ -155,11 +184,6 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
 		##################### reboot ########################
 
 		## but there are even more TODO
-		##################### check for a harddisk ##########################
-		# catch this error, to prevent all following actions from execution #
-		#####################################################################
-		elif not True: #TODO: replace True with check for hard disk is_harddisk_available()
-			settings["Data.Error"] = "NoHardDisk"
 		#-------------------------------------------------------#
 		# here you may define all cases that require a harddisk #
 		#-------------------------------------------------------#

pythonrewrite/lang/TODO

@@ -9,6 +9,8 @@ help!
 - SuccessMessage.InitRunning contains only the first sentence
 - SuccessMessage.ReBoot: add a hint for automatic redirection (3rd sentence)
 - EmptyCryptoPassword: change 'Text' accordingly to English string.
+- Button.System: is in eglish
+- ErrorMessage.NoDocumentation: is in english
 
 Below are some smaller changes in English sentences. Someone may change it accordingly.
 - MountFailed: add 'Pleasy try again' to the end of the string.

pythonrewrite/lang/de.hdf

@@ -211,6 +211,12 @@ Lang {
 			Title	= Keine Festplatte
 			Text	= Es wurde kein Datenträger gefunden, der zur Speicherung der verschlüsselten Daten geeignet ist. Prüfe bitte, ob beim Anschalten des Computers eine Festplatte vom BIOS erkannt wurde.
 		}
+
+		NoDocumentation {
+			Title	= Keine Hilfeseiten
+			Text	= Es sind keine Hilfeseiten verfügbar!
+		}
+
 	}
 
 }

pythonrewrite/lang/en.hdf

@@ -250,6 +250,11 @@ Lang {
 			Title	= No hard disk
 			Text	= No disk suitable for an encrypted filesystem found. Please ensure the BIOS detected the disk during power-on of the computer.
 		}
+
+		NoDocumentation {
+			Title	= No Documentation
+			Text	= There is no Documentation available!
+		}
 	}
 
 }

pythonrewrite/lang/si.hdf

@@ -55,6 +55,7 @@ Lang {
 		Protocol	= Dnevnik
 		Documentation	= Priročnik
 		Status		= Stanje
+		System	=	System
 	}
 
 
@@ -210,6 +211,11 @@ Lang {
 			Title	= Ni trdega diska
 			Text	= Primeren trdi disk za shranjenje kriptiranega datotečnega sistema ni zaznan. Poskrbite da bo med zagonom BIOS zaznal trdi disk.
 		}
+
+		NoDocumentation {
+			Title	= No Documentation
+			Text	= There is no Documentation available!
+		}
 	}
 
 }