diff options
Diffstat (limited to 'cgi/manage.py')
-rw-r--r-- | cgi/manage.py | 150 |
1 files changed, 69 insertions, 81 deletions
diff --git a/cgi/manage.py b/cgi/manage.py index 40be3b2..0053f54 100644 --- a/cgi/manage.py +++ b/cgi/manage.py @@ -35,7 +35,7 @@ def manage(self, path_split): UpdateDb("DELETE FROM `logs` WHERE `timestamp` < %s", (timestamp() - Settings.MANAGE_LOG_TIME,)) else: page += _('Incorrect username/password.') - logAction('', 'Failed log-in. U:'+_mysql.escape_string(self.formdata['username'])+' IP logged.') + logAction('', 'Failed log-in. U:'+self.formdata['username']+' IP logged.') logging.warn("Failed log-in. U:{} IP:{}".format(self.formdata['username'], self.environ["REMOTE_ADDR"])) else: # Validate existing session @@ -687,10 +687,9 @@ def manage(self, path_split): return if self.formdata['seconds'] != '0': - until = str( - timestamp() + int(self.formdata['seconds'])) + until = timestamp() + int(self.formdata['seconds']) else: - until = '0' + until = 0 where = '' if 'board_all' not in self.formdata: where = [] @@ -701,7 +700,7 @@ def manage(self, path_split): if self.formdata[keyname] == "1": where.append(board['dir']) if len(where) > 0: - where = pickle.dumps(where) + where = boards2str(where) else: self.error( _("You must select where the ban shall be placed")) @@ -719,14 +718,14 @@ def manage(self, path_split): return""" # Blind mode - blind = self.formdata.get('blind', '0') + blind = self.formdata.get('blind', 0) #raise UserError, "{} {} {}".format(ipstart, ipend, ipstr) # Banear sin mensaje - InsertDb("INSERT INTO `bans` (`ipstart`, `ipend`, `ipstr`, `boards`, `added`, `until`, `staff`, `reason`, `note`, `blind`) VALUES (INET6_ATON('" + - ipstart + "'), INET6_ATON('" + ipend + "'), '" + ipstr + "', '" + - _mysql.escape_string(where) + "', " + str(timestamp()) + ", " + until + ", '" + _mysql.escape_string(staff_account['username']) + "', '" + _mysql.escape_string(self.formdata['reason']) + "', '" + _mysql.escape_string(self.formdata['note']) + "', '"+blind+"')") + InsertDb("INSERT INTO `bans` (`ipstart`, `ipend`, `ipstr`, `boards`, `added`, `until`, `staff`, `reason`, `note`, `blind`) VALUES " + "(INET6_ATON(%s), INET6_ATON(%s), %s, %s, %s, %s, %s, %s, %s, %s)", + (ipstart, ipend, ipstr, where, timestamp(), until, staff_account['username'], self.formdata['reason'], self.formdata['note'], blind)) regenerateAccess() if 'edit' in self.formdata: @@ -747,18 +746,18 @@ def manage(self, path_split): 'reason': '', 'note': '', 'message': '(GET OUT)', - 'seconds': '0', - 'blind': '1'} + 'seconds': 0, + 'blind': 1} edit_id = 0 if 'edit' in self.formdata: edit_id = self.formdata['edit'] - ban = FetchOne("SELECT `id`, INET6_NTOA(`ip`) AS 'ip', CASE WHEN `netmask` IS NULL THEN '255.255.255.255' ELSE INET_NTOA(`netmask`) END AS 'netmask', boards, added, until, staff, reason, note, blind FROM `bans` WHERE `id` = '" + - _mysql.escape_string(edit_id) + "' ORDER BY `added` DESC") + ban = FetchOne("SELECT `id`, INET6_NTOA(`ip`) AS 'ip', CASE WHEN `netmask` IS NULL THEN '255.255.255.255' ELSE INET_NTOA(`netmask`) END AS 'netmask', boards, added, until, staff, reason, note, blind FROM `bans` WHERE `id` = %s ORDER BY `added` DESC", + (edit_id,)) if ban: if ban['boards'] == '': where = '' else: - where = pickle.loads(ban['boards']) + where = boards2str(ban['boards']) if ban['until'] == '0': until = 0 else: @@ -785,12 +784,12 @@ def manage(self, path_split): action_taken = False if len(path_split) > 4: if path_split[3] == 'delete': - ip = FetchOne("SELECT ipstr FROM `bans` WHERE `id` = '" + - _mysql.escape_string(path_split[4]) + "' LIMIT 1", 0)[0] - if ip != '': + ip = FetchOne("SELECT ipstr FROM `bans` WHERE `id` = %s LIMIT 1", + (path_split[4],)) + if ip: # Delete ban - UpdateDb('DELETE FROM `bans` WHERE `id` = ' + - _mysql.escape_string(path_split[4]) + ' LIMIT 1') + UpdateDb('DELETE FROM `bans` WHERE `id` = %s LIMIT 1', + (path_split[4],)) regenerateAccess() message = _('Ban successfully deleted.') template_filename = "message.html" @@ -809,18 +808,18 @@ def manage(self, path_split): if ban['boards'] == '': ban['boards'] = _('All boards') else: - where = pickle.loads(ban['boards'].encode('utf-8')) + where = str2boards(ban['boards']) if len(where) > 1: ban['boards'] = '/' + \ '/, /'.join(where) + '/' else: ban['boards'] = '/' + where[0] + '/' ban['added'] = formatTimestamp(ban['added']) - if ban['until'] == '0': + if ban['until'] == 0: ban['until'] = _('Does not expire') else: ban['until'] = formatTimestamp(ban['until']) - if ban['blind'] == '1': + if ban['blind']: ban['blind'] = 'Sí' else: ban['blind'] = 'No' @@ -876,50 +875,50 @@ def manage(self, path_split): board['slip'] = self.formdata['slip'] board['countrycode'] = self.formdata['countrycode'] if 'recyclebin' in self.formdata: - board['recyclebin'] = '1' + board['recyclebin'] = 1 else: - board['recyclebin'] = '0' + board['recyclebin'] = 0 if 'disable_name' in self.formdata: - board['disable_name'] = '1' + board['disable_name'] = 1 else: - board['disable_name'] = '0' + board['disable_name'] = 0 if 'disable_subject' in self.formdata: - board['disable_subject'] = '1' + board['disable_subject'] = 1 else: - board['disable_subject'] = '0' + board['disable_subject'] = 0 if 'secret' in self.formdata: - board['secret'] = '1' + board['secret'] = 1 else: - board['secret'] = '0' + board['secret'] = 0 if 'locked' in self.formdata: - board['locked'] = '1' + board['locked'] = 1 else: - board['locked'] = '0' + board['locked'] = 0 board['postarea_desc'] = self.formdata['postarea_desc'] if 'allow_noimage' in self.formdata: - board['allow_noimage'] = '1' + board['allow_noimage'] = 1 else: - board['allow_noimage'] = '0' + board['allow_noimage'] = 0 if 'allow_images' in self.formdata: - board['allow_images'] = '1' + board['allow_images'] = 1 else: - board['allow_images'] = '0' + board['allow_images'] = 0 if 'allow_image_replies' in self.formdata: - board['allow_image_replies'] = '1' + board['allow_image_replies'] = 1 else: - board['allow_image_replies'] = '0' + board['allow_image_replies'] = 0 if 'allow_spoilers' in self.formdata: - board['allow_spoilers'] = '1' + board['allow_spoilers'] = 1 else: - board['allow_spoilers'] = '0' + board['allow_spoilers'] = 0 if 'allow_oekaki' in self.formdata: - board['allow_oekaki'] = '1' + board['allow_oekaki'] = 1 else: - board['allow_oekaki'] = '0' + board['allow_oekaki'] = 0 if 'archive' in self.formdata: - board['archive'] = '1' + board['archive'] = 