## Some handy regular expressions.
R_URLESC = RX.compile('%([0-9a-fA-F]{2})')
R_URLBAD = RX.compile('[^-\\w,.!]')
-R_HTMLBAD = RX.compile('[&<>]')
+R_HTMLBAD = RX.compile('[&<>\'"]')
def urldecode(s):
"""Decode a single form-url-encoded string S."""
## Some standard character sequences, and HTML entity names for prettier
## versions.
-_quotify = U.StringSubst({
+html_quotify = U.StringSubst({
+ "<": '<',
+ ">": '>',
+ "&": '&',
"`": '‘',
"'": '’',
+ '"': '"',
"``": '“',
"''": '”',
"--": '–',
"---": '—'
})
-def html_quotify(s):
- """Return a pretty HTML version of S."""
- return _quotify(htmlescape(s))
###--------------------------------------------------------------------------
### Output machinery.
T.gmtime(U.NOW + maxage))
return '; '.join(['%s=%s' % (urlencode(name), urlencode(value))] +
[v is not True and '%s=%s' % (k, v) or k
- for k, v in attr.iteritems()])
+ for k, v in attr.iteritems() if v])
def action(*v, **kw):
"""
"""Build a URL for the static file NAME."""
return htmlescape(CFG.STATIC + '/' + name)
-@CTX.contextmanager
-def html(title, **kw):
- """
- Context manager for HTML output.
-
- Keyword arguments are output as HTTP headers (if no header has been written
- yet). A `<head>' element is written, and a `<body>' opened, before the
- context body is executed; the elements are closed off properly at the end.
- """
-
- kw = dict(kw, content_type = 'text/html')
- OUT.header(**kw)
-
- ## Write the HTML header.
- PRINT("""\
-<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01//EN'
- 'http://www.w3c.org/TR/html4/strict.dtd'>
-<html>
-<head>
- <title>%(title)s</title>
- <link rel=stylesheet type='text/css' media=screen href='%(style)s'>
- <meta http-equiv='Content-Script-Type' content='text/javascript'>
- <script type='text/javascript' src='%(script)s'></script>
-</head>""" % dict(title = html_quotify(title),
- style = static('chpwd.css'),
- script = static('chpwd.js')))
-
- ## Write the body.
- PRINT('<body>')
- yield None
- PRINT('''\
-
-<div class=credits>
- <a href="%(about)s">Chopwood</a>, version %(version)s:
- copyright © 2012 Mark Wooding
-</div>
-
-</body>
-</html>''' % dict(about = static('about.html'),
- version = VERSION))
-
def redirect(where, **kw):
"""
Write a complete redirection to some other URL.
package = PACKAGE,
version = VERSION,
script = CFG.SCRIPT_NAME,
- static = CFG.STATIC)
+ static = CFG.STATIC,
+ allowop = CFG.ALLOWOP)
class TemplateFinder (object):
"""
"""
~H: escape output suitable for inclusion in HTML.
- With `:', instead apply form-urlencoding.
+ With `:', additionally apply quotification.
"""
def _convert(me, arg):
if me.colonp: return html_quotify(arg)
###--------------------------------------------------------------------------
### Error reporting.
-def cgi_error_guts():
- """
- Report an exception while we're acting as a CGI, together with lots of
- information about our state.
-
- Our caller has, probably at great expense, arranged that we can format lots
- of text.
- """
-
- ## Grab the exception information.
- exty, exval, extb = SYS.exc_info()
-
- ## Print the exception itself.
- PRINT("""\
-<h2>Exception</h2>
-<pre>%s</pre>""" % html_quotify(
- '\n'.join(TB.format_exception_only(exty, exval))))
-
- ## Format a traceback so we can find out what has gone wrong.
- PRINT("""\
-<h2>Traceback</h2>
-<ol>""")
- for file, line, func, text in TB.extract_tb(extb, 20):
- PRINT("<li><b>%s</b>:%d (<b>%s</b>)" % (
- htmlescape(file), line, htmlescape(func)))
- if text is not None:
- PRINT("<br><tt>%s</tt>" % htmlescape(text))
- PRINT("</ol>")
-
- ## Format various useful tables.
- def fmt_dict(d):
- fmt_kvlist(d.iteritems())
- def fmt_kvlist(l):
- for k, v in sorted(l):
- PRINT("<tr><th align=right valign=top>%s<td><tt>%s</tt>" % (
- htmlescape(k), htmlescape(v)))
- def fmt_list(l):
- for i in l:
- PRINT("<tr><tt>%s</tt>" % htmlescape(i))
-
- PRINT("""\
-<h2>Parameters</h2>""")
- for what, thing, how in [('Query', PARAM, fmt_kvlist),
- ('Cookies', COOKIE, fmt_dict),
- ('Path', PATH, fmt_list),
- ('Environment', ENV, fmt_dict)]:
- PRINT("<h3>%s</h3>\n<table>" % what)
- how(thing)
- PRINT("</table>")
-
-def cgi_error():
- """
- Report an exception while in CGI mode.
-
- If we've not produced a header yet, then we can do that, and produce a
- status code and everything; otherwise we'll have to make do with a small
- piece of the page.
- """
- if OUT.headerp:
- PRINT("<div class=exception>")
- cgi_error_guts()
- PRINT("</div>\n</body></html>")
- else:
- with html("chpwd internal error", status = 500):
- PRINT("<h1>chpwd internal error</h1>")
- cgi_error_guts()
- SYS.exit(1)
-
@CTX.contextmanager
def cgi_errors(hook = None):
"""
if hook: hook()
if isinstance(e, U.ExpectedError) and not OUT.headerp:
page('error.fhtml',
- headers = dict(status = e.code),
+ header = dict(status = e.code),
title = 'Chopwood: error', error = e)
else:
exty, exval, extb = SYS.exc_info()
format_tmpl(TMPL['exception.fhtml'], toplevel = False)
else:
page('exception.fhtml',
- headers = dict(status = 500),
+ header = dict(status = 500),
title = 'Chopwood: internal error',
toplevel = True)
PARAM = []
PARAMDICT = {}
PATH = []
+SSLP = False
## Regular expressions for splitting apart query and cookie strings.
R_QSPLIT = RX.compile('[;&]')
`PATH'
The trailing `PATH_INFO' path, split at `/' markers, with any
trailing empty component removed.
+
+ `SSLP'
+ True if the client connection is carried over SSL or TLS.
"""
+ global SSLP
+
def getenv(var):
try: return ENV[var]
except KeyError: raise U.ExpectedError, (500, "No `%s' supplied" % var)
if pp and not pp[-1]: pp.pop()
PATH[:] = pp
+ ## Check the crypto for the connection.
+ if ENV.get('SSL_PROTOCOL'):
+ SSLP = True
+
###--------------------------------------------------------------------------
### CGI subcommands.
~mdw / chopwood / blobdiff