Skip to content

Commit

Permalink
[webui] complete escape handling in all places
Browse files Browse the repository at this point in the history
  • Loading branch information
@adrianschroeter
adrianschroeter committed Jan 5, 2012
1 parent 929bbb4 commit 8279460
Showing 1 changed file with 20 additions and 14 deletions.
34 changes: 20 additions & 14 deletions src/webui/lib/frontend_compat.rb
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,15 @@
class FrontendCompat

# parameters escape
def esc(str)
CGI.escape str.to_s
end

# path escape
def pesc(str)
URI.escape str.to_s
end

def initialize
@url_prefix = CONFIG['api_relative_url_root'] || ""
end
Expand All @@ -21,7 +27,7 @@ def source_cmd( cmd, opt={} )

raise RuntimeError, 'no project given' unless opt[:project]
logger.debug "SOURCE CMD #{cmd} ; extraparams = #{extraparams}"
path = "#{@url_prefix}/source/#{esc opt[:project].to_s}"
path = "#{@url_prefix}/source/#{pesc opt[:project]}"
path += "/#{esc opt[:package].to_s}" if opt[:package]
path += "?cmd=#{cmd}#{extraparams}"

Expand All @@ -47,9 +53,9 @@ def cmd( command, opt={} )
def get_source( opt={} )
logger.debug "--> get_source: #{opt.inspect}"
path = "#{@url_prefix}/source"
path += "/#{esc opt[:project]}" if opt[:project]
path += "/#{esc opt[:package]}" if opt[:project] && opt[:package]
path += "/#{URI.escape(opt[:filename])}" if opt[:filename]
path += "/#{pesc opt[:project]}" if opt[:project]
path += "/#{pesc opt[:package]}" if opt[:project] && opt[:package]
path += "/#{pesc opt[:filename]}" if opt[:filename]
path += "?"
path += "rev=#{esc opt[:rev]}" if opt[:rev]
logger.debug "--> get_source path: #{path}"
Expand All @@ -59,19 +65,19 @@ def get_source( opt={} )

def put_file( data, opt={} )
path = "#{@url_prefix}/source"
path += "/#{esc opt[:project]}" if opt[:project]
path += "/#{esc opt[:package]}" if opt[:project] && opt[:package]
path += "/#{URI.escape(opt[:filename])}" if opt[:filename]
path += "/#{pesc opt[:project]}" if opt[:project]
path += "/#{pesc opt[:package]}" if opt[:project] && opt[:package]
path += "/#{pesc opt[:filename]}" if opt[:filename]
path += "?comment=#{esc opt[:comment]}" unless opt[:comment].blank?
transport.direct_http URI("#{path}"),
:method => "PUT", :data => data, :timeout => 500
end

def do_post( data, opt={} )
path = "#{@url_prefix}/source"
path += "/#{esc opt[:project]}" if opt[:project]
path += "/#{esc opt[:package]}" if opt[:project] && opt[:package]
path += "/#{URI.escape(opt[:filename])}" if opt[:filename]
path += "/#{pesc opt[:project]}" if opt[:project]
path += "/#{pesc opt[:package]}" if opt[:project] && opt[:package]
path += "/#{pesc opt[:filename]}" if opt[:filename]
path += "?"
path += "cmd=#{esc opt[:cmd]}" unless opt[:cmd].blank?
path += "&comment=#{esc opt[:comment]}" unless opt[:comment].blank?
Expand All @@ -81,25 +87,25 @@ def do_post( data, opt={} )

def delete_package( opt={} )
logger.debug "deleting: #{opt.inspect}"
transport.direct_http URI("#{@url_prefix}/source/#{esc opt[:project]}/#{esc opt[:package]}"),
transport.direct_http URI("#{@url_prefix}/source/#{pesc opt[:project]}/#{pesc opt[:package]}"),
:method => "DELETE", :timeout => 500
end

def delete_file( opt={} )
logger.debug "starting to delete file, opt: #{opt.inspect}"
transport.direct_http URI("#{@url_prefix}/source/#{esc opt[:project]}/#{esc opt[:package]}/#{URI.escape(opt[:filename])}"),
transport.direct_http URI("#{@url_prefix}/source/#{pesc opt[:project]}/#{pesc opt[:package]}/#{pesc opt[:filename]}"),
:method => "DELETE", :timeout => 500
end

def get_log_chunk( project, package, repo, arch, start, theend )
logger.debug "get log chunk #{start}-#{theend}"
path = "#{@url_prefix}/build/#{esc project}/#{esc repo}/#{esc arch}/#{esc package}/_log?nostream=1&start=#{start}&end=#{theend}"
path = "#{@url_prefix}/build/#{pesc project}/#{pesc repo}/#{pesc arch}/#{pesc package}/_log?nostream=1&start=#{start}&end=#{theend}"
transport.direct_http URI("#{path}"), :timeout => 500
end

def get_size_of_log( project, package, repo, arch)
logger.debug "get log entry"
path = "#{@url_prefix}/build/#{esc project}/#{esc repo}/#{esc arch}/#{esc package}/_log?view=entry"
path = "#{@url_prefix}/build/#{pesc project}/#{pesc repo}/#{pesc arch}/#{pesc package}/_log?view=entry"
data = transport.direct_http URI("#{path}"), :timeout => 500
return 0 unless data
doc = Nokogiri::XML(data)
Expand Down

0 comments on commit 8279460

Please sign in to comment.