Upload 'DropBox-1.0.py'
Download 1 # -*- coding: iso-8859-1 -*-
2 """
3 MoinMoin - DropBox action Version 1.0, 15.05.2011
4 [a modification of AttachFile action]
5
6 For documentation and examples see:
7
8 http://rileylink.local/pb/MoinMoin_Matters
9
10 @copyright: 2011 Ian Riley <ian.riley@adelaide.edu.au>
11 @license: GNU GPL, see COPYING for details.
12
13 Based on AttachFile action
14
15 @copyright: 2001 by Ken Sugino (sugino@mediaone.net),
16 2001-2004 by Juergen Hermann <jh@web.de>,
17 2005 MoinMoin:AlexanderSchremmer,
18 2005 DiegoOngaro at ETSZONE (diego@etszone.com),
19 2005-2007 MoinMoin:ReimarBauer,
20 2007-2008 MoinMoin:ThomasWaldmann
21 @license: GNU GPL, see COPYING for details.
22 """
23
24 from MoinMoin.action.AttachFile import *
25
26 action_name = __name__.split('.')[-1]
27
28 #############################################################################
29 ### External interface - these are called from the core code
30 #############################################################################
31
32 def get_action(request, filename, do):
33 generic_do_mapping = {
34 # do -> action
35 'get': action_name,
36 'view': action_name,
37 'del': action_name,
38 'upload_form': action_name,
39 }
40 basename, ext = os.path.splitext(filename)
41 do_mapping = request.cfg.extensions_mapping.get(ext, {})
42 action = do_mapping.get(do, None)
43 if action is None:
44 # we have no special support for this,
45 # look up whether we have generic support:
46 action = generic_do_mapping.get(do, None)
47 return action
48
49 def getAttachUrl(pagename, filename, request, addts=0, do='get'):
50 """ Get URL that points to attachment `filename` of page `pagename`.
51 For upload url, call with do='upload_form'.
52 Returns the URL to do the specified "do" action or None,
53 if this action is not supported.
54 """
55 action = get_action(request, filename, do)
56 if action:
57 args = dict(action=action, do=do, target=filename)
58 if do not in ['get', 'view', # harmless
59 'modify', # just renders the applet html, which has own ticket
60 'move', # renders rename form, which has own ticket
61 ]:
62 # create a ticket for the not so harmless operations
63 # we need action= here because the current action (e.g. "show" page
64 # with a macro AttachList) may not be the linked-to action, e.g.
65 # "AttachFile". Also, AttachList can list attachments of another page,
66 # thus we need to give pagename= also.
67 args['ticket'] = wikiutil.createTicket(request,
68 pagename=pagename, action=action_name)
69 url = request.href(pagename, **args)
70 return url
71
72 #############################################################################
73 ### Internal helpers
74 #############################################################################
75 def _get_filesource(request, pagename, filename):
76 """ Look up the user who attached the file
77
78 Returns userid and username tuple.
79 """
80 from MoinMoin.logfile import editlog
81 from MoinMoin import user
82
83 log = editlog.EditLog(request, rootpagename=pagename)
84 result = '', ''
85 count = 0
86 for line in log.reverse():
87 count += 1
88 if line.action in ('ATTNEW', 'ATTDEL', ):
89 foundname = wikiutil.url_unquote(line.extra)
90 if foundname == filename:
91 # just the user's name
92 result = line.userid, user.User(request, line.userid, auth_method="editlog:53").name
93
94 # link to user's homepage or email depending on preferences
95 # this would be OK if users all had homepages.
96 #result = line.userid, line.getEditor(request)
97
98 # unknown user
99 if '' in result:
100 result = None,'unknown user'
101 break
102 return result
103
104 def _access_file(pagename, request):
105 """ Check form parameter `target` and return a tuple of
106 `(pagename, filename, filepath)` for an existing attachment.
107
108 Return `(pagename, None, None)` if an error occurs.
109 """
110 _ = request.getText
111
112 error = None
113 if not request.values.get('target'):
114 error = _("Filename of upload not specified!")
