Merge branch 'master' of https://github.com/webpy/webpy

ChangeLog.txt

@@ -68,7 +68,7 @@
 * fix: make web.profiler work on Windows (tx asmo) (Bug#325139)
 * fix changequery to make it work correctly even when the input has multi-valued fields (Bug#118229)
 * fix: make sure sequence exists before queying for currval(seqname) when executing postgres insert query (Bug#268705)
-* fix: raise web.notfound() instead of return in autodelegate (tx SeC) 
+* fix: raise web.notfound() instead of return in autodelegate (tx SeC)
 * fix: raise NotSupportedError when len or bool is used on sqlite result (Bug#179644)
 * fix: make db paramater optional for creating postgres DB to allow taking it from environ. (Bug#153491)
 * fix unicode errors in db module
@@ -84,7 +84,7 @@
 * optional from_address to web.emailerrors
 * upgrade wsgiserver to CherryPy/3.1.2
 * support for extensions in Jinja2 templates (tx Zhang Huangbin)
-* support web.datestr for datetime.date objects also 
+* support web.datestr for datetime.date objects also
 * support for lists in db queries
 * new: uniq and iterview
 * fix: set debug=False when application is run with mod_wsgi (tx Patrick Swieskowski) [Bug#370904](https://bugs.launchpad.net/webpy/+bug/370904)
@@ -96,10 +96,10 @@
 * fix: make sessions work well with expirations
 * fix: accept both list and tuple as arg values in form.Dropdown [Bug#314970](https://bugs.launchpad.net/webpy/+bug/314970)
 * fix: match parenthesis when parsing `for` statement in templates
-* fix: fix python 2.3 compatibility 
-* fix: ignore dot folders when compiling templates (tx Stuart Langridge) 
-* fix: don't consume KeyboardInterrupt and SystemExit errors 
-* fix: make application work well with iterators 
+* fix: fix python 2.3 compatibility
+* fix: ignore dot folders when compiling templates (tx Stuart Langridge)
+* fix: don't consume KeyboardInterrupt and SystemExit errors
+* fix: make application work well with iterators
 
 ## 2008-12-10: 0.31
 
@@ -129,7 +129,7 @@
 * fix: python 2.6 compatibility
 * fix: file uploads are not loaded into memory
 * fix: SQLLiteral issue (Bug#180027)
-* change: web.background is moved to experimental (<i>backward-incompatible</i>) 
+* change: web.background is moved to experimental (<i>backward-incompatible</i>)
 * improved API doc generation (tx Colin Rothwell)
 
 ## 2008-01-19: 0.23
@@ -159,17 +159,17 @@
 ## 2007-05-28: 0.21
 
 * <strong>security fix:</strong> prevent bad characters in headers
-* support for cheetah template reloading                    
-* support for form validation                               
-* new `form.File`                                           
-* new `web.url`                                             
-* fix rendering issues with hidden and button inputs        
-* fix 2.3 incompatability with `numify`                     
-* fix multiple headers with same name                       
-* fix web.redirect issues when homepath is not /            
-* new CherryPy wsgi server                                  
-* new nested transactions                                   
-* new sqlliteral                                            
+* support for cheetah template reloading
+* support for form validation
+* new `form.File`
+* new `web.url`
+* fix rendering issues with hidden and button inputs
+* fix 2.3 incompatability with `numify`
+* fix multiple headers with same name
+* fix web.redirect issues when homepath is not /
+* new CherryPy wsgi server
+* new nested transactions
+* new sqlliteral
 
 ## 2006-05-09: 0.138
 

README.md

@@ -0,0 +1,3 @@
+web.py is a web framework for Python that is as simple as it is powerful.
+
+Visit http://webpy.org/ for more information.

tools/makedoc.py

@@ -8,7 +8,7 @@
 import markdown
 sys.path.insert(0, '..')
 
-modules = [
+ALL_MODULES = [
     'web.application',
     'web.contrib.template',
     'web.db',
@@ -153,7 +153,8 @@ def recurse_over(ob, name, indent_level=0):
             recurse_over(getattr(ob, name), name, indent_level + 1)
     if indent_level > 0: print indent_end
 
-def main():
+def main(modules=None):
+    modules = modules or ALL_MODULES
     print '<div>' #Stops markdown vandalising my html.
     print css
     print header
@@ -167,4 +168,4 @@ def main():
     print '</div>'
 
 if __name__ == '__main__':
-    main()
+    main(sys.argv[1:])

web/application.py

@@ -201,7 +201,7 @@ def request(self, localpart='/', method='GET', data=None,
         if 'HTTP_CONTENT_TYPE' in env:
             env['CONTENT_TYPE'] = env.pop('HTTP_CONTENT_TYPE')
 
