paramecio/parameciofm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed horrible behaviour for get url and post parameters

Browse source
This commit is contained in:
Antonio de la Rosa 2016-05-23 15:41:44 +02:00
parent e6c50e078e
commit bef630ec1d
5 changed files with 64 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

47
paramecio/citoplasma/generate_admin_class.py
View file

@ -49,11 +49,13 @@ class GenerateAdminClass:
def show(self): def show(self):
GetPostFiles.obtain_get() getpostfiles=GetPostFiles()
GetPostFiles.get['op_admin']=GetPostFiles.get.get('op_admin', '0') getpostfiles.obtain_get()
GetPostFiles.get['id']=GetPostFiles.get.get('id', '0') getpostfiles.get['op_admin']=getpostfiles.get.get('op_admin', '0')
getpostfiles.get['id']=getpostfiles.get.get('id', '0')
if len(self.model.forms)==0: if len(self.model.forms)==0:
@ -64,14 +66,14 @@ class GenerateAdminClass:
for key_form in self.arr_fields_edit: for key_form in self.arr_fields_edit:
edit_forms[key_form]=self.model.forms[key_form] edit_forms[key_form]=self.model.forms[key_form]
if GetPostFiles.get['op_admin']=='1': if getpostfiles.get['op_admin']=='1':
post=None post=None
title_edit=I18n.lang('common', 'add_new_item', 'Add new item') title_edit=I18n.lang('common', 'add_new_item', 'Add new item')
if GetPostFiles.get['id']!='0': if getpostfiles.get['id']!='0':
post=self.model.select_a_row(GetPostFiles.get['id'], [], True) post=self.model.select_a_row(getpostfiles.get['id'], [], True)
title_edit=I18n.lang('common', 'edit_new_item', 'Edit item') title_edit=I18n.lang('common', 'edit_new_item', 'Edit item')
if post==None: if post==None:
@ -79,13 +81,13 @@ class GenerateAdminClass:
form=show_form(post, edit_forms, self.t, False) form=show_form(post, edit_forms, self.t, False)
return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=GetPostFiles.get['id']) return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=getpostfiles.get['id'])
elif GetPostFiles.get['op_admin']=='2': elif getpostfiles.get['op_admin']=='2':
GetPostFiles.obtain_post() getpostfiles.obtain_post()
#post=GetPostFiles.post #post=getpostfiles.post
self.model.reset_conditions() self.model.reset_conditions()
@ -93,46 +95,45 @@ class GenerateAdminClass:
try: try:
GetPostFiles.get['id']=str(int(GetPostFiles.get['id'])) getpostfiles.get['id']=str(int(getpostfiles.get['id']))
except: except:
GetPostFiles.get['id']='0' getpostfiles.get['id']='0'
title_edit=I18n.lang('common', 'add_new_item', 'Add new item') title_edit=I18n.lang('common', 'add_new_item', 'Add new item')
if GetPostFiles.get['id']!='0': if getpostfiles.get['id']!='0':
insert_row=self.model.update insert_row=self.model.update
title_edit=I18n.lang('common', 'edit_new_item', 'Edit item') title_edit=I18n.lang('common', 'edit_new_item', 'Edit item')
self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [GetPostFiles.get['id']]] self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [getpostfiles.get['id']]]
if insert_row(GetPostFiles.post): if insert_row(getpostfiles.post):
set_flash_message(I18n.lang('common', 'task_successful', 'Task successful')) set_flash_message(I18n.lang('common', 'task_successful', 'Task successful'))
redirect(self.url) redirect(self.url)
else: else:
form=show_form(getpostfiles.post, edit_forms, self.t, True)
form=show_form(GetPostFiles.post, edit_forms, self.t, True) return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=getpostfiles.get['id'])
return self.t.load_template(self.template_insert, admin=self, title_edit=title_edit, form=form, model=self.model, id=GetPostFiles.get['id'])
pass pass
elif GetPostFiles.get['op_admin']=='3': elif getpostfiles.get['op_admin']=='3':
verified=GetPostFiles.get.get('verified', '0') verified=getpostfiles.get.get('verified', '0')
if verified=='1': if verified=='1':
if GetPostFiles.get['id']!='0': if getpostfiles.get['id']!='0':
self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [GetPostFiles.get['id']]] self.model.conditions=['WHERE `'+self.model.name+'`.`'+self.model.name_field_id+'`=%s', [getpostfiles.get['id']]]
self.model.delete() self.model.delete()
set_flash_message(I18n.lang('common', 'task_successful', 'Task successful')) set_flash_message(I18n.lang('common', 'task_successful', 'Task successful'))
redirect(self.url) redirect(self.url)
else: else:
return self.t.load_template(self.template_verify_delete, url=self.url, item_id=GetPostFiles.get['id'], op_admin=3, verified=1) return self.t.load_template(self.template_verify_delete, url=self.url, item_id=getpostfiles.get['id'], op_admin=3, verified=1)
else: else:
return self.t.load_template(self.template_admin, admin=self) return self.t.load_template(self.template_admin, admin=self)

