~azzar1/unity/add-show-desktop-key

Viewing changes to www/dispatch/__init__.py

Committer: mattgiuca
Date: 2008-07-21 04:21:18 UTC
Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:917

interpret.py: Removed the code which removes HTTP_COOKIE from the CGI
    environment. Student code can now access cookies.
Note: This was previously a security risk because malicious code could
steal IVLE cookies. Now that we have separate domain space for other users,
the worst you can do is:
    a) Steal your own IVLE cookie.
    b) Steal other user's non-IVLE cookies (ie. other public cookies).

This makes all student code vulnerable to cookie theft, but that is simply a
disclaimer (if you use cookies, your apps are vulnerable). It is not a
security risk to IVLE itself.

files added:
buildjail.sh

enrolallusers.py

lib/common/date.py

lib/common/svn.py

lib/pulldown_subj

lib/pulldown_subj/__init__.py

lib/pulldown_subj/dummy_subj.py

lib/pulldown_subj/subjecterror.py

marks.py

mountallusers.py

remakeuser.py

scripts/interpretservice

scripts/svnlogservice

setup

setup/__init__.py

setup/build.py

setup/configure.py

setup/install.py

setup/listmake.py

setup/setuputil.py

timount

timount/Makefile

timount/timount.c

userdb/migrations

userdb/migrations/20080715-01.sql

userdb/migrations/20080718-01.sql

userdb/migrations/20080721-01.sql

userdb/migrations/20080721-02.sql

userdb/migrations/README

www/apps/svnlog

www/apps/svnlog/__init__.py

www/media/common/codepress

www/media/common/codepress/codepress.css

www/media/common/codepress/codepress.html

www/media/common/codepress/codepress.js

www/media/common/codepress/engines

www/media/common/codepress/engines/gecko.js

www/media/common/codepress/engines/khtml.js

www/media/common/codepress/engines/msie.js

www/media/common/codepress/engines/older.js

www/media/common/codepress/engines/opera.js

www/media/common/codepress/images

www/media/common/codepress/images/line-numbers.png

www/media/common/codepress/index.html

www/media/common/codepress/languages

www/media/common/codepress/languages/asp.css

www/media/common/codepress/languages/asp.js

www/media/common/codepress/languages/autoit.css

www/media/common/codepress/languages/autoit.js

www/media/common/codepress/languages/csharp.css

www/media/common/codepress/languages/csharp.js

www/media/common/codepress/languages/css.css

www/media/common/codepress/languages/css.js

www/media/common/codepress/languages/generic.css

www/media/common/codepress/languages/generic.js

www/media/common/codepress/languages/html.css

www/media/common/codepress/languages/html.js

www/media/common/codepress/languages/java.css

www/media/common/codepress/languages/java.js

www/media/common/codepress/languages/javascript.css

www/media/common/codepress/languages/javascript.js

www/media/common/codepress/languages/perl.css

www/media/common/codepress/languages/perl.js

www/media/common/codepress/languages/php.css

www/media/common/codepress/languages/php.js

www/media/common/codepress/languages/python.css

www/media/common/codepress/languages/python.js

www/media/common/codepress/languages/ruby.css

www/media/common/codepress/languages/ruby.js

www/media/common/codepress/languages/sql.css

www/media/common/codepress/languages/sql.js

www/media/common/codepress/languages/text.css

www/media/common/codepress/languages/text.js

www/media/common/codepress/languages/vbscript.css

www/media/common/codepress/languages/vbscript.js

www/media/common/codepress/languages/xsl.css

www/media/common/codepress/languages/xsl.js

www/media/common/codepress/license.txt

www/media/forum

www/media/forum/forum.css

www/media/help

www/media/help/help.css

www/media/images/tutorial/tiny

www/media/images/tutorial/tiny/complete.png

www/media/images/tutorial/tiny/incomplete.png

www/media/images/tutorial/tiny/semicomplete.png

www/media/svn

www/media/svn/log.css

files removed:
remakeallusers.py

remakeuser.py

www/media/common/edit_area

www/media/common/edit_area/edit_area.css

www/media/common/edit_area/edit_area.js

