X-Git-Url: https://git.llucax.com/software/blitiri.git/blobdiff_plain/6c78e368dbece8a3e6fa1af06d9efce0f487a9f2..ac9276d7da9b8d68fbae611d1fc8c62d5d721b5d:/blitiri.cgi

diff --git a/blitiri.cgi b/blitiri.cgi
index d825efc..21d13fa 100755
--- a/blitiri.cgi
+++ b/blitiri.cgi
@@ -24,6 +24,10 @@ comments_path = "/tmp/blog/comments"
 # default templates. If they're not found, the built-in ones will be used.
 templates_path = "/tmp/blog/templates"
 
+# Path where the cache is stored (must be writeable by the web server)
+# If None is specified, cache is disabled
+cache_path = "/tmp/blog/cache"
+
 # URL to the blog, including the name. Can be a full URL or just the path.
 blog_url = "/blog/blitiri.cgi"
 
@@ -40,6 +44,34 @@ author = "Hartmut Kegan"
 # Article encoding
 encoding = "utf8"
 
+# Captcha class
+class Captcha (object):
+	def __init__(self, article):
+		self.article = article
+		words = article.title.split()
+		self.nword = hash(article.title) % len(words) % 5
+		self.answer = words[self.nword]
+		self.help = 'gotcha, damn spam bot!'
+
+	def get_puzzle(self):
+		nword = self.nword + 1
+		if nword == 1:
+			n = '1st'
+		elif nword == 2:
+			n = '2nd'
+		elif nword == 3:
+			n = '3rd'
+		else:
+			n = str(nword) + 'th'
+		return "enter the %s word of the article's title" % n
+	puzzle = property(fget = get_puzzle)
+
+	def validate(self, form_data):
+		if form_data.captcha.lower() == self.answer.lower():
+			return True
+		return False
+
+
 #
 # End of configuration
 # DO *NOT* EDIT ANYTHING PAST HERE
@@ -175,6 +207,12 @@ default_comment_form = """
     or <span class="formurlexample">mailto:you@example.com</span>
   </div>
 </div>
+<div class="comformcaptcha">
+  <label for="comformcaptcha">Your humanity proof %(form_captcha_error)s</label>
+  <input type="text" class="comformcaptcha" id="comformcaptcha"
+         name="comformcaptcha" value="%(form_captcha)s" />
+  <div class="comformhelp">%(captcha_puzzle)s</div>
+</div>
 <div class="comformbody">
   <label for="comformbody" class="comformbody">The comment
     %(form_body_error)s</label>
@@ -370,26 +408,45 @@ div.section h1 {
 
 """
 
+# Cache decorator
+def cached(f):
+	def decorate(obj, *args, **kwargs):
+		if cache_path is None: # cache disabled
+			s = f(obj, *args, **kwargs)
+		else:
+			cache_file = os.path.join(cache_path,
+					'blitiri.cache.%s.html' % hash(obj))
+			try:
+				s = open(cache_file).read()
+			except:
+				s = f(obj, *args, **kwargs)
+				open(cache_file, 'w').write(s)
+		return s
+	return decorate
+
 # helper functions
-def rst_to_html(rst):
+def rst_to_html(rst, secure = True):
 	settings = {
 		'input_encoding': encoding,
 		'output_encoding': 'utf8',
 		'halt_level': 1,
 		'traceback':  1,
+		'file_insertion_enabled': secure,
+		'raw_enabled': secure,
 	}
 	parts = publish_parts(rst, settings_overrides = settings,
 				writer_name = "html")
 	return parts['body'].encode('utf8')
+rst_to_html = cached(rst_to_html)
 