34
paramecio/citoplasma/httputils.py
View file

@ -7,37 +7,38 @@ from paramecio.citoplasma.keyutils import create_key_encrypt
class GetPostFiles: class GetPostFiles:
# Need this for obtain utf8 valid values # Need this for obtain utf8 valid values
get={}
post={} def __init__(self):
files={} self.get={}
@staticmethod self.post={}
def obtain_get():
GetPostFiles.get={} self.files={}
GetPostFiles.get=request.query.decode() def obtain_get(self):
@staticmethod self.get={}
def obtain_post(required_post=[]):
GetPostFiles.post={} self.get=request.query.decode()
GetPostFiles.post=request.forms.decode() def obtain_post(self, required_post=[]):
self.post={}
self.post=request.forms.decode()
for post in required_post: for post in required_post:
GetPostFiles.post[post]=GetPostFiles.post.get(post, '') self.post[post]=self.post.get(post, '')
s=get_session() s=get_session()
if 'csrf_token' in s: if 'csrf_token' in s:
GetPostFiles.post['csrf_token']=GetPostFiles.post.get('csrf_token', '') self.post['csrf_token']=self.post.get('csrf_token', '')
if GetPostFiles.post['csrf_token']!=s['csrf_token'] and GetPostFiles.post['csrf_token'].strip()!="": if self.post['csrf_token']!=s['csrf_token'] and self.post['csrf_token'].strip()!="":
raise NameError('Error: you need a valid csrf_token') raise NameError('Error: you need a valid csrf_token')
else: else:
@ -51,7 +52,6 @@ class GetPostFiles:
#Check post_token #Check post_token
@staticmethod def obtain_files(self):
def obtain_files():
GetPostFiles.files=request.files self.files=request.files

2
paramecio/citoplasma/mtemplates.py
View file

@ -316,7 +316,7 @@ class HeaderHTML:
return message return message
def set_flash_message(self, message): def set_flash_message(message):
s=get_session() s=get_session()

9
paramecio/cromosoma/usermodel.py
View file

@ -88,9 +88,13 @@ class UserModel(WebModel):
#GetPostFiles.obtain_get() #GetPostFiles.obtain_get()
#GetPostFiles.obtain_post() #GetPostFiles.obtain_post()
get_id=GetPostFiles.get.get(self.name_field_id, '0') getpostfiles=GetPostFiles()
post_id=GetPostFiles.post.get(self.name_field_id, '0') getpostfiles.obtain_get()
get_id=getpostfiles.get.get(self.name_field_id, '0')
post_id=getpostfiles.post.get(self.name_field_id, '0')
if get_id!='0': if get_id!='0':
get_id=int(get_id) get_id=int(get_id)
@ -125,6 +129,7 @@ class UserModel(WebModel):
self.conditions[1].append([dict_values[self.email_field]]) self.conditions[1].append([dict_values[self.email_field]])
if get_id>0: if get_id>0:
self.conditions[0]+=' AND '+self.name_field_id+'!=%s' self.conditions[0]+=' AND '+self.name_field_id+'!=%s'
self.conditions[1].append(get_id) self.conditions[1].append(get_id)

26
paramecio/modules/admin/index.py
View file

@ -212,14 +212,16 @@ def login():
user_admin=UserAdmin(connection) user_admin=UserAdmin(connection)
GetPostFiles.obtain_post() getpostfiles=GetPostFiles()
GetPostFiles.post['username']=GetPostFiles.post.get('username', '') getpostfiles.obtain_post()
GetPostFiles.post['password']=GetPostFiles.post.get('password', '')
username=user_admin.fields['username'].check(GetPostFiles.post['username']) getpostfiles.post['username']=getpostfiles.post.get('username', '')
getpostfiles.post['password']=getpostfiles.post.get('password', '')
password=GetPostFiles.post['password'].strip() username=user_admin.fields['username'].check(getpostfiles.post['username'])
password=getpostfiles.post['password'].strip()
user_admin.conditions=['WHERE username=%s', [username]] user_admin.conditions=['WHERE username=%s', [username]]
@ -244,7 +246,7 @@ def login():
if s['lang']=='': if s['lang']=='':
s['lang']=I18n.default_lang s['lang']=I18n.default_lang
remember_login=GetPostFiles.post.get('remember_login', '0') remember_login=getpostfiles.post.get('remember_login', '0')
if remember_login=='1': if remember_login=='1':
@ -277,6 +279,8 @@ def login():
@post('/'+config.admin_folder+'/register') @post('/'+config.admin_folder+'/register')
def register(): def register():
getpostfiles=GetPostFiles()
connection=WebModel.connection() connection=WebModel.connection()
user_admin=UserAdmin(connection) user_admin=UserAdmin(connection)
@ -287,15 +291,15 @@ def register():
if c==0: if c==0:
GetPostFiles.obtain_post() getpostfiles.obtain_post()
GetPostFiles.post['privileges']=2 getpostfiles.post['privileges']=2
user_admin.valid_fields=['username', 'email', 'password', 'privileges'] user_admin.valid_fields=['username', 'email', 'password', 'privileges']
user_admin.create_forms() user_admin.create_forms()
if user_admin.insert(GetPostFiles.post, False): if user_admin.insert(getpostfiles.post, False):
error= {'error': 0} error= {'error': 0}
@ -303,9 +307,9 @@ def register():
else: else:
user_admin.check_all_fields(GetPostFiles.post, False) user_admin.check_all_fields(getpostfiles.post, False)
pass_values_to_form(GetPostFiles.post, user_admin.forms, yes_error=True) pass_values_to_form(getpostfiles.post, user_admin.forms, yes_error=True)
error={'error': 1} error={'error': 1}