paramecio/parameciofm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed horrible behaviour for get url and post parameters

Browse source
This commit is contained in:
Antonio de la Rosa 2016-05-23 15:41:44 +02:00
parent e6c50e078e
commit bef630ec1d
5 changed files with 64 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

47
paramecio/citoplasma/generate_admin_class.py
View file

@ -49,11 +49,13 @@ class GenerateAdminClass:
def show(self):
GetPostFiles.obtain_get()
getpostfiles=GetPostFiles()
GetPostFiles.get['op_admin']=GetPostFiles.get.get('op_admin', '0')
getpostfiles.obtain_get()
GetPostFiles.get['id']=GetPostFiles.get.get('id', '0')
getpostfiles.get['op_admin']=getpostfiles.get.get('op_admin', '0')
getpostfiles.get['id']=getpostfiles.get.get('id', '0')
if len(self.model.forms)==0:
@ -64,14 +66,14 @@ class GenerateAdminClass:
for key_form in self.arr_fields_edit:
edit_forms[key_form]=self.model.forms[key_form]
if GetPostFiles.get['op_admin']=='1':
if getpostfiles.get['op_admin']=='1':
post=None
title_edit=I18n.lang('common', 'add_new_item', 'Add new item')
if GetPostFiles.get['id']!='0':
post=self.model.select_a_row(GetPostFiles.get['id'], [], True)
if getpostfiles.get['id']!='0':
post=self.model.select_a_row(getpostfiles.get['id'], [], True)
title_edit=I18n.lang('common', 'edit_new_item', 'Edit item')
if post==None:
@ -79,13 +81,13 @@ class GenerateAdminClass:
form=show_form(post, edit_forms, self.t, False)
return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=GetPostFiles.get['id'])
return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=getpostfiles.get['id'])
elif GetPostFiles.get['op_admin']=='2':
elif getpostfiles.get['op_admin']=='2':
GetPostFiles.obtain_post()
getpostfiles.obtain_post()
#post=GetPostFiles.post
#post=getpostfiles.post
self.model.reset_conditions()
@ -93,46 +95,45 @@ class GenerateAdminClass:
try:
GetPostFiles.get['id']=str(int(GetPostFiles.get['id']))
getpostfiles.get['id']=str(int(getpostfiles.get['id']))
except:
GetPostFiles.get['id']='0'
getpostfiles.get['id']='0'
title_edit=I18n.lang('common', 'add_new_item', 'Add new item')
if GetPostFiles.get['id']!='0':
if getpostfiles.get['id']!='0':
insert_row=self.model.update
title_edit=I18n.lang('common', 'edit_new_item', 'Edit item')
self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [GetPostFiles.get['id']]]
self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [getpostfiles.get['id']]]
if insert_row(GetPostFiles.post):
if insert_row(getpostfiles.post):
set_flash_message(I18n.lang('common', 'task_successful', 'Task successful'))
redirect(self.url)
else:
form=show_form(GetPostFiles.post, edit_forms, self.t, True)
return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=GetPostFiles.get['id'])
form=show_form(getpostfiles.post, edit_forms, self.t, True)
return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=getpostfiles.get['id'])
pass
elif GetPostFiles.get['op_admin']=='3':
elif getpostfiles.get['op_admin']=='3':
verified=GetPostFiles.get.get('verified', '0')
verified=getpostfiles.get.get('verified', '0')
if verified=='1':
if GetPostFiles.get['id']!='0':
self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [GetPostFiles.get['id']]]
if getpostfiles.get['id']!='0':
self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [getpostfiles.get['id']]]
self.model.delete()
set_flash_message(I18n.lang('common', 'task_successful', 'Task successful'))
redirect(self.url)
else:
return self.t.load_template(self.template_verify_delete, url=self.url, item_id=GetPostFiles.get['id'], op_admin=3, verified=1)
return self.t.load_template(self.template_verify_delete, url=self.url, item_id=getpostfiles.get['id'], op_admin=3, verified=1)
else:
return self.t.load_template(self.template_admin, admin=self)

