ben
/
copyvios
miroir de https://github.com/earwig/copyvios
1
1
Bifurcation 0
Code Versions 0 Activité
Parcourir la source

Some escapes to close potential security, plus a couple bugfixes.

pull/24/head
Ben Kurtovic il y a 12 ans
Parent
3b9fa8c143
révision
0217eaad8d
4 fichiers modifiés avec 15 ajouts et 13 suppressions
Vue unifiée
Option de Diff
Voir les Statistiques Télécharger le Fichier Patch Télécharger le Fichier des Différences
  1. +8
    -8
      pages/copyvios.mako
  2. +4
    -4
      pages/settings.mako
  3. +1
    -1
      toolserver/cookies.py
  4. +2
    -0
      toolserver/copyvios/highlighter.py

+ 8
- 8
pages/copyvios.mako Voir le fichier

@@ -4,7 +4,7 @@
<% query, bot, all_langs, all_projects, page, result = main(environ) %> <% query, bot, all_langs, all_projects, page, result = main(environ) %>
% if query.project and query.lang and query.title and not page: % if query.project and query.lang and query.title and not page:
<div class="red-box"> <div class="red-box">
<p>The given site (project=<b><tt>${query.project}</tt></b>, language=<b><tt>${query.lang}</tt></b>) doesn't seem to exist. It may also be closed or private. <a href="//${query.lang}.${query.project}.org/">Confirm its URL.</a></p>
<p>The given site (project=<b><tt>${query.project | h}</tt></b>, language=<b><tt>${query.lang | h}</tt></b>) doesn't seem to exist. It may also be closed or private. <a href="//${query.lang | h}.${query.project | h}.org/">Confirm its URL.</a></p>
</div> </div>
% elif query.project and query.lang and query.title and page and not result: % elif query.project and query.lang and query.title and page and not result:
<div class="red-box"> <div class="red-box">
@@ -23,9 +23,9 @@
<% selected_lang = query.orig_lang if query.orig_lang else cookies["EarwigDefaultLang"].value if "EarwigDefaultLang" in cookies else bot.wiki.get_site().lang %> <% selected_lang = query.orig_lang if query.orig_lang else cookies["EarwigDefaultLang"].value if "EarwigDefaultLang" in cookies else bot.wiki.get_site().lang %>
% for code, name in all_langs: % for code, name in all_langs:
% if code == selected_lang: % if code == selected_lang:
<option value="${code}" selected="selected">${name}</option>
<option value="${code | h}" selected="selected">${name}</option>
% else: % else:
<option value="${code}">${name}</option>
<option value="${code | h}">${name}</option>
% endif % endif
% endfor % endfor
</select> </select>
@@ -34,9 +34,9 @@
<% selected_project = query.project if query.project else cookies["EarwigDefaultProject"].value if "EarwigDefaultProject" in cookies else bot.wiki.get_site().project %> <% selected_project = query.project if query.project else cookies["EarwigDefaultProject"].value if "EarwigDefaultProject" in cookies else bot.wiki.get_site().project %>
% for code, name in all_projects: % for code, name in all_projects:
% if code == selected_project: % if code == selected_project:
<option value="${code}" selected="selected">${name}</option>
<option value="${code | h}" selected="selected">${name}</option>
% else: % else:
<option value="${code}">${name}</option>
<option value="${code | h}">${name}</option>
% endif % endif
% endfor % endfor
</select> </select>
@@ -80,16 +80,16 @@
<div class="divider"></div> <div class="divider"></div>
<div id="cv-result-${'yes' if result.violation else 'no'}"> <div id="cv-result-${'yes' if result.violation else 'no'}">
% if result.violation: % if result.violation:
<h2 id="cv-result-header"><a href="${page.url}">${page.title | h}</a> is a suspected violation of <a href="${result.url | h}">${result.url | urlstrip}</a>.</h2>
<h2 id="cv-result-header"><a href="${page.url}">${page.title | h}</a> is a suspected violation of <a href="${result.url | h}">${result.url | urlstrip, h}</a>.</h2>
% else: % else:
<h2 id="cv-result-header">No violations detected in <a href="${page.url()}">${page.title | h}</a>.</h2>
<h2 id="cv-result-header">No violations detected in <a href="${page.url}">${page.title | h}</a>.</h2>
% endif % endif
<ul id="cv-result-list"> <ul id="cv-result-list">
<li><b><tt>${round(result.confidence * 100, 1)}%</tt></b> confidence of a violation.</li> <li><b><tt>${round(result.confidence * 100, 1)}%</tt></b> confidence of a violation.</li>
% if result.cached: % if result.cached:
<li>Results are <a id="cv-cached" href="#">cached <li>Results are <a id="cv-cached" href="#">cached
<span>To save time (and money), this tool will retain the results of checks for up to 72 hours. This includes the URL of the "violated" source, but neither its content nor the content of the article. Future checks on the same page (assuming it remains unchanged) will not involve additional search queries, but a fresh comparison against the source URL will be made. If the page is modified, a new check will be run.</span> <span>To save time (and money), this tool will retain the results of checks for up to 72 hours. This includes the URL of the "violated" source, but neither its content nor the content of the article. Future checks on the same page (assuming it remains unchanged) will not involve additional search queries, but a fresh comparison against the source URL will be made. If the page is modified, a new check will be run.</span>
</a> from ${result.cache_time} (${result.cache_age} ago). <a href="${environ['REQUEST_URI'].decode("utf8") | h}&amp;nocache=1">Bypass the cache.</a></li>
</a> from ${result.cache_time} (${result.cache_age} ago). <a href="${environ['REQUEST_URI'] | h}&amp;nocache=1">Bypass the cache.</a></li>
% else: % else:
<li>Results generated in <tt>${round(result.tdiff, 3)}</tt> seconds using <tt>${result.queries}</tt> queries.</li> <li>Results generated in <tt>${round(result.tdiff, 3)}</tt> seconds using <tt>${result.queries}</tt> queries.</li>
% endif % endif