www/media/common/edit_area/edit_area_compressor.php

www/media/common/edit_area/edit_area_full.gz

www/media/common/edit_area/edit_area_full.js

www/media/common/edit_area/edit_area_full_with_plugins.gz

www/media/common/edit_area/edit_area_full_with_plugins.js

www/media/common/edit_area/edit_area_functions.js

www/media/common/edit_area/edit_area_loader.js

www/media/common/edit_area/elements_functions.js

www/media/common/edit_area/highlight.js

www/media/common/edit_area/images

www/media/common/edit_area/images/Thumbs.db

www/media/common/edit_area/images/close.gif

www/media/common/edit_area/images/fullscreen.gif

www/media/common/edit_area/images/go_to_line.gif

www/media/common/edit_area/images/help.gif

www/media/common/edit_area/images/highlight.gif

www/media/common/edit_area/images/load.gif

www/media/common/edit_area/images/move.gif

www/media/common/edit_area/images/newdocument.gif

www/media/common/edit_area/images/opacity.png

www/media/common/edit_area/images/processing.gif

www/media/common/edit_area/images/redo.gif

www/media/common/edit_area/images/reset_highlight.gif

www/media/common/edit_area/images/save.gif

www/media/common/edit_area/images/search.gif

www/media/common/edit_area/images/smooth_selection.gif

www/media/common/edit_area/images/spacer.gif

www/media/common/edit_area/images/statusbar_resize.gif

www/media/common/edit_area/images/undo.gif

www/media/common/edit_area/keyboard.js

www/media/common/edit_area/langs

www/media/common/edit_area/langs/de.js

www/media/common/edit_area/langs/dk.js

www/media/common/edit_area/langs/en.js

www/media/common/edit_area/langs/es.js

www/media/common/edit_area/langs/fr.js

www/media/common/edit_area/langs/hr.js

www/media/common/edit_area/langs/it.js

www/media/common/edit_area/langs/ja.js

www/media/common/edit_area/langs/nl.js

www/media/common/edit_area/langs/pl.js

www/media/common/edit_area/langs/pt.js

www/media/common/edit_area/langs/sk.js

www/media/common/edit_area/license.txt

www/media/common/edit_area/manage_area.js

www/media/common/edit_area/plugins

www/media/common/edit_area/plugins/charmap

www/media/common/edit_area/plugins/charmap/charmap.js

www/media/common/edit_area/plugins/charmap/css

www/media/common/edit_area/plugins/charmap/css/charmap.css

www/media/common/edit_area/plugins/charmap/images

www/media/common/edit_area/plugins/charmap/images/Thumbs.db

www/media/common/edit_area/plugins/charmap/images/charmap.gif

www/media/common/edit_area/plugins/charmap/jscripts

www/media/common/edit_area/plugins/charmap/jscripts/map.js

www/media/common/edit_area/plugins/charmap/langs

www/media/common/edit_area/plugins/charmap/langs/de.js

www/media/common/edit_area/plugins/charmap/langs/dk.js

www/media/common/edit_area/plugins/charmap/langs/en.js

www/media/common/edit_area/plugins/charmap/langs/es.js

www/media/common/edit_area/plugins/charmap/langs/fr.js

www/media/common/edit_area/plugins/charmap/langs/hr.js

www/media/common/edit_area/plugins/charmap/langs/it.js

www/media/common/edit_area/plugins/charmap/langs/ja.js

www/media/common/edit_area/plugins/charmap/langs/nl.js

www/media/common/edit_area/plugins/charmap/langs/pl.js

www/media/common/edit_area/plugins/charmap/langs/pt.js

www/media/common/edit_area/plugins/charmap/langs/sk.js

www/media/common/edit_area/plugins/charmap/popup.html

www/media/common/edit_area/plugins/test

www/media/common/edit_area/plugins/test/css

www/media/common/edit_area/plugins/test/css/test.css

www/media/common/edit_area/plugins/test/images

www/media/common/edit_area/plugins/test/images/test.gif

www/media/common/edit_area/plugins/test/langs

www/media/common/edit_area/plugins/test/langs/de.js

www/media/common/edit_area/plugins/test/langs/dk.js

www/media/common/edit_area/plugins/test/langs/en.js

www/media/common/edit_area/plugins/test/langs/es.js

www/media/common/edit_area/plugins/test/langs/fr.js

www/media/common/edit_area/plugins/test/langs/hr.js

www/media/common/edit_area/plugins/test/langs/it.js

www/media/common/edit_area/plugins/test/langs/ja.js

www/media/common/edit_area/plugins/test/langs/nl.js