115 else:
116 filename = wikiutil.taintfilename(request.values['target'])
117 fpath = getFilename(request, pagename, filename)
118
119 if os.path.isfile(fpath):
120 return (pagename, filename, fpath)
121 error = _("Upload '%(filename)s' does not exist!") % {'filename': filename}
122
123 error_msg(pagename, request, error)
124 return (pagename, None, None)
125
126 def _build_filelist(request, pagename, sumonly, readonly, mime_type='*', owners='All'):
127 _ = request.getText
128 fmt = request.html_formatter
129
130 user_id = request.user.valid and request.user.id or ''
131
132 # access directory
133 attach_dir = getAttachDir(request, pagename)
134 files = _get_files(request, pagename)
135
136 if mime_type != '*':
137 files = [fname for fname in files if mime_type == mimetypes.guess_type(fname)[0]]
138
139 html = []
140 if files:
141
142 label_del = _("del")
143 label_get = _("get")
144 label_view = _("view")
145
146 may_read = request.user.may.read(pagename)
147 may_attach = request.user.may.attach(pagename)
148 may_delete = request.user.may.delete(pagename)
149 may_detach = request.user.may.detach(pagename)
150
151 if not sumonly:
152 html.append(fmt.bullet_list(1))
153 count = 0
154 space = 0
155 latest = None
156 for file in files:
157 owner_id, ownername = _get_filesource(request, pagename, file)
158 ownersfile = owner_id == user_id
159 if owners == "Self" and not ownersfile:
160 continue
161 elif owners == "Other" and ownersfile:
162 continue
163 elif owners == "All":
164 pass
165 count += 1
166 mt = wikiutil.MimeType(filename=file)
167 fullpath = os.path.join(attach_dir, file).encode(config.charset)
168 st = os.stat(fullpath)
169 base, ext = os.path.splitext(file)
170 viewfilelink = (fmt.url(1, getAttachUrl(pagename, file, request, do='view')) +
171 fmt.text(wikiutil.escape(file)) +
172 fmt.url(0))
173 parmdict = {'file': wikiutil.escape(file),
174 'fsize': "%.1f" % (float(st.st_size) / 1024),
175 'fmtime': request.user.getFormattedDateTime(st.st_mtime),
176 }
177 space += st.st_size
178 if st.st_mtime > latest:
179 latest = st.st_mtime
180
181 links = []
182 if (may_delete or (may_detach and ownersfile)) and not readonly:
183 links.append(fmt.url(1, getAttachUrl(pagename, file, request, do='del')) +
184 fmt.text(label_del) +
185 fmt.url(0))
186
187 links.append(fmt.url(1, getAttachUrl(pagename, file, request)) +
188 fmt.text(label_get) +
189 fmt.url(0))
190
191 links.append(fmt.url(1, getAttachUrl(pagename, file, request, do='view')) +
192 fmt.text(label_view) +
193 fmt.url(0))
194
195 if not sumonly:
196 html.append(fmt.listitem(1))
197 html.append("%s " % viewfilelink)
198 html.append("[%s]" % " | ".join(links))
199 html.append(" %(fmtime)s, %(fsize)s KB" % parmdict)
200 html.append(", uploaded by %s" % ownername)
201 html.append(fmt.listitem(0))
202 if not sumonly:
203 html.append(fmt.bullet_list(0))
204 if count == 1:
205 uploadtxt = 'upload'
206 else:
207 uploadtxt = 'uploads'
208 if count != 0:
209 html.append(fmt.text(_("%(count)s %(uploadtxt)s stored, \
210 totalling %(fsize)s KB, \
211 latest dated %(fmttime)s") % {
212 'count': count,
213 'uploadtxt': uploadtxt,
214 'fsize': "%.1f" % (float(space) / 1024),
215 'fmttime': request.user.getFormattedDateTime((latest))}))
216 else:
217 html.append("%s %s stored" % (0, 'uploads'))
218 else:
219 html.append("%s %s stored" % (0, 'uploads'))
220
221 return ''.join(html)
222
223 def _get_files(request, pagename):
224 attach_dir = getAttachDir(request, pagename)
225 if os.path.isdir(attach_dir):
226 files = [fn.decode(config.charset) for fn in os.listdir(attach_dir)]
227 files.sort()
228 else:
229 files = []
230 return files
231
232 def _get_filelist(request, pagename, mime_type='*', owners='All'):
233 # set sumonly=0, ie false
234 return _build_filelist(request, pagename, 0, 0, mime_type, owners)
235
236 def _get_info(request, pagename, mime_type='*', owners='All'):
237 # set sumonly=1, ie true
238 return _build_filelist(request, pagename, 1, 0, mime_type, owners)
239
240 #############################################################################
241 ### Create parts of the Web interface
242 #############################################################################
243
244 def send_uploadform(pagename, request):
245 """ Send the HTML code for the list of already stored attachments and
246 the file upload form.
247 """
248 _ = request.getText
249
250 if not request.user.may.read(pagename):
251 request.write('<p>%s</p>' % _('You are not allowed to view this page.'))
252 return
253
254 writeable = request.user.may.attach(pagename)
255 overwriteable = request.user.may.detach(pagename)
256 may_delete = request.user.may.delete(pagename)
257
258 # First send out the upload new attachment form on top of everything else.
259 # This avoids usability issues if you have to scroll down a lot to upload
260 # a new file when the page already has lots of attachments:
261 if writeable:
262 request.write('<h2>' + _("New Upload") + '</h2>')
263 if writeable and not overwriteable:
264 request.write("""
265 <form action="%(url)s" method="POST" enctype="multipart/form-data">
266 <dl>
267 <dt>%(upload_label_file)s</dt>
268 <dd><input type="file" name="file" size="50"></dd>
269 <dt>%(upload_label_target)s</dt>
270 <dd><input type="text" name="target" size="50" value="%(target)s"></dd>
271 </dl>
272 %(textcha)s
273 <p>
274 <input type="hidden" name="action" value="%(action_name)s">
275 <input type="hidden" name="do" value="upload">
276 <input type="hidden" name="ticket" value="%(ticket)s">
277 <input type="submit" value="%(upload_button)s">
278 </p>
279 </form>
280 """ % {
281 'url': request.href(pagename),
282 'action_name': action_name,
283 'upload_label_file': _('File to upload'),
284 'upload_label_target': _('Rename to'),
285 'target': wikiutil.escape(request.values.get('target', ''), 1),
286 'upload_button': _('Upload'),
287 'textcha': TextCha(request).render(),
288 'ticket': wikiutil.createTicket(request),
289 })
290 if overwriteable:
291 request.write("""
292 <form action="%(url)s" method="POST" enctype="multipart/form-data">
293 <dl>
294 <dt>%(upload_label_file)s</dt>
295 <dd><input type="file" name="file" size="50"></dd>
296 <dt>%(upload_label_target)s</dt>
297 <dd><input type="text" name="target" size="50" value="%(target)s"></dd>
298 <dt>%(upload_label_overwrite)s</dt>
299 <dd><input type="checkbox" name="overwrite" value="1" %(overwrite_checked)s></dd>
300 </dl>
301 %(textcha)s
302 <p>
303 <input type="hidden" name="action" value="%(action_name)s">
304 <input type="hidden" name="do" value="upload">
305 <input type="hidden" name="ticket" value="%(ticket)s">
306 <input type="submit" value="%(upload_button)s">
307 </p>
308 </form>
309 """ % {
310 'url': request.href(pagename),
311 'action_name': action_name,
312 'upload_label_file': _('File to upload'),
313 'upload_label_target': _('Rename to'),
314 'target': wikiutil.escape(request.values.get('target', ''), 1),
315 'upload_label_overwrite': _('Overwrite existing upload of same name'),
316 'overwrite_checked': ('', 'checked')[request.form.get('overwrite', '0') == '1'],
317 'upload_button': _('Upload'),
318 'textcha': TextCha(request).render(),
319 'ticket': wikiutil.createTicket(request),
320 })
321
322 request.write('<h2>' + _("Uploaded Files") + '</h2>')
323 if writeable and overwriteable and may_delete:
324 request.write('<p>%s</p>' % _('You can upload, download and delete files.'))