-def validate_rst(rst):
+def validate_rst(rst, secure = True):
 	try:
-		rst_to_html(rst)
+		rst_to_html(rst, secure)
 		return None
 	except SystemMessage, e:
 		desc = e.args[0].encode('utf-8') # the error string
 		desc = desc[9:] # remove "<string>:"
-		line = int(desc[:desc.find(':')]) # get just the line number
+		line = int(desc[:desc.find(':')] or 0) # get the line number
 		desc = desc[desc.find(')')+2:-1] # remove (LEVEL/N)
 		try:
 			desc, context = desc.split('\n', 1)
@@ -399,6 +456,24 @@ def validate_rst(rst):
 			desc = desc[:-1]
 		return (line, desc, context)
 
+def valid_link(link):
+	import re
+	mail_re = r"^[^ \t\n\r@<>()]+@[a-z0-9][a-z0-9\.\-_]*\.[a-z]+$"
+	scheme_re = r'^[a-zA-Z]+:'
+	url_re = r'^(?:[a-z0-9\-]+|[a-z0-9][a-z0-9\-\.\_]*\.[a-z]+)' \
+			r'(?::[0-9]+)?(?:/.*)?$'
+	scheme = ''
+	rest = link
+	if re.match(scheme_re, link, re.I):
+		scheme, rest = link.split(':', 1)
+	if (not scheme or scheme == 'mailto') and re.match(mail_re, rest, re.I):
+		return 'mailto:' + link
+	if not scheme and re.match(url_re, rest, re.I):
+		return 'http://' + rest
+	if scheme:
+		return link
+	return None
+
 def sanitize(obj):
 	if isinstance(obj, basestring):
 		return cgi.escape(obj, True)
@@ -478,9 +553,10 @@ class Templates (object):
 		return self.get_template(
 			'com_footer', default_comment_footer, comment.to_vars())
 
-	def get_comment_form(self, article, form_data):
+	def get_comment_form(self, article, form_data, captcha_puzzle):
 		vars = article.to_vars()
 		vars.update(form_data.to_vars(self))
+		vars['captcha_puzzle'] = captcha_puzzle
 		return self.get_template(
 			'com_form', default_comment_form, vars)
 
@@ -490,12 +566,14 @@ class Templates (object):
 
 
 class CommentFormData (object):
-	def __init__(self, author = '', link = '', body = ''):
+	def __init__(self, author = '', link = '', captcha = '', body = ''):
 		self.author = author
 		self.link = link
+		self.captcha = captcha
 		self.body = body
 		self.author_error = ''
 		self.link_error = ''
+		self.captcha_error = ''
 		self.body_error = ''
 		self.action = ''
 		self.method = 'post'
@@ -504,14 +582,18 @@ class CommentFormData (object):
 		render_error = template.get_comment_error
 		a_error = self.author_error and render_error(self.author_error)
 		l_error = self.link_error and render_error(self.link_error)
+		c_error = self.captcha_error \
+				and render_error(self.captcha_error)
 		b_error = self.body_error and render_error(self.body_error)
 		return {
 			'form_author': sanitize(self.author),
 			'form_link': sanitize(self.link),
+			'form_captcha': sanitize(self.captcha),
 			'form_body': sanitize(self.body),
 
 			'form_author_error': a_error,
 			'form_link_error': l_error,
+			'form_captcha_error': c_error,
 			'form_body_error': b_error,
 
 			'form_action': self.action,
@@ -898,7 +980,8 @@ def render_comments(article, template, form_data):
 	if not form_data:
 		form_data = CommentFormData()
 	form_data.action = blog_url + '/comment/' + article.uuid + '#comment'
-	print template.get_comment_form(article, form_data)		,
+	captcha = Captcha(article)
+	print template.get_comment_form(article, form_data, captcha.puzzle)
 
 def render_html(articles, db, actyear = None, show_comments = False,
 		redirect =  None, form_data = None):
@@ -994,6 +1077,7 @@ def handle_cgi():
 	atom = False
 	style = False
 	post = False
+	post_preview = False
 	artlist = False
 	comment = False
 