www/media/common/edit_area/plugins/test/langs/pl.js

www/media/common/edit_area/plugins/test/langs/pt.js

www/media/common/edit_area/plugins/test/langs/sk.js

www/media/common/edit_area/plugins/test/test.js

www/media/common/edit_area/plugins/test/test2.js

www/media/common/edit_area/reg_syntax

www/media/common/edit_area/reg_syntax.js

www/media/common/edit_area/reg_syntax/basic.js

www/media/common/edit_area/reg_syntax/c.js

www/media/common/edit_area/reg_syntax/cpp.js

www/media/common/edit_area/reg_syntax/css.js

www/media/common/edit_area/reg_syntax/html.js

www/media/common/edit_area/reg_syntax/js.js

www/media/common/edit_area/reg_syntax/pas.js

www/media/common/edit_area/reg_syntax/php.js

www/media/common/edit_area/reg_syntax/python.js

www/media/common/edit_area/reg_syntax/sql.js

www/media/common/edit_area/reg_syntax/vb.js

www/media/common/edit_area/reg_syntax/xml.js

www/media/common/edit_area/regexp.js

www/media/common/edit_area/resize_area.js

www/media/common/edit_area/search_replace.js

www/media/common/edit_area/template.html

files modified:
Makefile

doc/dependencies.txt

doc/setup/install_proc.txt

lib/common/cgirequest.py

lib/common/db.py

lib/common/interpret.py

lib/common/makeuser.py

lib/common/studpath.py

lib/common/util.py

lib/common/zip.py

lib/conf/apps.py

lib/fileservice_lib/__init__.py

lib/fileservice_lib/action.py

lib/fileservice_lib/listing.py

listusers.py

makeuser.py

scripts/diffservice

scripts/fileservice

scripts/python-console

scripts/serveservice

scripts/usrmgt-server

setup.py

trampoline/trampoline.c

userdb/users.sql

www/apps/browser/__init__.py

www/apps/browser/help.html

www/apps/console/__init__.py

www/apps/console/help.html

www/apps/consoleservice/__init__.py

www/apps/download/__init__.py

www/apps/fileservice/__init__.py

www/apps/forum/__init__.py

www/apps/help/__init__.py

www/apps/server/__init__.py

www/apps/settings/__init__.py

www/apps/subjects/__init__.py

www/apps/tutorial/__init__.py

www/apps/tutorialservice/__init__.py

www/apps/tutorialservice/test/TestFramework.py

www/apps/tutorialservice/test/parse_exercise.py

www/apps/userservice/__init__.py

www/auth/authenticate.py

www/dispatch/__init__.py

www/dispatch/html.py

www/dispatch/login.py

www/dispatch/request.py

www/media/browser/browser.css

www/media/browser/browser.js

www/media/browser/editor.css

www/media/browser/editor.js

www/media/browser/listing.js

www/media/common/tos.js

www/media/common/util.js

www/media/console/console.css

www/media/console/console.js

www/media/console/console_app.js

www/media/diff/diff.css

www/media/settings/settings.js

www/media/subjects/subjects.css

www/media/tutorial/tutorial.css

www/media/tutorial/tutorial.js

www/plugins/console/__init__.py

Show diffs side-by-side

added added

removed removed

www/dispatch/__init__.py

import sys

import os

import os.path

import urllib

import conf

import conf.apps

import conf.conf

import apps

from request import Request

import login

from common import (util, forumutil)

import traceback

import cStringIO

import plugins.console

import logging

import socket

def handler(req):

"""Handles a request which may be to anywhere in the site except media.

just used to catch exceptions.

Takes both an IVLE request and an Apache req.

"""

# Hack? Try and get the user login early just in case we throw an error

# (most likely 404) to stop us seeing not logged in even when we are.

req.user = login.get_user_details(req)

# Check req.app to see if it is valid. 404 if not.

if req.app is not None and req.app not in conf.apps.app_url:

# Maybe it is a special app!

144

153

145

154

# When done, write out the HTML footer if the app has requested it

146

155

if req.write_html_head_foot:

156

# Show the console if required

157

if logged_in and app.useconsole:

158

plugins.console.present(req, windowpane=True)

147

159

html.write_html_foot(req)

148

160

149

161

# Note: Apache will not write custom HTML error messages here.

171

183

the IVLE request is created.