325 request.write('<h3>' + _("Your uploads") + '</h3>')
326 request.write(_get_filelist(request, pagename, owners="Self"))
327 request.write('<h3>' + _("Other uploads") + '</h3>')
328 request.write(_get_filelist(request, pagename, owners="Other"))
329 elif writeable and overwriteable :
330 request.write('<p>%s</p>' % _('You can upload and download files, and delete your own files.'))
331 request.write('<h3>' + _("Your uploads") + '</h3>')
332 request.write(_get_filelist(request, pagename, owners="Self"))
333 request.write('<h3>' + _("Other uploads") + '</h3>')
334 request.write(_get_filelist(request, pagename, owners="Other"))
335 elif writeable:
336 request.write('<p>%s</p>' % _('You can upload and download, but not delete files.'))
337 request.write(_get_filelist(request, pagename))
338 elif not writeable:
339 request.write('<p>%s</p>' % _('You can download, but not upload or delete files.'))
340 request.write(_get_filelist(request, pagename))
341
342 #############################################################################
343 ### Web interface for file upload, viewing and deletion
344 #############################################################################
345
346 def execute(pagename, request):
347 """ Main dispatcher for the 'DropBox' action. """
348 _ = request.getText
349
350 do = request.values.get('do', 'upload_form')
351 handler = globals().get('_do_%s' % do)
352 if handler:
353 msg = handler(pagename, request)
354 else:
355 msg = _('Unsupported DropBox sub-action: %s') % do
356 if msg:
357 error_msg(pagename, request, msg)
358
359
360 def _do_upload_form(pagename, request):
361 upload_form(pagename, request)
362
363 def upload_form(pagename, request, msg=''):
364 if msg:
365 msg = wikiutil.escape(msg)
366 _ = request.getText
367
368 # Use user interface language for this generated page
369 request.setContentLanguage(request.lang)
370 request.theme.add_msg(msg, "dialog")
371 request.theme.send_title(_('Uploads for "%(pagename)s"') % {'pagename': pagename}, pagename=pagename)
372 request.write('<div id="content">\n') # start content div
373 send_uploadform(pagename, request)
374 request.write('</div>\n') # end content div
375 request.theme.send_footer(pagename)
376 request.theme.send_closing_html()
377
378 def _do_upload(pagename, request):
379 _ = request.getText
380
381 if not wikiutil.checkTicket(request, request.form.get('ticket', '')):
382 return _('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'DropBox.upload' }
383
384 # Currently we only check TextCha for upload (this is what spammers ususally do),
385 # but it could be extended to more/all attachment write access
386 if not TextCha(request).check_answer_from_form():
387 return _('TextCha: Wrong answer! Go back and try again...')
388
389 form = request.form
390
391 file_upload = request.files.get('file')
392 if not file_upload:
393 # This might happen when trying to upload file names
394 # with non-ascii characters on Safari.
395 return _("No file content. Delete non ASCII characters from the file name and try again.")
396
397 try:
398 overwrite = int(form.get('overwrite', '0'))
399 except:
400 overwrite = 0
401
402 if not request.user.may.attach(pagename):
403 return _('You are not allowed to upload a file to this page.')
404
405 if overwrite and not request.user.may.detach(pagename):
406 return _('You are not allowed to overwrite a file previously uploaded to this page.')
407
408 target = form.get('target', u'').strip()
409 if not target:
410 target = file_upload.filename or u''
411
412 target = wikiutil.clean_input(target)
413
414 if not target:
415 return _("Filename of upload not specified!")
