## Some handy regular expressions.
R_URLESC = RX.compile('%([0-9a-fA-F]{2})')
R_URLBAD = RX.compile('[^-\\w,.!]')
-R_HTMLBAD = RX.compile('[&<>]')
+R_HTMLBAD = RX.compile('[&<>\'"]')
def urldecode(s):
"""Decode a single form-url-encoded string S."""
## Some standard character sequences, and HTML entity names for prettier
## versions.
-_quotify = U.StringSubst({
+html_quotify = U.StringSubst({
+ "<": '<',
+ ">": '>',
+ "&": '&',
"`": '‘',
"'": '’',
+ '"': '"',
"``": '“',
"''": '”',
"--": '–',
"---": '—'
})
-def html_quotify(s):
- """Return a pretty HTML version of S."""
- return _quotify(htmlescape(s))
###--------------------------------------------------------------------------
### Output machinery.
T.gmtime(U.NOW + maxage))
return '; '.join(['%s=%s' % (urlencode(name), urlencode(value))] +
[v is not True and '%s=%s' % (k, v) or k
- for k, v in attr.iteritems()])
+ for k, v in attr.iteritems() if v])
def action(*v, **kw):
"""
package = PACKAGE,
version = VERSION,
script = CFG.SCRIPT_NAME,
- static = CFG.STATIC)
+ static = CFG.STATIC,
+ allowop = CFG.ALLOWOP)
class TemplateFinder (object):
"""
with open(OS.path.join(me._dir, key)) as f: tmpl = f.read()
me._cache[key] = tmpl
return tmpl
-TMPL = TemplateFinder(TMPLDIR)
+STATE.kw['TMPL'] = TMPL = TemplateFinder(TMPLDIR)
@CTX.contextmanager
def tmplkw(**kw):
"""
~H: escape output suitable for inclusion in HTML.
- With `:', instead apply form-urlencoding.
+ With `:', additionally apply quotification.
"""
def _convert(me, arg):
if me.colonp: return html_quotify(arg)
else: return htmlescape(arg)
FORMATOPS['H'] = FormatHTML
+class FormatWrap (F.BaseFormatOperation):
+ """
+ ~<...~@>: wrap enclosed material in another formatting control string.
+
+ The argument is a formatting control. The enclosed material is split into
+ pieces separated by `~;' markers. The formatting control is performed, and
+ passed the list of pieces (as compiled formatting operations) in the
+ keyword argument `wrapped'.
+ """
+ def __init__(me, *args):
+ super(FormatWrap, me).__init__(*args)
+ pieces = []
+ while True:
+ piece, delim = F.collect_subformat('>;')
+ pieces.append(piece)
+ if delim.char == '>': break
+ me.pieces = pieces
+ def _format(me, atp, colonp):
+ op = F.compile(me.getarg.get())
+ with F.FORMAT.bind(argmap = dict(F.FORMAT.argmap, wrapped = me.pieces)):
+ op.format()
+FORMATOPS['<'] = FormatWrap
+
def format_tmpl(control, **kw):
with F.COMPILE.bind(opmaps = [FORMATOPS, F.BASEOPS]):
with tmplkw(**kw):
PARAM = []
PARAMDICT = {}
PATH = []
+SSLP = False
## Regular expressions for splitting apart query and cookie strings.
R_QSPLIT = RX.compile('[;&]')
`PATH'
The trailing `PATH_INFO' path, split at `/' markers, with any
trailing empty component removed.
+
+ `SSLP'
+ True if the client connection is carried over SSL or TLS.
"""
+ global SSLP
+
def getenv(var):
try: return ENV[var]
except KeyError: raise U.ExpectedError, (500, "No `%s' supplied" % var)
if pp and not pp[-1]: pp.pop()
PATH[:] = pp
+ ## Check the crypto for the connection.
+ if ENV.get('SSL_PROTOCOL'):
+ SSLP = True
+
###--------------------------------------------------------------------------
### CGI subcommands.
~mdw / chopwood / blobdiff