1 else: - board['archive'] = '0' + board['archive'] = 0 board['postarea_extra'] = self.formdata['postarea_extra'] board['force_css'] = self.formdata['force_css'] @@ -932,8 +931,7 @@ def manage(self, path_split): board['id'], filetype['id'])) try: - board['numthreads'] = int( - self.formdata['numthreads']) + board['numthreads'] = int(self.formdata['numthreads']) except: raise UserError(_("Max threads shown must be numeric.")) @@ -963,14 +961,12 @@ def manage(self, path_split): raise UserError(_("Max age must be numeric.")) try: - board['maxinactive'] = int( - self.formdata['maxinactive']) + board['maxinactive'] = int(self.formdata['maxinactive']) except: raise UserError(_("Max inactivity must be numeric.")) try: - board['threadsecs'] = int( - self.formdata['threadsecs']) + board['threadsecs'] = int(self.formdata['threadsecs']) except: raise UserError(_("Time between new threads must be numeric.")) @@ -1306,7 +1302,7 @@ def manage(self, path_split): 'SELECT * FROM archive WHERE boardid = %s ORDER BY timestamp DESC' % board['id']) for item in threads: t = time.time() - self.output += item['timestamp'] + '<br />' + self.output += str(item['timestamp']) + '<br />' fname = Settings.ROOT_DIR + \ board["dir"] + "/kako/" + \ str(item["timestamp"]) + ".json" @@ -1367,10 +1363,10 @@ def manage(self, path_split): new_timestamp_formatted = formatTimestamp( post['timestamp']) tim = 0 - if board["useid"] != '0': + if board["useid"] != 0: new_timestamp_formatted += ' ID:' + \ - iphash(post['ip'], '', tim, '1', - False, False, False, '0') + iphash(post['ip'], '', tim, 1, + False, False, False, 0) self.output += "%s - %s <br />" % ( post['id'], new_timestamp_formatted) query = "UPDATE `posts` SET timestamp_formatted = '%s' WHERE boardid = '%s' AND id = '%s'" % ( @@ -1442,7 +1438,6 @@ def manage(self, path_split): filter_from = '' filter_tripcode = '' - # I don't like pickles... oh well. where = '' if 'board_all' not in self.formdata: where = [] @@ -1453,8 +1448,7 @@ def manage(self, path_split): if self.formdata[keyname] == "1": where.append(board['dir']) if len(where) > 0: - where = _mysql.escape_string( - pickle.dumps(where)) + where = boards2str(where) else: self.error( _("You must select what board the filter will affect")) @@ -1560,10 +1554,10 @@ def manage(self, path_split): edit_id = int(self.formdata['edit']) filt = FetchOne( "SELECT * FROM `filters` WHERE `id` = %s LIMIT 1" % str(edit_id)) - if filt['boards'] == '': + if not filt['boards']: where = '' else: - where = pickle.loads(filt['boards']) + where = str2boards(filt['boards']) startvalues = {'type': filt['type'], 'trip': filt['from_trip'], 'where': where, @@ -1615,18 +1609,13 @@ def manage(self, path_split): action_taken = True if not action_taken: - filters = FetchAll( - "SELECT * FROM `filters` ORDER BY `added` DESC") + filters = FetchAll("SELECT * FROM `filters` ORDER BY `added` DESC") for filter in filters: if not filter['boards']: filter['boards'] = _('All boards') else: - where = pickle.loads(filter['boards'].encode('utf-8')) - if len(where) > 1: - filter['boards'] = '/' + \ - '/, /'.join(where) + '/' - else: - filter['boards'] = '/' + where[0] + '/' + where = str2boards(filter['boards']) + filter['boards'] = '/' + '/, /'.join(where) + '/' if filter['type'] == 0: filter['type_formatted'] = _('Word:') + ' <b>' + html.escape(filter['from']) + '</b>' elif filter['type'] == 1: @@ -1834,10 +1823,10 @@ def manage(self, path_split): message = None import math - pagesize = float(Settings.REPORTS_PER_PAGE) + pagesize = Settings.REPORTS_PER_PAGE totals = FetchOne("SELECT COUNT(id) FROM `reports`") total = int(totals['COUNT(id)']) - pages = int(math.ceil(total / pagesize)) + pages = int(math.ceil(total // pagesize)) try: currentpage = int(path_split[3]) @@ -1847,24 +1836,23 @@ def manage(self, path_split): if len(path_split) > 4: if path_split[4] == 'ignore': # Delete report - UpdateDb("DELETE FROM `reports` WHERE `id` = '" + - _mysql.escape_string(path_split[5])+"'") + UpdateDb("DELETE FROM `reports` WHERE `id` = %s", (path_split[5],)) message = _('Report %s ignored.') % path_split[5] if 'ignore' in self.formdata: ignored = 0 if 'board' in self.formdata and self.formdata['board'] != 'all': - reports = FetchAll("SELECT `id` FROM `reports` WHERE `board` = '%s' ORDER BY `timestamp` DESC LIMIT %d, %d" % ( - _mysql.escape_string(self.formdata['board']), currentpage*pagesize, pagesize)) + reports = FetchAll("SELECT `id` FROM `reports` WHERE `board` = %s ORDER BY `timestamp` DESC LIMIT %s, %s", + (self.formdata['board'], currentpage*pagesize, pagesize)) else: - reports = FetchAll("SELECT `id` FROM `reports` ORDER BY `timestamp` DESC LIMIT %d, %d" % ( - currentpage*pagesize, pagesize)) + reports = FetchAll("SELECT `id` FROM `reports` ORDER BY `timestamp` DESC LIMIT %s, %s", + (currentpage*pagesize, pagesize)) for report in reports: keyname = 'i' + report['id'] if keyname in self.formdata: # Ignore here - UpdateDb("DELETE FROM `reports` WHERE `id` = '" + - _mysql.escape_string(report['id'])+"'") + UpdateDb("DELETE FROM `reports` WHERE `id` = %s", + (report['id'],)) ignored += 1 message = _('Ignored %s report(s).') % str(ignored) @@ -1880,11 +1868,11 @@ def manage(self, path_split): # Tabla if 'board' in self.formdata and self.formdata['board'] != 'all': - reports = FetchAll("SELECT id, timestamp, timestamp_formatted, postid, parentid, link, board, INET6_NTOA(ip) AS ip, reason, INET6_NTOA(repip) AS repip FROM `reports` WHERE `board` = '%s' ORDER BY `timestamp` DESC LIMIT %d, %d" % ( - _mysql.escape_string(self.formdata['board']), currentpage*pagesize, pagesize)) + reports = FetchAll("SELECT id, timestamp, timestamp_formatted, postid, parentid, link, board, INET6_NTOA(ip) AS ip, reason, INET6_NTOA(repip) AS repip FROM `reports` WHERE `board` = %s ORDER BY `timestamp` DESC LIMIT %s, %s", + (self.formdata['board'], currentpage*pagesize, pagesize)) else: - reports = FetchAll("SELECT id, timestamp, timestamp_formatted, postid, parentid, link, board, INET6_NTOA(ip) AS ip, reason, INET6_NTOA(repip) AS repip FROM `reports` ORDER BY `timestamp` DESC LIMIT %d, %d" % ( - currentpage*pagesize, pagesize)) + reports = FetchAll("SELECT id, timestamp, timestamp_formatted, postid, parentid, link, board, INET6_NTOA(ip) AS ip, reason, INET6_NTOA(repip) AS repip FROM `reports` ORDER BY `timestamp` DESC LIMIT %s, %s", + (currentpage*pagesize, pagesize)) if 'board' in self.formdata: curboard = self.formdata['board'] |