416
417 # add the attachment
418 try:
419 target, bytes = add_attachment(request, pagename, target, file_upload.stream, overwrite=overwrite)
420 msg = _("Upload '%(target)s' (remote name '%(filename)s')"
421 " with %(bytes)d bytes saved.") % {
422 'target': target, 'filename': file_upload.filename, 'bytes': bytes}
423 except AttachmentAlreadyExists:
424 msg = _("Upload '%(target)s' (remote name '%(filename)s') already exists.") % {
425 'target': target, 'filename': file_upload.filename}
426
427 # return attachment list
428 upload_form(pagename, request, msg)
429
430
431 def _do_del(pagename, request):
432 _ = request.getText
433
434 if not wikiutil.checkTicket(request, request.args.get('ticket', '')):
435 return _('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'DropBox.del' }
436
437 pagename, filename, fpath = _access_file(pagename, request)
438 if not request.user.may.detach(pagename):
439 return _('You are not allowed to delete uploads from this page.')
440 if not filename:
441 return # error msg already sent in _access_file
442
443 remove_attachment(request, pagename, filename)
444
445 upload_form(pagename, request, msg=_("Upload '%(filename)s' deleted.") % {'filename': filename})
446
447
448 def _do_get(pagename, request):
449 _ = request.getText
450
451 pagename, filename, fpath = _access_file(pagename, request)
452 if not request.user.may.read(pagename):
453 return _('You are not allowed to download from this page.')
454 if not filename:
455 return # error msg already sent in _access_file
456
457 timestamp = datetime.datetime.fromtimestamp(os.path.getmtime(fpath))
458 if_modified = request.if_modified_since
459 if if_modified and if_modified >= timestamp:
460 request.status_code = 304
461 else:
462 mt = wikiutil.MimeType(filename=filename)
463 content_type = mt.content_type()
464 mime_type = mt.mime_type()
465
466 # TODO: fix the encoding here, plain 8 bit is not allowed according to the RFCs
467 # There is no solution that is compatible to IE except stripping non-ascii chars
468 filename_enc = filename.encode(config.charset)
469
470 # for dangerous files (like .html), when we are in danger of cross-site-scripting attacks,
471 # we just let the user store them to disk ('attachment').
472 # For safe files, we directly show them inline (this also works better for IE).
473 dangerous = mime_type in request.cfg.mimetypes_xss_protect
474 content_dispo = dangerous and 'attachment' or 'inline'
475
476 now = time.time()
477 request.headers['Date'] = http_date(now)
478 request.headers['Content-Type'] = content_type
479 request.headers['Last-Modified'] = http_date(timestamp)
480 request.headers['Expires'] = http_date(now - 365 * 24 * 3600)
481 request.headers['Content-Length'] = os.path.getsize(fpath)
482 content_dispo_string = '%s; filename="%s"' % (content_dispo, filename_enc)
483 request.headers['Content-Disposition'] = content_dispo_string
484
485 # send data
486 request.send_file(open(fpath, 'rb'))
487
488 def send_viewfile(pagename, request):
489 _ = request.getText
490 fmt = request.html_formatter
491
492 pagename, filename, fpath = _access_file(pagename, request)
493 if not filename:
494 return
495
496 request.write('<h2>' + _("Upload '%(filename)s'") % {'filename': filename} + '</h2>')
497 # show a download link above the content
498 label = _('Download')
499 link = (fmt.url(1, getAttachUrl(pagename, filename, request, do='get'), css_class="download") +
500 fmt.text(label) +
501 fmt.url(0))
502 request.write('%s<br><br>' % link)
503
504 if filename.endswith('.tdraw') or filename.endswith('.adraw'):
505 request.write(fmt.attachment_drawing(filename, ''))
506 return
507
508 mt = wikiutil.MimeType(filename=filename)
509
510 # destinguishs if browser need a plugin in place
511 if mt.major == 'image' and mt.minor in config.browser_supported_images:
512 url = getAttachUrl(pagename, filename, request)
513 request.write('<img src="%s" alt="%s">' % (
514 wikiutil.escape(url, 1),
515 wikiutil.escape(filename, 1)))
516 return
517 elif mt.major == 'text':
518 ext = os.path.splitext(filename)[1]
519 Parser = wikiutil.getParserForExtension(request.cfg, ext)
520 if Parser is not None:
521 try:
522 content = file(fpath, 'r').read()
523 content = wikiutil.decodeUnknownInput(content)
524 colorizer = Parser(content, request, filename=filename)
525 colorizer.format(request.formatter)
526 return
527 except IOError:
528 pass
529
530 request.write(request.formatter.preformatted(1))
531 # If we have text but no colorizing parser we try to decode file contents.
