Files
@ df930758dcf7
Branch filter:
Location: kallithea/scripts/generate-ini.py - annotation
df930758dcf7
2.1 KiB
text/x-python
repos: extra HTML escaping of repo and repo group names shown in DataTables
These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.
just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.
just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
aa6f17a53b49 06d5c043e989 451b3f9d814e 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 e3cce237d77c e3cce237d77c 0a277465fddf 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 fc6b1b0e1096 06d5c043e989 bbf7be28a11e 06d5c043e989 609d52bbf917 609d52bbf917 06d5c043e989 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 94f6b23e52d0 a8e6bb9ee9ea 665dfa112f2c 06d5c043e989 6eb1f66ac23f 06d5c043e989 a8e6bb9ee9ea 665dfa112f2c 06d5c043e989 ef9fd1434270 ef9fd1434270 ef9fd1434270 ef9fd1434270 ef9fd1434270 ef9fd1434270 ef9fd1434270 06d5c043e989 d06039dc4ca2 a8e6bb9ee9ea 94f6b23e52d0 94f6b23e52d0 06d5c043e989 06d5c043e989 06d5c043e989 | #!/usr/bin/env python3
"""
Based on kallithea/lib/paster_commands/template.ini.mako, generate development.ini
"""
import re
from kallithea.lib import inifile
# files to be generated from the mako template
ini_files = [
('development.ini',
{
'[server:main]': {
'host': '0.0.0.0',
},
'[app:main]': {
'debug': 'true',
'app_instance_uuid': 'development-not-secret',
'session.secret': 'development-not-secret',
},
'[logger_root]': {
'handlers': 'console_color',
},
'[logger_routes]': {
'level': 'DEBUG',
},
'[logger_beaker]': {
'level': 'DEBUG',
},
'[logger_templates]': {
'level': 'INFO',
},
'[logger_kallithea]': {
'level': 'DEBUG',
},
'[logger_tg]': {
'level': 'DEBUG',
},
'[logger_gearbox]': {
'level': 'DEBUG',
},
'[logger_whoosh_indexer]': {
'level': 'DEBUG',
},
},
),
]
def main():
# make sure all mako lines starting with '#' (the '##' comments) are marked up as <text>
makofile = inifile.template_file
print('reading:', makofile)
mako_org = open(makofile).read()
mako_no_text_markup = re.sub(r'</?%text>', '', mako_org)
mako_marked_up = re.sub(r'\n##(.*)', r'\n<%text>##</%text>\1', mako_no_text_markup, flags=re.MULTILINE)
if mako_marked_up != mako_org:
print('writing:', makofile)
open(makofile, 'w').write(mako_marked_up)
lines = re.findall(r'\n(# [^ ].*)', mako_marked_up)
if lines:
print('ERROR: the template .ini file convention is to use "## Foo Bar" for text comments and "#foo = bar" for disabled settings')
for line in lines:
print(line)
raise SystemExit(1)
# create ini files
for fn, settings in ini_files:
print('updating:', fn)
inifile.create(fn, None, settings)
if __name__ == '__main__':
main()
|