~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/dispatch/__init__.py

  • Committer: William Grant
  • Date: 2010-02-26 06:33:35 UTC
  • Revision ID: grantw@unimelb.edu.au-20100226063335-25ka31up8cegwaiz
ivle.interpret.execute_raw now sets a clean environment, in particular with HOME set correctly.

Show diffs side-by-side

added added

removed removed

Lines of Context:
30
30
import os
31
31
import os.path
32
32
import urllib
 
33
import urlparse
33
34
import cgi
34
35
import traceback
35
36
import logging
44
45
import ivle.webapp.security
45
46
from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin
46
47
from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView
47
 
from ivle.webapp.errors import HTTPError, Unauthorized, NotFound
 
48
from ivle.webapp.errors import BadRequest, HTTPError, NotFound, Unauthorized
48
49
from ivle.webapp.publisher import Publisher, PublishingError
49
50
from ivle.webapp import ApplicationRoot
50
51
 
125
126
    # Make the request object into an IVLE request which can be given to views
126
127
    req = Request(apachereq, config)
127
128
 
128
 
    # Hack? Try and get the user login early just in case we throw an error
129
 
    # (most likely 404) to stop us seeing not logged in even when we are.
130
 
    if not req.publicmode:
131
 
        user = ivle.webapp.security.get_user_details(req)
132
 
 
133
 
        # Don't set the user if it is disabled or hasn't accepted the ToS.
134
 
        if user and user.valid:
135
 
            req.user = user
136
 
 
137
129
    req.publisher = generate_publisher(
138
 
        config.plugin_index[ViewPlugin],
139
 
        ApplicationRoot(req.config, req.store, req.user),
 
130
        config.plugin_index[ViewPlugin], ApplicationRoot(req),
140
131
        publicmode=req.publicmode)
141
132
 
142
133
    try:
157
148
                    raise Unauthorized('Unauthorized: %s' % view)
158
149
                else:
159
150
                    raise Unauthorized()
 
151
 
 
152
            # Non-GET requests from other sites leave us vulnerable to
 
153
            # CSRFs. Block them.
 
154
            referer = req.headers_in.get('Referer')
 
155
            if (referer is None or
 
156
                urlparse.urlparse(req.headers_in.get('Referer')).netloc !=
 
157
                    req.hostname):
 
158
                if req.method != 'GET' and not view.offsite_posts_allowed:
 
159
                    raise BadRequest(
 
160
                        "Non-GET requests from external sites are forbidden "
 
161
                        "for security reasons.")
 
162
 
160
163
            # Render the output
161
164
            view.render(req)
162
165
        except HTTPError, e:
188
191
            handle_unknown_exception(req, *sys.exc_info())
189
192
            return req.OK
190
193
        else:
191
 
            req.store.commit()
 
194
            # Commit the transaction if we have a store open.
 
195
            req.commit()
192
196
            return req.OK
193
197
    except Unauthorized, e:
194
198
        # Resolution failed due to a permission check. Display a pretty
206
210
 
207
211
        return req.OK
208
212
    finally:
209
 
        req.store.close()
 
213
        # Make sure we close the store.
 
214
        req.cleanup()
210
215
 
211
216
def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):
212
217
    """