532 content = open(fpath, 'r').read()
533 content = wikiutil.decodeUnknownInput(content)
534 content = wikiutil.escape(content)
535 request.write(request.formatter.text(content))
536 request.write(request.formatter.preformatted(0))
537 return
538
539 try:
540 package = packages.ZipPackage(request, fpath)
541 if package.isPackage():
542 request.write("<pre><b>%s</b>\n%s</pre>" % (_("Package script:"), wikiutil.escape(package.getScript())))
543 return
544
545 if zipfile.is_zipfile(fpath) and mt.minor == 'zip':
546 zf = zipfile.ZipFile(fpath, mode='r')
547 request.write("<pre>%-46s %19s %12s\n" % (_("File Name"), _("Modified")+" "*5, _("Size")))
548 for zinfo in zf.filelist:
549 date = "%d-%02d-%02d %02d:%02d:%02d" % zinfo.date_time
550 request.write(wikiutil.escape("%-46s %s %12d\n" % (zinfo.filename, date, zinfo.file_size)))
551 request.write("</pre>")
552 return
553 except RuntimeError:
554 # We don't want to crash with a traceback here (an exception
555 # here could be caused by an uploaded defective zip file - and
556 # if we crash here, the user does not get a UI to remove the
557 # defective zip file again).
558 # RuntimeError is raised by zipfile stdlib module in case of
559 # problems (like inconsistent slash and backslash usage in the
560 # archive).
561 logging.exception("An exception within zip file upload handling occurred:")
562 return
563
564 from MoinMoin import macro
565 from MoinMoin.parser.text import Parser
566
567 macro.request = request
568 macro.formatter = request.html_formatter
569 p = Parser("##\n", request)
570 m = macro.Macro(p)
571
572 # use EmbedObject to view valid mime types
573 if mt is None:
574 request.write('<p>' + _("Unknown file type, cannot display this upload inline.") + '</p>')
575 link = (fmt.url(1, getAttachUrl(pagename, filename, request)) +
576 fmt.text(filename) +
577 fmt.url(0))
578 request.write('For using an external program follow this link %s' % link)
579 return
580 request.write(m.execute('EmbedObject', u'target="%s", pagename="%s"' % (filename, pagename)))
581 return
582
583 def _do_view(pagename, request):
584 _ = request.getText
585
586 orig_pagename = pagename
587 pagename, filename, fpath = _access_file(pagename, request)
588 if not request.user.may.read(pagename):
589 return _('You are not allowed to view uploads from this page.')
590 if not filename:
591 return
592
593 request.formatter.page = Page(request, pagename)
594
595 # send header & title
596 # Use user interface language for this generated page
597 request.setContentLanguage(request.lang)
598 title = _('upload:%(filename)s of %(pagename)s') % {
599 'filename': filename, 'pagename': pagename}
600 request.theme.send_title(title, pagename=pagename)
601
602 # send body
603 request.write(request.formatter.startContent())
604 send_viewfile(orig_pagename, request)
605 send_uploadform(pagename, request)
606 request.write(request.formatter.endContent())
607
608 request.theme.send_footer(pagename)
609 request.theme.send_closing_html()
New Upload
Uploaded Files
You can upload and download files, and delete your own files.
Your uploads
0 uploads storedOther uploads
- DropBox-1.0.py [ get | view ] 2011-05-18 13:21:12, 23.5 KB, uploaded by IanRiley
- DropBox-1.1.py [ get | view ] 2014-07-05 23:01:59, 25.5 KB, uploaded by IanRiley
- DropBox-1.2.py [ get | view ] 2014-12-15 11:33:55, 25.6 KB, uploaded by IanRiley
- DropBoxExample1.png [ get | view ] 2011-05-16 05:04:59, 81.1 KB, uploaded by IanRiley
- DropBoxExample2.png [ get | view ] 2011-05-16 05:05:23, 69.1 KB, uploaded by IanRiley
