X-Git-Url: https://git.llucax.com/software/blitiri.git/blobdiff_plain/a3ed5b15bd4d844c45a0546bf571fd975f53fe4b..70a0afa4c3907cd348f4c5699897dfe992150567:/blitiri.cgi

diff --git a/blitiri.cgi b/blitiri.cgi
index 19c63ea..347d27a 100755
--- a/blitiri.cgi
+++ b/blitiri.cgi
@@ -24,6 +24,12 @@ comments_path = "/tmp/blog/comments"
 # default templates. If they're not found, the built-in ones will be used.
 templates_path = "/tmp/blog/templates"
 
+# Path where the cache is stored (must be writeable by the web server);
+# set to None to disable. When enabled, you must take care of cleaning it up
+# every once in a while.
+#cache_path = "/tmp/blog/cache"
+cache_path = None
+
 # URL to the blog, including the name. Can be a full URL or just the path.
 blog_url = "/blog/blitiri.cgi"
 
@@ -40,6 +46,34 @@ author = "Hartmut Kegan"
 # Article encoding
 encoding = "utf8"
 
+# Captcha class
+class Captcha (object):
+	def __init__(self, article):
+		self.article = article
+		words = article.title.split()
+		self.nword = hash(article.title) % len(words) % 5
+		self.answer = words[self.nword]
+		self.help = 'gotcha, damn spam bot!'
+
+	def get_puzzle(self):
+		nword = self.nword + 1
+		if nword == 1:
+			n = '1st'
+		elif nword == 2:
+			n = '2nd'
+		elif nword == 3:
+			n = '3rd'
+		else:
+			n = str(nword) + 'th'
+		return "enter the %s word of the article's title" % n
+	puzzle = property(fget = get_puzzle)
+
+	def validate(self, form_data):
+		if form_data.captcha.lower() == self.answer.lower():
+			return True
+		return False
+
+
 #
 # End of configuration
 # DO *NOT* EDIT ANYTHING PAST HERE
@@ -175,6 +209,12 @@ default_comment_form = """
     or <span class="formurlexample">mailto:you@example.com</span>
   </div>
 </div>
+<div class="comformcaptcha">
+  <label for="comformcaptcha">Your humanity proof %(form_captcha_error)s</label>
+  <input type="text" class="comformcaptcha" id="comformcaptcha"
+         name="comformcaptcha" value="%(form_captcha)s" />
+  <div class="comformhelp">%(captcha_puzzle)s</div>
+</div>
 <div class="comformbody">
   <label for="comformbody" class="comformbody">The comment
     %(form_body_error)s</label>
@@ -370,26 +410,53 @@ div.section h1 {
 
 """
 
+
+# Cache decorator
+# It only works if the function is pure (that is, its return value depends
+# only on its arguments), and if all the arguments are hash()eable.
+def cached(f):
+	# do not decorate if the cache is disabled
+	if cache_path is None:
+		return f
+
+	def decorate(*args, **kwargs):
+		hashes = '-'.join( str(hash(x)) for x in args +
+				tuple(kwargs.items()) )
+		fname = 'blitiri.%s.%s.cache' % (f.__name__, hashes)
+		cache_file = os.path.join(cache_path, fname)
+		try:
+			s = open(cache_file).read()
+		except:
+			s = f(*args, **kwargs)
+			open(cache_file, 'w').write(s)
+		return s
+
+	return decorate
+
+
 # helper functions
-def rst_to_html(rst):
+def rst_to_html(rst, secure = True):
 	settings = {
 		'input_encoding': encoding,
 		'output_encoding': 'utf8',
 		'halt_level': 1,
 		'traceback':  1,
+		'file_insertion_enabled': secure,
+		'raw_enabled': secure,
 	}
 	parts = publish_parts(rst, settings_overrides = settings,
 				writer_name = "html")
 	return parts['body'].encode('utf8')
+rst_to_html = cached(rst_to_html)
 
-def validate_rst(rst):
+def validate_rst(rst, secure = True):
 	try:
-		rst_to_html(rst)
+		rst_to_html(rst, secure)
 		return None
 	except SystemMessage, e:
 		desc = e.args[0].encode('utf-8') # the error string
 		desc = desc[9:] # remove "<string>:"
-		line = int(desc[:desc.find(':')]) # get just the line number
+		line = int(desc[:desc.find(':')] or 0) # get the line number
 		desc = desc[desc.find(')')+2:-1] # remove (LEVEL/N)
 		try:
 			desc, context = desc.split('\n', 1)
@@ -496,9 +563,10 @@ class Templates (object):
 		return self.get_template(
 			'com_footer', default_comment_footer, comment.to_vars())
 
-	def get_comment_form(self, article, form_data):
+	def get_comment_form(self, article, form_data, captcha_puzzle):
 		vars = article.to_vars()
 		vars.update(form_data.to_vars(self))
+		vars['captcha_puzzle'] = captcha_puzzle
 		return self.get_template(
 			'com_form', default_comment_form, vars)
 