@@ -1003,10 +1087,11 @@ def handle_cgi():
 		atom = path_info == '/atom'
 		tag = path_info.startswith('/tag/')
 		post = path_info.startswith('/post/')
+		post_preview = path_info.startswith('/preview/post/')
 		artlist = path_info.startswith('/list')
 		comment = path_info.startswith('/comment/') and enable_comments
-		if not style and not atom and not post and not tag \
-				and not comment and not artlist:
+		if not style and not atom and not post and not post_preview \
+				and not tag and not comment and not artlist:
 			date = path_info.split('/')[1:]
 			try:
 				if len(date) > 1 and date[0]:
@@ -1020,6 +1105,15 @@ def handle_cgi():
 		elif post:
 			uuid = path_info.replace('/post/', '')
 			uuid = uuid.replace('/', '')
+		elif post_preview:
+			art_path = path_info.replace('/preview/post/', '')
+			art_path = urllib.unquote_plus(art_path)
+			art_path = os.path.join(data_path, art_path)
+			art_path = os.path.realpath(art_path)
+			common = os.path.commonprefix([data_path, art_path])
+			if common != data_path: # something nasty happened
+				post_preview = False
+			art_path = art_path[len(data_path)+1:]
 		elif tag:
 			t = path_info.replace('/tag/', '')
 			t = t.replace('/', '')
@@ -1031,6 +1125,7 @@ def handle_cgi():
 			uuid = uuid.replace('/', '')
 			author = form.getfirst('comformauthor', '')
 			link = form.getfirst('comformlink', '')
+			captcha = form.getfirst('comformcaptcha', '')
 			body = form.getfirst('comformbody', '')
 
 	db = ArticleDB(os.path.join(data_path, 'db'))
@@ -1042,31 +1137,52 @@ def handle_cgi():
 		render_style()
 	elif post:
 		render_html( [db.get_article(uuid)], db, year, enable_comments )
+	elif post_preview:
+		article = Article(art_path, datetime.datetime.now(),
+					datetime.datetime.now())
+		render_html( [article], db, year, enable_comments )
 	elif artlist:
 		articles = db.get_articles()
 		articles.sort(cmp = Article.title_cmp)
 		render_artlist(articles, db)
 	elif comment:
 		form_data = CommentFormData(author.strip().replace('\n', ' '),
-				link.strip().replace('\n', ' '), body.strip())
+				link.strip().replace('\n', ' '), captcha,
+				body.replace('\r', ''))
 		article = db.get_article(uuid)
+		captcha = Captcha(article)
 		redirect = False
 		valid = True
 		if not form_data.author:
 			form_data.author_error = 'please, enter your name'
 			valid = False
+		if form_data.link:
+			link = valid_link(form_data.link)
+			if link:
+				form_data.link = link
+			else:
+				form_data.link_error = 'please, enter a ' \
+						'valid link'
+				valid = False
+		if not captcha.validate(form_data):
+			form_data.captcha_error = captcha.help
+			valid = False
 		if not form_data.body:
 			form_data.body_error = 'please, write a comment'
 			valid = False
 		else:
-			error = validate_rst(form_data.body)
+			error = validate_rst(form_data.body, secure=False)
 			if error is not None:
 				(line, desc, ctx) = error
-				form_data.body_error = 'error at line %d: %s' \
-						% (line, desc)
+				at = ''
+				if line:
+					at = ' at line %d' % line
+				form_data.body_error = 'error%s: %s' \
+						% (at, desc)
 				valid = False
 		if valid:
-			c = article.add_comment(author, body, link)
+			c = article.add_comment(form_data.author,
+					form_data.body, form_data.link)
 			c.save()
 			cdb = CommentDB(article)
 			cdb.comments = article.comments
@@ -1157,7 +1273,10 @@ def handle_cmd():
 
 
 if os.environ.has_key('GATEWAY_INTERFACE'):
+	i = datetime.datetime.now()
 	handle_cgi()
+	f = datetime.datetime.now()
+	print '<!-- render time: %s -->' % (f-i)
 else:
 	sys.exit(handle_cmd())