improve language handling and url-parameter sanitizing

This commit is contained in:
age 2006-09-01 23:04:17 +00:00
parent f4bf1c7a34
commit baafed8f38
6 changed files with 63 additions and 19 deletions

View file

@ -24,14 +24,15 @@ class CryptoBoxWebserverRender:
website.log.error("Couldn't read cs file: %s" % cs_path) website.log.error("Couldn't read cs file: %s" % cs_path)
return "Couldn't read cs file: %s" % cs_path return "Couldn't read cs file: %s" % cs_path
hdf_path = website.cbxPrefs["Locations"]["LangDir"]+"/"+website.cbxPrefs["WebSettings"]["Language"]+".hdf" #hdf_path = website.cbxPrefs["Locations"]["LangDir"]+"/"+website.cbxPrefs["WebSettings"]["Language"]+".hdf"
hdf_path = website.cbxPrefs["Locations"]["LangDir"]+"/"+website.settings["Settings.Language"]+".hdf"
if not os.access(hdf_path, os.R_OK): if not os.access(hdf_path, os.R_OK):
website.log.error("Couldn't read hdf file: %s" % hdf_path) website.log.error("Couldn't read hdf file: %s" % hdf_path)
return "Couldn't read hdf file: %s" % hdf_path return "Couldn't read hdf file: %s" % hdf_path
hdf = neo_util.HDF() hdf = neo_util.HDF()
hdf.readFile(hdf_path) hdf.readFile(hdf_path)
#website.log.info(website.settings) website.log.info(website.settings)
for key in website.settings.keys(): for key in website.settings.keys():
hdf.setValue(key,str(website.settings[key])) hdf.setValue(key,str(website.settings[key]))
cs = neo_cs.CS(hdf) cs = neo_cs.CS(hdf)

View file

@ -42,19 +42,40 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
# RFC: why shouldn't it be called in __init__? [l] # RFC: why shouldn't it be called in __init__? [l]
there is no such thing like __init__ in cherrypy sites [a] there is no such thing like __init__ in cherrypy sites [a]
''' '''
niceparams = { 'weblang': self.settings["Settings.AvailableLanguages"], niceparams = {
'loglevel': ('','info', 'warn', 'debug', 'error'), 'weblang': ["Settings.Language", self.settings["Settings.AvailableLanguages"]],
'type': ('reboot', 'poweroff') 'loglevel': ["Log.Level", ('','info', 'warn', 'debug', 'error')],
'type': ["Data.Type", ('reboot', 'poweroff')]
} }
## check all given evil parameters against the nice ones
## set them to self.settings if accepted, otherwise do nothing
for evilkey in evilparams.keys(): for evilkey in evilparams.keys():
for nicekey in niceparams.keys():
if evilkey == nicekey:
#self.log.warn(niceparams[nicekey][0])
#self.log.warn(niceparams[nicekey][1])
if evilparams[nicekey] and evilparams[nicekey] in niceparams[nicekey][1]:
self.settings[niceparams[nicekey][0]] = evilparams[nicekey]
#self.log.warn(niceparams[nicekey][0])
#self.log.warn(evilparams[nicekey])
'''
## e.g. do this manually
if evilkey == "weblang": if evilkey == "weblang":
if evilparams["weblang"] and evilparams["weblang"] in niceparams["weblang"]: if evilparams["weblang"] and evilparams["weblang"] in niceparams["weblang"]:
self.settings["Settings.Language"] = evilparams["weblang"] self.settings["Settings.Language"] = evilparams["weblang"]
if evilkey == "loglevel": if evilkey == "loglevel":
if evilparams["loglevel"] and evilparams["loglevel"] in niceparams["loglevel"]: if evilparams["loglevel"] and evilparams["loglevel"] in niceparams["loglevel"]:
self.settings["Log.Level"] = evilparams["loglevel"] self.settings["Log.Level"] = evilparams["loglevel"]
if evilkey == "type":
if evilparams["type"] and evilparams["type"] in niceparams["type"]:
self.settings["Data.Type"] = evilparams["type"]
'''
return return
def __isHDAvailable(self):
return False
def __check_config(self): def __check_config(self):
#TODO #TODO
@ -112,8 +133,9 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
TODO: "action" is unnessessary, remove it here and from all html TODO: "action" is unnessessary, remove it here and from all html
files in doc/html/[de|en]/* files in doc/html/[de|en]/*
''' '''
# RFC: sanitize?
self.__prepare("show_doc") self.__prepare("show_doc")
# TODO: single pagenames should be sanitized
self.__sanitize_input({"weblang":weblang})
if page: if page:
self.settings["Data.Doc.Page"] = page self.settings["Data.Doc.Page"] = page
else: else:
@ -121,24 +143,26 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
self.settings["Data.Doc.Page"] ="CryptoBoxUser" self.settings["Data.Doc.Page"] ="CryptoBoxUser"
if len(self.settings["Settings.AvailableDocLanguages"]) < 1: if len(self.settings["Settings.AvailableDocLanguages"]) < 1:
self.settings["Data.Error"] = "NoDocumentation" self.settings["Data.Error"] = "NoDocumentation"
## set doclang to weblang, otherwise the default lang from the config will be used ## set doclang to weblang, otherwise the default weblang from the config will be used for doclang
elif weblang in ("en","de"): elif self.settings["Settings.Language"] in ("en","de"):
self.settings["Settings.DocLang"] = weblang self.settings["Settings.DocLang"] = self.settings["Settings.Language"]
return website.render(self) return website.render(self)
def system(self,typeOfShutdown=""): def system(self, type="", weblang=""):
self.__prepare("form_system") self.__prepare("form_system")
if typeOfShutdown == "reboot": self.__sanitize_input({"type":type,"weblang":weblang})
if type == "reboot":
self.settings["Data.Success"] = "ReBoot" self.settings["Data.Success"] = "ReBoot"
self.settings["Data.Redirect.Action"] = "show_status" self.settings["Data.Redirect.Action"] = "show_status"
self.settings["Data.Redirect.Delay"] = "180" self.settings["Data.Redirect.Delay"] = "180"
self.log.info("TODO: call function for system reboot") self.log.info("TODO: call function for system reboot")
elif typeOfShutdown == "poweroff": elif type == "poweroff":
self.settings["Data.Success"] = "PowerOff" self.settings["Data.Success"] = "PowerOff"
self.log.info("TODO: call function for system shutdown") self.log.info("TODO: call function for system shutdown")
else: else:
self.log.warn("someone tried to shutdown the system in a broken way (%s)" % typeOfShutdown) self.log.warn("This shutdown-mode (%s) is not supplied." % type)
return website.render(self) return website.render(self)
@ -146,7 +170,12 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
self.__prepare("show_status") self.__prepare("show_status")
return website.render(self) return website.render(self)
def umount_do(self):
if not __isHDAvailable():
pass
else:
pass
''' '''
## DONE: these functions are pythonized ## DONE: these functions are pythonized
#################### show_log ####################### #################### show_log #######################
@ -155,11 +184,6 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
##################### reboot ######################## ##################### reboot ########################
## but there are even more TODO ## but there are even more TODO
##################### check for a harddisk ##########################
# catch this error, to prevent all following actions from execution #
#####################################################################
elif not True: #TODO: replace True with check for hard disk is_harddisk_available()
settings["Data.Error"] = "NoHardDisk"
#-------------------------------------------------------# #-------------------------------------------------------#
# here you may define all cases that require a harddisk # # here you may define all cases that require a harddisk #
#-------------------------------------------------------# #-------------------------------------------------------#