172

184

"""

173

185

req.content_type = "text/html"

186

logfile = os.path.join(conf.conf.log_path, 'ivle_error.log')

187

logfail = False

174

188

# For some reason, some versions of mod_python have "_server" instead of

175

189

# "main_server". So we check for both.

176

190

try:

186

200

except AttributeError:

187

201

httpcode = None

188

202

req.status = apache.HTTP_INTERNAL_SERVER_ERROR

203

try:

204

205

except AttributeError:

206

207

208

# Log File

209

try:

210

logging.basicConfig(level=logging.INFO,

211

format='%(asctime)s %(levelname)s: ' +

212

'(HTTP: ' + str(req.status) +

213

', Ref: ' + str(login) + '@' +

214

str(socket.gethostname()) + str(req.uri) +

215

') %(message)s',

216

filename=logfile,

217

filemode='a')

218

except IOError:

219

logfail = True

220

logging.debug('Logging Unhandled Exception')

221

189

222

# We handle 3 types of error.

190

223

# IVLEErrors with 4xx response codes (client error).

191

224

# IVLEErrors with 5xx response codes (handled server error).

199

232

# IVLEErrors with 4xx response codes are client errors.

200

233

# Therefore, these have a "nice" response (we even coat it in the IVLE

201

234

# HTML wrappers).

235

202

236

req.write_html_head_foot = True

203

237

req.write('<div id="ivle_padding">\n')

204

238

try:

217

251

req.write("%s\n" % cgi.escape(msg))

218

252

else:

219

253

req.write("An unknown error occured.\n")

254

255

# Logging

256

logging.info(str(msg))

257

220

258

req.write("(HTTP error code %d)\n" % httpcode)

259

if logfail:

260

req.write("Warning: Could not open Error Log: '%s'\n"

261

%cgi.escape(logfile))

221

262

req.write('</div>\n')

222

263

else:

223

264

# A "bad" error message. We shouldn't get here unless IVLE

227

268

# If this is a non-4xx IVLEError, get the message and httpcode and

228

269

# make the error message a bit nicer (but still include the

229

270

# traceback).

230

try:

231

codename, msg = req.get_http_codename(httpcode)

232

except AttributeError:

233

codename, msg = None, None

234

# Override the default message with the supplied one,

235

# if available.

236

if hasattr(exc_value, 'message') and exc_value.message is not None:

237

msg = exc_value.message

238

# Prepend the exception type

239

if exc_type != util.IVLEError:

240

msg = exc_type.__name__ + ": " + msg

271

# We also need to special-case IVLEJailError, as we can get another

272

# almost-exception out of it.

273

274

codename, msg = None, None

275

276

if exc_type is util.IVLEJailError:

277

msg = exc_value.type_str + ": " + exc_value.message

278

tb = 'Exception information extracted from IVLEJailError:\n'

279

tb += urllib.unquote(exc_value.info)

280

else:

281

try:

282

codename, msg = req.get_http_codename(httpcode)

283

except AttributeError:

284

pass

285

# Override the default message with the supplied one,

286

# if available.

287

if hasattr(exc_value, 'message') and exc_value.message is not None:

288

msg = exc_value.message

289

# Prepend the exception type

290

if exc_type != util.IVLEError:

291

msg = exc_type.__name__ + ": " + msg

292

293

tb = ''.join(traceback.format_exception(exc_type, exc_value,

294

exc_traceback))

295

296

# Logging

297

logging.error('%s\n%s'%(str(msg), tb))

241

298

242

299

req.write("""<html>

243

300

<head><title>IVLE Internal Server Error</title></head>

259

316

administrator). Include the following information:

260

317

""" % (cgi.escape(admin_email), cgi.escape(admin_email)))

261

318

262

tb_print = cStringIO.StringIO()

263

traceback.print_exception(exc_type, exc_value, exc_traceback,

264

file=tb_print)

265

req.write("<pre>\n")

266

req.write(cgi.escape(tb_print.getvalue()))

267

req.write("</pre>\n</body>\n")

319

req.write("<pre>\n%s\n</pre>\n"%cgi.escape(tb))

320

if logfail:

321

req.write("Warning: Could not open Error Log: '%s'\n"

322

%cgi.escape(logfile))

323

req.write("</body>")

Older »