Files @ 14abe07a4a8b
Branch filter:

Location: website/www/conservancy/__init__.py

14abe07a4a8b 1.6 KiB text/x-python Show Annotation Show as Raw Download as Raw
bsturmfels
Remove unnecessary use of "safe" template tag.

This tag marks a variable as not requiring escaping by the template engine,
potentially creating cross-site scripting vulnerabilities, so shouldn't be used
unless absolutely necessary. In these cases, I don't think it's necessary.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
from past.builtins import basestring
from builtins import object
import hashlib

from django.conf import settings
from django.template import RequestContext

# This is backwards compatibilty support for a custom function we wrote
# ourselves that is no longer necessary in modern Django.
from django.shortcuts import render as render_template_with_context

class ParameterValidator(object):
    def __init__(self, given_hash_or_params, params_hash_key=None):
        if params_hash_key is None:
            self.given_hash = given_hash_or_params
        else:
            self.given_hash = given_hash_or_params.get(params_hash_key)
        seed = getattr(settings, 'CONSERVANCY_SECRET_KEY', '').encode('utf-8')
        self.hasher = hashlib.sha256(seed)
        if isinstance(self.given_hash, basestring):
            self.hash_type = type(self.given_hash)
        else:
            self.hash_type = type(self.hasher.hexdigest())
        self.valid = None
        if not (self.given_hash and seed):
            self.fail()

    def __enter__(self):
        self.valid = self.valid and None
        return self

    def __exit__(self, exc_type, exc_value, exc_tb):
        if exc_type is None:
            self.check()
        else:
            self.fail()

    def validate(self, data):
        self.valid = self.valid and None
        self.hasher.update(data)

    def check(self):
        if self.valid or (self.valid is None):
            self.valid = self.hash_type(self.hasher.hexdigest()) == self.given_hash
        return self.valid

    def fail(self):
        self.valid = False
Server instance: kapok.sfconservancy.org-7322 This site is powered by Kallithea 0.6.3, which is © 2010–2020 by various authors & licensed under GPLv3. – SupportPrivacy Policy