diff options
Diffstat (limited to 'cgi/formatting.py')
| -rw-r--r-- | cgi/formatting.py | 76 |
1 files changed, 37 insertions, 39 deletions
diff --git a/cgi/formatting.py b/cgi/formatting.py index 8037257..96bb73b 100644 --- a/cgi/formatting.py +++ b/cgi/formatting.py @@ -1,11 +1,10 @@ # coding=utf-8 import string -import cgi +import html import os import re import pickle import time -import _mysql from database import * from framework import * @@ -24,7 +23,7 @@ def format_post(message, ip, parentid, parent_timestamp=0): # Escape any HTML if user is not using Markdown or HTML if not Settings.USE_HTML: - message = cgi.escape(message) + message = html.escape(message) # Strip text message = message.rstrip()[0:8000] @@ -63,9 +62,7 @@ def tripcode(name): return '', '' board = Settings._.BOARD - - name = name.decode('utf-8') - key = Settings.TRIP_CHAR.decode('utf-8') + key = Settings.TRIP_CHAR # if there's a trip (namepart, marker, trippart) = name.partition('#') @@ -89,23 +86,24 @@ def tripcode(name): # return it if we don't have a normal tripcode if trippart == '': - return namepart.encode('utf-8'), trip.encode('utf-8') + return namepart, trip # do normal tripcode from crypt import crypt - try: - trippart = trippart.encode("sjis", "ignore") - except: - pass + #try: + # trippart = trippart.encode("sjis", "ignore") + #except: + # pass - trippart = cleanString(trippart, True, True) + trippart = html.unescape(trippart) + trippart = html.escape(trippart, True) salt = re.sub(r"[^\.-z]", ".", (trippart + "H..")[1:3]) - salt = salt.translate(string.maketrans(r":;=?@[\]^_`", "ABDFGabcdef")) + salt = salt.translate(str.maketrans(r":;=?@[\]^_`", "ABDFGabcdef")) trip = key + crypt(trippart, salt)[-10:] + trip - return namepart.encode('utf-8'), trip.encode('utf-8') + return namepart, trip - return name.encode('utf-8'), '' + return name, '' def iphash(ip, post, t, useid, mobile, agent, cap_id, hide_end, has_countrycode): @@ -113,7 +111,7 @@ def iphash(ip, post, t, useid, mobile, agent, cap_id, hide_end, has_countrycode) if cap_id: id = cap_id - elif 'sage' in post['email'] and useid == '1': + elif post['email'] and useid: id = '???' elif ip == "127.0.0.1": id = '???' @@ -121,7 +119,8 @@ def iphash(ip, post, t, useid, mobile, agent, cap_id, hide_end, has_countrycode) day = int((current_t + (Settings.TIME_ZONE*3600)) / 86400) word = ',' + str(day) # IDs change every 24 hours word += ',' + str(t) # IDs vary depending on thread - id = hide_data(ip + word, 6, "id", Settings.SECRET) + + id = getb64(getMD5(ip + word + Settings.SECRET))[:8] if hide_end: id += '*' @@ -133,7 +132,7 @@ def iphash(ip, post, t, useid, mobile, agent, cap_id, hide_end, has_countrycode) id += 'a' elif 'iPhone' in agent: id += 'i' - elif useid == '3': + elif useid == 3: if 'Firefox' in agent: id += 'F' elif 'Safari' in agent and not 'Chrome' in agent: @@ -169,7 +168,7 @@ def iphash(ip, post, t, useid, mobile, agent, cap_id, hide_end, has_countrycode) def cleanString(string, escape=True, quote=False): string = string.strip() if escape: - string = cgi.escape(string, quote) + string = html.escape(string, quote) return string @@ -191,8 +190,7 @@ def videoThumbs(message): matches = __RE.finditer(message) if matches: import json - import urllib - import urllib2 + import urllib.request, urllib.parse, urllib.error v_ids = [] videos = {} @@ -206,7 +204,7 @@ def videoThumbs(message): 'url': match.group(1), } if len(v_ids) >= Settings.VIDEO_THUMBS_LIMIT: - raise UserError, "Has incluído muchos videos en tu mensaje. El máximo es %d." % Settings.VIDEO_THUMBS_LIMIT + raise UserError("Has incluído muchos videos en tu mensaje. El máximo es %d." % Settings.VIDEO_THUMBS_LIMIT) if videos: params = { @@ -215,8 +213,8 @@ def videoThumbs(message): 'id': ','.join(v_ids) } r_url = "https://www.googleapis.com/youtube/v3/videos?" + \ - urllib.urlencode(params) - res = urllib2.urlopen(r_url) + urllib.parse.urlencode(params) + res = urllib.request.urlopen(r_url) res_json = json.load(res) offset = 0 @@ -227,14 +225,14 @@ def videoThumbs(message): try: new_url = '<a href="%(url)s" target="_blank" class="yt"><span class="pvw"><img src="%(thumb)s" /></span><b>%(title)s</b> (%(secs)s)<br />%(channel)s</a><br />' \ - % {'title': item['snippet']['title'].encode('utf-8'), - 'channel': item['snippet']['channelTitle'].encode('utf-8'), - 'secs': parseIsoPeriod(item['contentDetails']['duration']).encode('utf-8'), + % {'title': item['snippet']['title'], + 'channel': item['snippet']['channelTitle'], + 'secs': parseIsoPeriod(item['contentDetails']['duration']), 'url': videos[v_id]['url'], - 'id': v_id.encode('utf-8'), - 'thumb': item['snippet']['thumbnails']['default']['url'].encode('utf-8'), } + 'id': v_id, + 'thumb': item['snippet']['thumbnails']['default']['url'], } except UnicodeDecodeError: - raise UserError, repr(v_id) + raise UserError(repr(v_id)) message = message[:start+offset] + new_url + message[end+offset:] offset += len(new_url) - (end-start) @@ -323,7 +321,7 @@ def close_html(message): message = message.encode('utf-8') soup = BeautifulSoup.BeautifulSoup(message) - return unicode(soup).replace(' ', '').encode('utf-8') + return str(soup).replace(' ', '').encode('utf-8') def sanitize_html(message, decode=True): @@ -353,7 +351,7 @@ def sanitize_html(message, decode=True): del tag[attr] # We export the soup into a correct XHTML string - string = unicode(soup).encode('utf-8') + string = str(soup).encode('utf-8') # We remove some anomalies we don't want string = string.replace('<br/>', '<br />').replace(' ', '') @@ -374,11 +372,11 @@ def checkWordfilters(message, ip, board): "SELECT * FROM `filters` WHERE `type` = '0' ORDER BY `id` ASC") for wordfilter in wordfilters: if wordfilter["boards"] != "": - boards = pickle.loads(wordfilter["boards"]) + boards = pickle.loads(wordfilter["boards"].encode("utf-8")) if wordfilter["boards"] == "" or board in boards: if wordfilter['action'] == '0': if not re.search(wordfilter['from'], message, re.DOTALL | re.IGNORECASE) is None: - raise UserError, wordfilter['reason'] + raise UserError(wordfilter['reason']) elif wordfilter['action'] == '1': message = re.compile(wordfilter['from'], re.DOTALL | re.IGNORECASE).sub( wordfilter['to'], message) @@ -395,10 +393,10 @@ def checkWordfilters(message, ip, board): "', " + str(timestamp()) + ", " + until + ", 'System', '" + _mysql.escape_string(wordfilter['reason']) + "', 'Word Auto-ban', '"+_mysql.escape_string(wordfilter['blind'])+"')") regenerateAccess() - raise UserError, wordfilter['reason'] + raise UserError(wordfilter['reason']) elif wordfilter['action'] == '3': if not re.search(wordfilter['from'], message, re.DOTALL | re.IGNORECASE) is None: - raise UserError, '<meta http-equiv="refresh" content="%s;url=%s" />%s' % (wordfilter['redirect_time'], wordfilter['redirect_url'], wordfilter['reason']) + raise UserError('<meta http-equiv="refresh" content="%s;url=%s" />%s' % (wordfilter['redirect_time'], wordfilter['redirect_url'], wordfilter['reason'])) return message @@ -428,7 +426,7 @@ def checkNamefilters(name, tripcode, ip, board): if match: # do action if namefilter['action'] == '0': - raise UserError, namefilter['reason'] + raise UserError(namefilter['reason']) elif namefilter['action'] == '1': name = namefilter['to'] tripcode = '' @@ -445,7 +443,7 @@ def checkNamefilters(name, tripcode, ip, board): "', " + str(timestamp()) + ", " + until + ", 'System', '" + _mysql.escape_string(namefilter['reason']) + "', 'Name Auto-ban', '"+_mysql.escape_string(namefilter['blind'])+"')") regenerateAccess() - raise UserError, namefilter['reason'] + raise UserError(namefilter['reason']) elif namefilter['action'] == '3': - raise UserError, '<meta http-equiv="refresh" content="%s;url=%s" />%s' % (namefilter['redirect_time'], namefilter['redirect_url'], namefilter['reason']) + raise UserError('<meta http-equiv="refresh" content="%s;url=%s" />%s' % (namefilter['redirect_time'], namefilter['redirect_url'], namefilter['reason'])) return name, tripcode |