From 047176bb3d537c09ed44e0f62b7f8f5889ab90d7 Mon Sep 17 00:00:00 2001 From: cedricbonhomme Date: Wed, 10 Mar 2010 09:22:27 +0100 Subject: Improvement of the security (test URLs,etc.). Added mutex. --- css/style.css | 4 ++-- pyAggr3g470r.py | 55 +++++++++++++++++++++++++++++++++++++++++++++++++------ utils.py | 10 +++++++--- 3 files changed, 58 insertions(+), 11 deletions(-) diff --git a/css/style.css b/css/style.css index b1039673..67537a82 100644 --- a/css/style.css +++ b/css/style.css @@ -12,12 +12,12 @@ html, body { body { text-align: justify; - font: normal .9em/1.5em Cambria, Georgia, "Trebuchet MS", Verdana, sans-serif; + font: normal .8em/1.5em Cambria, Georgia, "Trebuchet MS", Verdana, sans-serif; } code, pre { - font-size: 110%; + font-size: 100%; } img { diff --git a/pyAggr3g470r.py b/pyAggr3g470r.py index 4d979f14..4aff21cb 100644 --- a/pyAggr3g470r.py +++ b/pyAggr3g470r.py @@ -10,6 +10,7 @@ __license__ = "GPLv3" import os import sqlite3 import cherrypy +import threading import ConfigParser from cherrypy.lib.static import serve_file @@ -275,11 +276,18 @@ class Root: """ Display the description of an article in a new Web page. """ - feed_id, article_id = param.split(':') + try: + feed_id, article_id = param.split(':') + except: + return self.error_page("Bad URL") + try: + articles_list = self.articles[feed_id] + except KeyError: + return self.error_page("This feed do not exists.") html = htmlheader html += htmlnav html += """
""" - for article in self.articles[feed_id]: + for article in articles_list: if article_id == article[0]: if article[5] == "0": @@ -337,6 +345,10 @@ class Root: """ Display all articles of a feed. """ + try: + articles_list = self.articles[feed_id] + except KeyError: + return self.error_page("This feed do not exists.") html = htmlheader html += htmlnav html += """
\n""" @@ -355,7 +367,7 @@ class Root: html += """
""" html += """

Articles of the feed %s


""" % (self.feeds[feed_id][3].encode('utf-8')) - for article in self.articles[feed_id]: + for article in articles_list: if article[5] == "0": # not readed articles are in bold @@ -401,9 +413,13 @@ class Root: self.feeds[rss_feed_id][3].encode('utf-8')) html += """
\nMark articles as read\n""" else: + try: + articles_list = self.articles[feed_id] + except KeyError: + return self.error_page("This feed do not exists.") html += """

Unread article(s) of the feed %s


""" % (feed_id, self.feeds[feed_id][3].encode('utf-8')) - for article in self.articles[feed_id]: + for article in articles_list: if article[5] == "0": html += article[1].encode('utf-8') + \ """ - %s""" % \ @@ -423,6 +439,8 @@ class Root: """ Display articles by language. """ + if lang not in ['english', 'french', 'other']: + return self.error_page('This language is not supported.') html = htmlheader html += htmlnav html += """
""" @@ -451,11 +469,19 @@ class Root: """ Display an article in plain text (without HTML tags). """ + try: + feed_id, article_id = target.split(':') + except: + return self.error_page("This article do not exists.") + try: + articles_list = self.articles[feed_id] + except KeyError: + return self.error_page("This feed do not exists.") html = htmlheader html += htmlnav html += """
""" feed_id, article_id = target.split(':') - for article in self.articles[feed_id]: + for article in articles_list: if article_id == article[0]: html += """

%s from %s

\n
\n"""% \ (article[2].encode('utf-8'), feed_id, \ @@ -471,11 +497,26 @@ class Root: plain_text.exposed = True + def error_page(self, message): + """ + Display a message (bad feed id, bad article id, etc.) + """ + html = htmlheader + html += htmlnav + html += """
""" + html += """%s""" % message + html += "\n
\n" + htmlfooter + return html + + error_page.exposed = True + + def mark_as_read(self, target): """ Mark one (or more) article(s) as read by setting the value of the field 'article_readed' of the SQLite database to 1. """ + LOCKER.acquire() param, _, identifiant = target.partition(':') try: conn = sqlite3.connect("./var/feed.db", isolation_level = None) @@ -496,12 +537,13 @@ class Root: except Exception, e: pass - self.update() + threading.Thread(None, self.update, None, ()).start() if param == "All" or param == "Feed_FromMainPage": return self.index() elif param == "Feed": return self.all_articles(identifiant) + LOCKER.release() mark_as_read.exposed = True @@ -522,6 +564,7 @@ class Root: if __name__ == '__main__': # Point of entry in execution mode + LOCKER = threading.Lock() root = Root() root.update() cherrypy.quickstart(root, config=path) \ No newline at end of file diff --git a/utils.py b/utils.py index 7b1d7285..1412a50a 100644 --- a/utils.py +++ b/utils.py @@ -2,8 +2,8 @@ #-*- coding: utf-8 -*- __author__ = "Cedric Bonhomme" -__version__ = "$Revision: 0.2 $" -__date__ = "$Date: 2010/03/07 $" +__version__ = "$Revision: 0.3 $" +__date__ = "$Date: 2010/03/10 $" __copyright__ = "Copyright (c) 2010 Cedric Bonhomme" __license__ = "GPLv3" @@ -30,6 +30,9 @@ try: except: IMPORT_ERROR.append("oice") +import threading +LOCKER = threading.Lock() + def detect_language(text): """ Detect the language of a text. @@ -140,6 +143,7 @@ def load_feed(): """ Load feeds and articles in a dictionary. """ + LOCKER.acquire() list_of_feeds = None list_of_articles = None try: @@ -197,6 +201,6 @@ def load_feed(): feed[3], feed[0], feed[2], feed[1] \ ) c.close() - + LOCKER.release() return (articles, feeds) return (articles, feeds) \ No newline at end of file -- cgit