## Some handy regular expressions.
R_URLESC = RX.compile('%([0-9a-fA-F]{2})')
R_URLBAD = RX.compile('[^-\\w,.!]')
-R_HTMLBAD = RX.compile('[&<>]')
+R_HTMLBAD = RX.compile('[&<>\'"]')
def urldecode(s):
"""Decode a single form-url-encoded string S."""
## Some standard character sequences, and HTML entity names for prettier
## versions.
-_quotify = U.StringSubst({
+html_quotify = U.StringSubst({
+ "<": '<',
+ ">": '>',
+ "&": '&',
"`": '‘',
"'": '’',
+ '"': '"',
"``": '“',
"''": '”',
"--": '–',
"---": '—'
})
-def html_quotify(s):
- """Return a pretty HTML version of S."""
- return _quotify(htmlescape(s))
###--------------------------------------------------------------------------
### Output machinery.
"""Constructor: initialize `headerp' flag."""
super(HTTPOutput, me).__init__(*args, **kw)
me.headerp = False
+ me.warnings = []
def write(me, msg):
"""Output protocol: print a header if we've not written one already."""
"""
Print a header, if none has yet been printed.
- Keyword arguments can be passed to emit HTTP headers: see `http_header'
+ Keyword arguments can be passed to emit HTTP headers: see `http_headers'
for the formatting rules.
"""
if me.headerp: return
for h in O.http_headers(content_type = content_type, **kw):
me.writeln(h)
me.writeln('')
+ if METHOD == 'HEAD':
+ HEADER_DONE()
+
+ def warn(me, msg):
+ """
+ Report a warning message.
+
+ The warning is stashed in a list where it can be retrieved using
+ `warnings'.
+ """
+ me.warnings.append(msg)
def cookie(name, value, **kw):
"""
package = PACKAGE,
version = VERSION,
script = CFG.SCRIPT_NAME,
- static = CFG.STATIC)
+ static = CFG.STATIC,
+ allowop = CFG.ALLOWOP)
class TemplateFinder (object):
"""
with open(OS.path.join(me._dir, key)) as f: tmpl = f.read()
me._cache[key] = tmpl
return tmpl
-TMPL = TemplateFinder(TMPLDIR)
+STATE.kw['TMPL'] = TMPL = TemplateFinder(TMPLDIR)
@CTX.contextmanager
def tmplkw(**kw):
"""
~H: escape output suitable for inclusion in HTML.
- With `:', instead apply form-urlencoding.
+ With `:', additionally apply quotification.
"""
def _convert(me, arg):
if me.colonp: return html_quotify(arg)
else: return htmlescape(arg)
FORMATOPS['H'] = FormatHTML
+class FormatWrap (F.BaseFormatOperation):
+ """
+ ~<...~@>: wrap enclosed material in another formatting control string.
+
+ The argument is a formatting control. The enclosed material is split into
+ pieces separated by `~;' markers. The formatting control is performed, and
+ passed the list of pieces (as compiled formatting operations) in the
+ keyword argument `wrapped'.
+ """
+ def __init__(me, *args):
+ super(FormatWrap, me).__init__(*args)
+ pieces = []
+ while True:
+ piece, delim = F.collect_subformat('>;')
+ pieces.append(piece)
+ if delim.char == '>': break
+ me.pieces = pieces
+ def _format(me, atp, colonp):
+ op = F.compile(me.getarg.get())
+ with F.FORMAT.bind(argmap = dict(F.FORMAT.argmap, wrapped = me.pieces)):
+ op.format()
+FORMATOPS['<'] = FormatWrap
+
def format_tmpl(control, **kw):
with F.COMPILE.bind(opmaps = [FORMATOPS, F.BASEOPS]):
with tmplkw(**kw):
header = dict(header, content_type = 'text/html')
OUT.header(**header)
format_tmpl(TMPL['wrapper.fhtml'],
- title = title, payload = TMPL[template], **kw)
+ title = title, warnings = OUT.warnings,
+ payload = TMPL[template], **kw)
###--------------------------------------------------------------------------
### Error reporting.
### CGI input.
## Lots of global variables to be filled in by `cgiparse'.
+METHOD = None
COOKIE = {}
SPECIAL = {}
PARAM = []
PARAMDICT = {}
PATH = []
+SSLP = False
+HEADER_DONE = lambda: None
## Regular expressions for splitting apart query and cookie strings.
R_QSPLIT = RX.compile('[;&]')
`PATH'
The trailing `PATH_INFO' path, split at `/' markers, with any
trailing empty component removed.
+
+ `SSLP'
+ True if the client connection is carried over SSL or TLS.
"""
+ global METHOD, SSLP
+
def getenv(var):
try: return ENV[var]
except KeyError: raise U.ExpectedError, (500, "No `%s' supplied" % var)
## Yes, we want the request method.
- method = getenv('REQUEST_METHOD')
+ METHOD = getenv('REQUEST_METHOD')
## Acquire the query string.
- if method == 'GET':
- q = getenv('QUERY_STRING')
+ if METHOD in ['GET', 'HEAD']:
+ q = ENV.get('QUERY_STRING', '')
- elif method == 'POST':
+ elif METHOD == 'POST':
## We must read the query string from stdin.
n = getenv('CONTENT_LENGTH')
if not n.isdigit():
raise U.ExpectedError, (500, "Invalid CONTENT_LENGTH")
n = int(n, 10)
- if getenv('CONTENT_TYPE') != 'application/x-www-form-urlencoded':
+ ct = getenv('CONTENT_TYPE')
+ if ct != 'application/x-www-form-urlencoded':
raise U.ExpectedError, (500, "Unexpected content type `%s'" % ct)
q = SYS.stdin.read(n)
if len(q) != n:
raise U.ExpectedError, (500, "Failed to read correct length")
else:
- raise U.ExpectedError, (500, "Unexpected request method `%s'" % method)
+ raise U.ExpectedError, (500, "Unexpected request method `%s'" % METHOD)
## Populate the `SPECIAL', `PARAM' and `PARAMDICT' tables.
seen = set()
else:
PARAM.append((k, v))
if k in seen:
- del PARAMDICT[k]
+ try: del PARAMDICT[k]
+ except KeyError: pass
else:
PARAMDICT[k] = v
seen.add(k)
if pp and not pp[-1]: pp.pop()
PATH[:] = pp
+ ## Check the crypto for the connection.
+ if ENV.get('SSL_PROTOCOL'):
+ SSLP = True
+
###--------------------------------------------------------------------------
### CGI subcommands.
CGI parameters.
"""
+ def __init__(me, name, contexts, desc, func,
+ methods = ['GET', 'POST'], *args, **kw):
+ super(Subcommand, me).__init__(name, contexts, desc, func, *args, **kw)
+ me.methods = set(methods)
+
def cgi(me, param, path):
"""
Invoke the subcommand given a collection of CGI parameters.
the list of path elements is non-empty.
"""
+ global HEADER_DONE
+
## We're going to make a pass over the supplied parameters, and we'll
## check them off against the formal parameters as we go; so we'll need
## to be able to look them up. We'll also keep track of the ones we've
want = {}
kw = {}
+ ## Check the request method against the permitted list.
+ meth = METHOD
+ if meth == 'HEAD': meth = 'GET'
+ if meth not in me.methods:
+ raise U.ExpectedError, (500, "Unexpected request method `%s'" % METHOD)
+
def set_value(k, v):
"""Set a simple value: we shouldn't see multiple values."""
if k in kw:
~mdw / chopwood / blobdiff