34
paramecio/citoplasma/httputils.py
View file

@ -7,37 +7,38 @@ from paramecio.citoplasma.keyutils import create_key_encrypt
class GetPostFiles:
# Need this for obtain utf8 valid values
get={}
post={}
def __init__(self):
files={}
self.get={}
self.post={}
self.files={}
@staticmethod
def obtain_get():
def obtain_get(self):
GetPostFiles.get={}
self.get={}
GetPostFiles.get=request.query.decode()
self.get=request.query.decode()
@staticmethod
def obtain_post(required_post=[]):
def obtain_post(self, required_post=[]):
GetPostFiles.post={}
self.post={}
GetPostFiles.post=request.forms.decode()
self.post=request.forms.decode()
for post in required_post:
GetPostFiles.post[post]=GetPostFiles.post.get(post, '')
self.post[post]=self.post.get(post, '')
s=get_session()
if 'csrf_token' in s:
GetPostFiles.post['csrf_token']=GetPostFiles.post.get('csrf_token', '')
self.post['csrf_token']=self.post.get('csrf_token', '')
if GetPostFiles.post['csrf_token']!=s['csrf_token'] and GetPostFiles.post['csrf_token'].strip()!="":
if self.post['csrf_token']!=s['csrf_token'] and self.post['csrf_token'].strip()!="":
raise NameError('Error: you need a valid csrf_token')
else:
@ -51,7 +52,6 @@ class GetPostFiles:
#Check post_token
@staticmethod
def obtain_files():
def obtain_files(self):
GetPostFiles.files=request.files
self.files=request.files

2
paramecio/citoplasma/mtemplates.py
View file

@ -316,7 +316,7 @@ class HeaderHTML:
return message
def set_flash_message(self, message):
def set_flash_message(message):
s=get_session()

9
paramecio/cromosoma/usermodel.py
View file

@ -88,9 +88,13 @@ class UserModel(WebModel):
#GetPostFiles.obtain_get()
#GetPostFiles.obtain_post()
get_id=GetPostFiles.get.get(self.name_field_id, '0')
getpostfiles=GetPostFiles()
post_id=GetPostFiles.post.get(self.name_field_id, '0')
getpostfiles.obtain_get()
get_id=getpostfiles.get.get(self.name_field_id, '0')
post_id=getpostfiles.post.get(self.name_field_id, '0')
if get_id!='0':
get_id=int(get_id)
@ -125,6 +129,7 @@ class UserModel(WebModel):
self.conditions[1].append([dict_values[self.email_field]])
if get_id>0:
self.conditions[0]+=' AND '+self.name_field_id+'!=%s'
self.conditions[1].append(get_id)

26
paramecio/modules/admin/index.py
View file

@ -212,14 +212,16 @@ def login():
user_admin=UserAdmin(connection)
GetPostFiles.obtain_post()
getpostfiles=GetPostFiles()
GetPostFiles.post['username']=GetPostFiles.post.get('username', '')
GetPostFiles.post['password']=GetPostFiles.post.get('password', '')
getpostfiles.obtain_post()
username=user_admin.fields['username'].check(GetPostFiles.post['username'])
getpostfiles.post['username']=getpostfiles.post.get('username', '')
getpostfiles.post['password']=getpostfiles.post.get('password', '')
password=GetPostFiles.post['password'].strip()
username=user_admin.fields['username'].check(getpostfiles.post['username'])
password=getpostfiles.post['password'].strip()
user_admin.conditions=['WHERE username=%s', [username]]
@ -244,7 +246,7 @@ def login():
if s['lang']=='':
s['lang']=I18n.default_lang
remember_login=GetPostFiles.post.get('remember_login', '0')
remember_login=getpostfiles.post.get('remember_login', '0')
if remember_login=='1':
@ -277,6 +279,8 @@ def login():
@post('/'+config.admin_folder+'/register')
def register():
getpostfiles=GetPostFiles()
connection=WebModel.connection()
user_admin=UserAdmin(connection)
@ -287,15 +291,15 @@ def register():
if c==0:
GetPostFiles.obtain_post()
getpostfiles.obtain_post()
GetPostFiles.post['privileges']=2
getpostfiles.post['privileges']=2
user_admin.valid_fields=['username', 'email', 'password', 'privileges']
user_admin.create_forms()
if user_admin.insert(GetPostFiles.post, False):
if user_admin.insert(getpostfiles.post, False):
error= {'error': 0}
@ -303,9 +307,9 @@ def register():
else:
user_admin.check_all_fields(GetPostFiles.post, False)
user_admin.check_all_fields(getpostfiles.post, False)
pass_values_to_form(GetPostFiles.post, user_admin.forms, yes_error=True)
pass_values_to_form(getpostfiles.post, user_admin.forms, yes_error=True)
error={'error': 1}