+ 4
- 4
pages/settings.mako Voir le fichier

@@ -20,9 +20,9 @@
<% selected_lang = cookies["EarwigDefaultLang"].value if "EarwigDefaultLang" in cookies else bot.wiki.get_site().lang %> <% selected_lang = cookies["EarwigDefaultLang"].value if "EarwigDefaultLang" in cookies else bot.wiki.get_site().lang %>
% for code, name in langs: % for code, name in langs:
% if code == selected_lang: % if code == selected_lang:
<option value="${code}" selected="selected">${name}</option>
<option value="${code | h}" selected="selected">${name}</option>
% else: % else:
<option value="${code}">${name}</option>
<option value="${code | h}">${name}</option>
% endif % endif
% endfor % endfor
</select> </select>
@@ -31,9 +31,9 @@
<% selected_project = cookies["EarwigDefaultProject"].value if "EarwigDefaultProject" in cookies else bot.wiki.get_site().project %> <% selected_project = cookies["EarwigDefaultProject"].value if "EarwigDefaultProject" in cookies else bot.wiki.get_site().project %>
% for code, name in projects: % for code, name in projects:
% if code == selected_project: % if code == selected_project:
<option value="${code}" selected="selected">${name}</option>
<option value="${code | h}" selected="selected">${name}</option>
% else: % else:
<option value="${code}">${name}</option>
<option value="${code | h}">${name}</option>
% endif % endif
% endfor % endfor
</select> </select>


+ 1
- 1
toolserver/cookies.py Voir le fichier

@@ -12,7 +12,7 @@ class _CookieManager(SimpleCookie):
self._path = path.split(environ["PATH_INFO"])[0] self._path = path.split(environ["PATH_INFO"])[0]
try: try:
super(_CookieManager, self).__init__(environ["HTTP_COOKIE"]) super(_CookieManager, self).__init__(environ["HTTP_COOKIE"])
except (CookieError, AttributeError):
except (CookieError, KeyError):
super(_CookieManager, self).__init__() super(_CookieManager, self).__init__()
for cookie in self.keys(): for cookie in self.keys():
if self[cookie].value is False: if self[cookie].value is False:


+ 2
- 0
toolserver/copyvios/highlighter.py Voir le fichier

@@ -2,6 +2,8 @@


from re import sub, UNICODE from re import sub, UNICODE


# TODO: escape if input contains pseudo-HTML

def highlight_delta(context, chain, delta): def highlight_delta(context, chain, delta):
processed = [] processed = []
prev_prev = prev = chain.START prev_prev = prev = chain.START


Écrire Aperçu
Chargement…
Annuler
Enregistrer