-        if method in ["POST", "PUT"]:
+        if method not in ["HEAD", "GET"]:
             data = data or ''
             import StringIO
             if isinstance(data, dict):
@@ -366,8 +366,10 @@ def load(self, env):
         ctx.fullpath = ctx.path + ctx.query
 
         for k, v in ctx.iteritems():
+            # convert all string values to unicode values and replace 
+            # malformed data with a suitable replacement marker.
             if isinstance(v, str):
-                ctx[k] = safeunicode(v)
+                ctx[k] = v.decode('utf-8', 'replace') 
 
         # status must always be str
         ctx.status = '200 OK'

web/httpserver.py

@@ -143,10 +143,14 @@ def runsimple(func, server_address=("0.0.0.0", 8080)):
 
     server = WSGIServer(server_address, func)
 
-    print "http://%s:%d/" % server_address
+    if server.ssl_adapter:
+        print "https://%s:%d/" % server_address
+    else:
+        print "http://%s:%d/" % server_address
+
     try:
         server.start()
-    except KeyboardInterrupt:
+    except (KeyboardInterrupt, SystemExit):
         server.stop()
 
 def WSGIServer(server_address, wsgi_app):
@@ -155,14 +159,40 @@ def WSGIServer(server_address, wsgi_app):
     """
     import wsgiserver
 
-    # Default values of wsgiserver.ssl_adapters uses cheerypy.wsgiserver
+    # Default values of wsgiserver.ssl_adapters uses cherrypy.wsgiserver
     # prefix. Overwriting it make it work with web.wsgiserver.
     wsgiserver.ssl_adapters = {
         'builtin': 'web.wsgiserver.ssl_builtin.BuiltinSSLAdapter',
         'pyopenssl': 'web.wsgiserver.ssl_pyopenssl.pyOpenSSLAdapter',
     }
 
     server = wsgiserver.CherryPyWSGIServer(server_address, wsgi_app, server_name="localhost")
+
+    def create_ssl_adapter(cert, key):
+        # wsgiserver tries to import submodules as cherrypy.wsgiserver.foo.
+        # That doesn't work as not it is web.wsgiserver. 
+        # Patching sys.modules temporarily to make it work.
+        import types
+        cherrypy = types.ModuleType('cherrypy')
+        cherrypy.wsgiserver = wsgiserver
+        sys.modules['cherrypy'] = cherrypy
+        sys.modules['cherrypy.wsgiserver'] = wsgiserver
+
+        from wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
+        adapter = pyOpenSSLAdapter(cert, key)
+
+        # We are done with our work. Cleanup the patches.
+        del sys.modules['cherrypy']
+        del sys.modules['cherrypy.wsgiserver']
+
+        return adapter
+
+    # SSL backward compatibility
+    if (server.ssl_adapter is None and
+        getattr(server, 'ssl_certificate', None) and
+        getattr(server, 'ssl_private_key', None)):
+        server.ssl_adapter = create_ssl_adapter(server.ssl_certificate, server.ssl_private_key)
+
     server.nodelay = not sys.platform.startswith('java') # TCP_NODELAY isn't supported on the JVM
     return server
 

web/session.py

@@ -5,6 +5,7 @@
 
 import os, time, datetime, random, base64
 import os.path
+from copy import deepcopy
 try:
     import cPickle as pickle
 except ImportError:
@@ -109,7 +110,7 @@ def _load(self):
 
             if self._initializer:
                 if isinstance(self._initializer, dict):
-                    self.update(self._initializer)
+                    self.update(deepcopy(self._initializer))
                 elif hasattr(self._initializer, '__call__'):
                     self._initializer()
 

web/template.py

@@ -41,6 +41,7 @@
 import glob
 import re
 from UserDict import DictMixin
+import warnings
 
 from utils import storage, safeunicode, safestr, re_compile
 from webapi import config
@@ -920,11 +921,13 @@ def get_source_line(filename, lineno):
 
         # make sure code is safe - but not with jython, it doesn't have a working compiler module
         if not sys.platform.startswith('java'):
-            import compiler
-            ast = compiler.parse(code)
-            SafeVisitor().walk(ast, filename)
+            try:
+                import compiler
+                ast = compiler.parse(code)
+                SafeVisitor().walk(ast, filename)
+            except ImportError:
+                warnings.warn("Unabled to import compiler module. Unable to check templates for safety.")
         else:
-            import warnings
             warnings.warn("SECURITY ISSUE: You are using Jython, which does not support checking templates for safety. Your templates can execute arbitrary code.")
 
         return compiled_code

web/webapi.py

@@ -122,10 +122,10 @@ def __init__(self, url, absolute=False):
 class BadRequest(HTTPError):
     """`400 Bad Request` error."""
     message = "bad request"
-    def __init__(self):
+    def __init__(self, message=None):
         status = "400 Bad Request"
         headers = {'Content-Type': 'text/html'}
-        HTTPError.__init__(self, status, headers, self.message)
+        HTTPError.__init__(self, status, headers, message or self.message)
 
 badrequest = BadRequest