View file

@ -9,6 +9,8 @@ help!
- SuccessMessage.InitRunning contains only the first sentence - SuccessMessage.InitRunning contains only the first sentence
- SuccessMessage.ReBoot: add a hint for automatic redirection (3rd sentence) - SuccessMessage.ReBoot: add a hint for automatic redirection (3rd sentence)
- EmptyCryptoPassword: change 'Text' accordingly to English string. - EmptyCryptoPassword: change 'Text' accordingly to English string.
- Button.System: is in eglish
- ErrorMessage.NoDocumentation: is in english
Below are some smaller changes in English sentences. Someone may change it accordingly. Below are some smaller changes in English sentences. Someone may change it accordingly.
- MountFailed: add 'Pleasy try again' to the end of the string. - MountFailed: add 'Pleasy try again' to the end of the string.

View file

@ -211,6 +211,12 @@ Lang {
Title = Keine Festplatte Title = Keine Festplatte
Text = Es wurde kein Datenträger gefunden, der zur Speicherung der verschlüsselten Daten geeignet ist. Prüfe bitte, ob beim Anschalten des Computers eine Festplatte vom BIOS erkannt wurde. Text = Es wurde kein Datenträger gefunden, der zur Speicherung der verschlüsselten Daten geeignet ist. Prüfe bitte, ob beim Anschalten des Computers eine Festplatte vom BIOS erkannt wurde.
} }
NoDocumentation {
Title = Keine Hilfeseiten
Text = Es sind keine Hilfeseiten verfügbar!
}
} }
} }

View file

@ -250,6 +250,11 @@ Lang {
Title = No hard disk Title = No hard disk
Text = No disk suitable for an encrypted filesystem found. Please ensure the BIOS detected the disk during power-on of the computer. Text = No disk suitable for an encrypted filesystem found. Please ensure the BIOS detected the disk during power-on of the computer.
} }
NoDocumentation {
Title = No Documentation
Text = There is no Documentation available!
}
} }
} }

View file

@ -55,6 +55,7 @@ Lang {
Protocol = Dnevnik Protocol = Dnevnik
Documentation = Priročnik Documentation = Priročnik
Status = Stanje Status = Stanje
System = System
} }
@ -210,6 +211,11 @@ Lang {
Title = Ni trdega diska Title = Ni trdega diska
Text = Primeren trdi disk za shranjenje kriptiranega datotečnega sistema ni zaznan. Poskrbite da bo med zagonom BIOS zaznal trdi disk. Text = Primeren trdi disk za shranjenje kriptiranega datotečnega sistema ni zaznan. Poskrbite da bo med zagonom BIOS zaznal trdi disk.
} }
NoDocumentation {
Title = No Documentation
Text = There is no Documentation available!
}
} }
} }