@@ -508,12 +576,14 @@ class Templates (object):
 
 
 class CommentFormData (object):
-	def __init__(self, author = '', link = '', body = ''):
+	def __init__(self, author = '', link = '', captcha = '', body = ''):
 		self.author = author
 		self.link = link
+		self.captcha = captcha
 		self.body = body
 		self.author_error = ''
 		self.link_error = ''
+		self.captcha_error = ''
 		self.body_error = ''
 		self.action = ''
 		self.method = 'post'
@@ -522,14 +592,18 @@ class CommentFormData (object):
 		render_error = template.get_comment_error
 		a_error = self.author_error and render_error(self.author_error)
 		l_error = self.link_error and render_error(self.link_error)
+		c_error = self.captcha_error \
+				and render_error(self.captcha_error)
 		b_error = self.body_error and render_error(self.body_error)
 		return {
 			'form_author': sanitize(self.author),
 			'form_link': sanitize(self.link),
+			'form_captcha': sanitize(self.captcha),
 			'form_body': sanitize(self.body),
 
 			'form_author_error': a_error,
 			'form_link_error': l_error,
+			'form_captcha_error': c_error,
 			'form_body_error': b_error,
 
 			'form_action': self.action,
@@ -916,7 +990,8 @@ def render_comments(article, template, form_data):
 	if not form_data:
 		form_data = CommentFormData()
 	form_data.action = blog_url + '/comment/' + article.uuid + '#comment'
-	print template.get_comment_form(article, form_data)		,
+	captcha = Captcha(article)
+	print template.get_comment_form(article, form_data, captcha.puzzle)
 
 def render_html(articles, db, actyear = None, show_comments = False,
 		redirect =  None, form_data = None):
@@ -1012,6 +1087,7 @@ def handle_cgi():
 	atom = False
 	style = False
 	post = False
+	post_preview = False
 	artlist = False
 	comment = False
 
@@ -1021,10 +1097,11 @@ def handle_cgi():
 		atom = path_info == '/atom'
 		tag = path_info.startswith('/tag/')
 		post = path_info.startswith('/post/')
+		post_preview = path_info.startswith('/preview/post/')
 		artlist = path_info.startswith('/list')
 		comment = path_info.startswith('/comment/') and enable_comments
-		if not style and not atom and not post and not tag \
-				and not comment and not artlist:
+		if not style and not atom and not post and not post_preview \
+				and not tag and not comment and not artlist:
 			date = path_info.split('/')[1:]
 			try:
 				if len(date) > 1 and date[0]:
@@ -1038,6 +1115,15 @@ def handle_cgi():
 		elif post:
 			uuid = path_info.replace('/post/', '')
 			uuid = uuid.replace('/', '')
+		elif post_preview:
+			art_path = path_info.replace('/preview/post/', '')
+			art_path = urllib.unquote_plus(art_path)
+			art_path = os.path.join(data_path, art_path)
+			art_path = os.path.realpath(art_path)
+			common = os.path.commonprefix([data_path, art_path])
+			if common != data_path: # something nasty happened
+				post_preview = False
+			art_path = art_path[len(data_path)+1:]
 		elif tag:
 			t = path_info.replace('/tag/', '')
 			t = t.replace('/', '')
@@ -1049,6 +1135,7 @@ def handle_cgi():
 			uuid = uuid.replace('/', '')
 			author = form.getfirst('comformauthor', '')
 			link = form.getfirst('comformlink', '')
+			captcha = form.getfirst('comformcaptcha', '')
 			body = form.getfirst('comformbody', '')
 
 	db = ArticleDB(os.path.join(data_path, 'db'))
@@ -1060,14 +1147,20 @@ def handle_cgi():
 		render_style()
 	elif post:
 		render_html( [db.get_article(uuid)], db, year, enable_comments )
+	elif post_preview:
+		article = Article(art_path, datetime.datetime.now(),
+					datetime.datetime.now())
+		render_html( [article], db, year, enable_comments )
 	elif artlist:
 		articles = db.get_articles()
 		articles.sort(cmp = Article.title_cmp)
 		render_artlist(articles, db)
 	elif comment:
 		form_data = CommentFormData(author.strip().replace('\n', ' '),
-				link.strip().replace('\n', ' '), body.strip())
+				link.strip().replace('\n', ' '), captcha,
+				body.replace('\r', ''))
 		article = db.get_article(uuid)
+		captcha = Captcha(article)
 		redirect = False
 		valid = True
 		if not form_data.author:
@@ -1081,18 +1174,25 @@ def handle_cgi():
 				form_data.link_error = 'please, enter a ' \
 						'valid link'
 				valid = False
+		if not captcha.validate(form_data):
+			form_data.captcha_error = captcha.help
+			valid = False
 		if not form_data.body:
 			form_data.body_error = 'please, write a comment'
 			valid = False
 		else:
-			error = validate_rst(form_data.body)
+			error = validate_rst(form_data.body, secure=False)
 			if error is not None:
 				(line, desc, ctx) = error
-				form_data.body_error = 'error at line %d: %s' \
-						% (line, desc)
+				at = ''
+				if line:
+					at = ' at line %d' % line
+				form_data.body_error = 'error%s: %s' \
+						% (at, desc)
 				valid = False
 		if valid:
-			c = article.add_comment(author, body, link)
+			c = article.add_comment(form_data.author,
+					form_data.body, form_data.link)
 			c.save()
 			cdb = CommentDB(article)
 			cdb.comments = article.comments
@@ -1183,7 +1283,10 @@ def handle_cmd():
 
 
 if os.environ.has_key('GATEWAY_INTERFACE'):
+	i = datetime.datetime.now()
 	handle_cgi()
+	f = datetime.datetime.now()
+	print '<!-- render time: %s -->' % (f-i)
 else:
 	sys.exit(handle_cmd())