Commit 73bcb97d authored by Gero Müller's avatar Gero Müller
Browse files

purge helpers

parent b4bcd8b3
......@@ -10,7 +10,7 @@ from vispa.models.user import User
from vispa.models.workspace import Workspace, WorkspaceState
from vispa.models.profile import Profile
from vispa.models.preference import VispaPreference, ExtensionPreference
from vispa.helpers import browser
from vispa import browser
import vispa
import logging
import json
......
# -*- coding: utf-8 -*-
# imports
import cherrypy
FORBIDDEN_PHRASES = ['drop ', 'select ', 'dump ', 'insert ', 'delete ', 'update ',
'drop\\ ', 'select\\ ', 'dump\\ ', 'insert\\ ', 'delete\\ ', 'update\\ ']
FORBIDDEN_CHARS = ['´', '`']
def insertion_safe(*args, **kwargs):
for arg in list(args) + kwargs.values():
if isinstance(arg, dict):
arg = arg.keys()
if not isinstance(arg, list):
arg = [arg]
for elem in arg:
elem = str(elem)
# 1. check: forbidden phrases
for phrase in FORBIDDEN_PHRASES:
if elem.lower().find(phrase) >= 0:
return False, elem
# 2. check: forbidden chars
for char in FORBIDDEN_CHARS:
if elem.lower().find(char) >= 0:
return False, elem
return True, None
\ No newline at end of file
......@@ -3,4 +3,26 @@
# imports
from sqlalchemy.ext.declarative import declarative_base
Base = declarative_base()
\ No newline at end of file
Base = declarative_base()
FORBIDDEN_PHRASES = ['drop ', 'select ', 'dump ', 'insert ', 'delete ', 'update ',
'drop\\ ', 'select\\ ', 'dump\\ ', 'insert\\ ', 'delete\\ ', 'update\\ ']
FORBIDDEN_CHARS = ['´', '`']
def insertion_safe(*args, **kwargs):
for arg in list(args) + kwargs.values():
if isinstance(arg, dict):
arg = arg.keys()
if not isinstance(arg, list):
arg = [arg]
for elem in arg:
elem = str(elem)
# 1. check: forbidden phrases
for phrase in FORBIDDEN_PHRASES:
if elem.lower().find(phrase) >= 0:
return False, elem
# 2. check: forbidden chars
for char in FORBIDDEN_CHARS:
if elem.lower().find(char) >= 0:
return False, elem
return True, None
\ No newline at end of file
......@@ -4,8 +4,7 @@
from sqlalchemy import Column, schema
from sqlalchemy.types import Integer, Unicode, DateTime
from datetime import datetime
from vispa.models import Base
from vispa.helpers.db import insertion_safe
from vispa.models import Base, insertion_safe
import json as JSON
class VispaPreference(Base):
......
......@@ -5,8 +5,7 @@ from datetime import datetime
import json as JSON
from sqlalchemy import Column, schema
from sqlalchemy.types import Unicode, Integer, DateTime, Boolean, Text
from vispa.models import Base
from vispa.helpers.db import insertion_safe
from vispa.models import Base, insertion_safe
from vispa.models.preference import VispaPreference, ExtensionPreference
......
......@@ -4,8 +4,7 @@
from datetime import datetime
from sqlalchemy import Column, schema
from sqlalchemy.types import Unicode, Integer, DateTime, Boolean, Text
from vispa.models import Base
from vispa.helpers.db import insertion_safe
from vispa.models import Base, insertion_safe
import json
......
......@@ -4,7 +4,7 @@
import cherrypy
from os.path import join
import vispa
from vispa.helpers import browser
from vispa import browser
__all__ = ['DeviceTool']
......
......@@ -5,7 +5,7 @@ import cherrypy
import vispa
import os
import json
from vispa.helpers import browser
from vispa import browser
from vispa.models.profile import Profile
......
......@@ -4,7 +4,7 @@
import cherrypy
from os.path import join
import vispa
from vispa.helpers import browser
from vispa import browser
from vispa.models.stats import AccessStats, PageStats
class StatsTool(cherrypy.Tool):
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment