Commit 19d46b38 authored by Michael Murtaugh's avatar Michael Murtaugh

cgi

parent 2c6cf866
Pipeline #493 canceled with stages
#!/usr/bin/env python3
import cgitb; cgitb.enable()
import cgi, os, sys, json
from xml.sax.saxutils import quoteattr
from urllib.parse import quote as urlquote, unquote as urlunquote, urljoin
from os import environ
from base64 import b64encode as encode, b64decode as decode
import binascii
from directory import *
from aa_password import PASSWORD
from login import authenticate
#DEBUG
env = os.environ
method = os.environ.get("REQUEST_METHOD", "GET").upper()
docroot = os.environ.get("DOCUMENT_ROOT", "/var/www/html")
fs = cgi.FieldStorage()
url = fs.getvalue("u", "/")
assert(url.startswith("/"))
fullpath = os.path.join(docroot, urlunquote(url).strip("/"))
# compute normalized_url
normalized_url = urlquote(os.path.relpath(fullpath, docroot))
if normalized_url == ".":
normalized_url = "/"
else:
normalized_url = "/"+normalized_url
if os.path.isdir(fullpath):
normalized_url += "/"
authorized = authenticate(environ)
if not authorized:
current_url = get_current_url(env)
login_url = urljoin(current_url, "/cgi-bin/login.cgi")
login_url += "?next="+urlquote(current_url)
print ("Location: {0}".format(login_url))
print ()
sys.exit(0)
if method=="POST":
submit = fs.getvalue("submit")
if submit == "commit":
ffp = file_formats_path(fullpath)
if os.path.isdir(ffp):
for x in os.listdir(ffp):
ffp2 = os.path.join(ffp, x)
os.remove(ffp2)
os.rmdir(ffp)
os.remove(fullpath)
print ("Content-type: text-html;charset=utf-8")
print ()
print ("Deleted {0}".format(normalized_url))
# parent = os.path.split(normalized_url)[0]
# current_url = get_current_url(env)
# redirect_url = urljoin(current_url, "/cgi-bin/directory.cgi")+"?f=annotate&u="+urlquote(parent)
# print ("Location: {0}".format(redirect_url))
# print ()
sys.exit(0)
print ("Content-type: text/html; charset=utf8")
print ()
# nb fs_item represents the merged version
print("""<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>edit description</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="/lib/directory/directory.css">
</head>
<body class="edit">
<form method="post" action="">
<p>Delete {0} and any and all related versions / thumbnails?</p>
Are you sure?
<input type="submit" name="submit" value="commit">
</form>
</body>
</html>
""".format(normalized_url))
\ No newline at end of file
......@@ -16,17 +16,6 @@ from login import authenticate
# print ("Content-type: text/html; charset=utf8")
# print ()
def get_current_url (environ):
request_scheme = environ.get("REQUEST_SCHEME")
server_name = environ.get("SERVER_NAME")
# http_host = environ.get("HTTP_HOST")
server_port = int(environ.get("SERVER_PORT", "80"))
request_uri = environ.get("REQUEST_URI")
if server_port != 80:
return "{0}://{1}:{2}{3}".format(request_scheme, server_name, server_port, request_uri)
else:
return "{0}://{1}{2}".format(request_scheme, server_name, request_uri)
env = os.environ
method = os.environ.get("REQUEST_METHOD", "GET").upper()
docroot = os.environ.get("DOCUMENT_ROOT", "/var/www/html")
......@@ -87,8 +76,8 @@ elif f == "annotate":
# print ("Content-type: text/html; charset=utf8")
# print ()
authorized = authenticate(environ)
current_url = get_current_url(env)
if not authorized:
current_url = get_current_url(env)
login_url = urljoin(current_url, "/cgi-bin/login.cgi")
login_url += "?next="+urlquote(current_url)
print ("Location: {0}".format(login_url))
......@@ -99,6 +88,21 @@ elif f == "annotate":
messages = []
if method=="POST":
# print ("Content-type: text/html; charset=utf8")
# print ()
# HANDLE REDIRECTS
submit = fs.getvalue('submit')
if submit == "rename":
redirect_url = urljoin(current_url, "/cgi-bin/rename.cgi")+"?u="+urlquote(normalized_url)
print ("Location: {0}".format(redirect_url))
print ()
sys.exit(0)
elif submit == "delete":
redirect_url = urljoin(current_url, "/cgi-bin/delete.cgi")+"?u="+urlquote(normalized_url)
print ("Location: {0}".format(redirect_url))
print ()
sys.exit(0)
description = fs.getvalue("description")
#if os.path.isfile(fullpath):
......@@ -121,20 +125,23 @@ elif f == "annotate":
messages.append("Uploaded {0} files".format(len(files)))
# UPLOADS (directory)
files = fs["upload"]
if not isinstance(files, list):
files = [files]
files = [x for x in files if x.filename]
if os.path.isdir(fullpath):
if files:
results = []
for f in files:
savepath = os.path.join(fullpath, f.filename)
count = upload(f, savepath)
results.append((f.filename, os.path.getsize(savepath)))
messages.append("Uploaded {0}".format(savepath))
messages.append("Uploaded {0} files".format(len(files)))
try:
files = fs["upload"]
if not isinstance(files, list):
files = [files]
files = [x for x in files if x.filename]
if os.path.isdir(fullpath):
if files:
results = []
for f in files:
savepath = os.path.join(fullpath, f.filename)
count = upload(f, savepath)
results.append((f.filename, os.path.getsize(savepath)))
messages.append("Uploaded {0}".format(savepath))
messages.append("Uploaded {0} files".format(len(files)))
except KeyError:
pass
# HANDLE DELETIONS (selectedformats)
sff = fs.getvalue("selectedformatsfn")
if sff == "delete":
......
import os, json
from urllib.parse import quote as urlquote, unquote as urlunquote, urlencode
def get_current_url (environ):
request_scheme = environ.get("REQUEST_SCHEME")
server_name = environ.get("SERVER_NAME")
# http_host = environ.get("HTTP_HOST")
server_port = int(environ.get("SERVER_PORT", "80"))
request_uri = environ.get("REQUEST_URI")
if server_port != 80:
return "{0}://{1}:{2}{3}".format(request_scheme, server_name, server_port, request_uri)
else:
return "{0}://{1}{2}".format(request_scheme, server_name, request_uri)
# https://github.com/achillean/shodan-python/issues/39
def humanize_bytes(bytes, precision=1):
"""Return a humanized string representation of a number of bytes.
......@@ -204,7 +215,11 @@ def send_form(item, fs_item, messages):
<div id="description" class="group">
<div class="title">{0[filename]}</div>
<textarea name="description" style="width: 320px; height: 4em;" placeholder="Description" autofocus>{0[description]}</textarea>
<div><input type="submit" value="save" /> </div>
<div>
<input type="submit" name="submit" value="save" />
<input type="submit" name="submit" value="rename">
<input type="submit" name="submit" value="delete">
</div>
{0[messages]}
</div>
<div class="filelisting group">
......
#!/usr/bin/env python3
import cgitb; cgitb.enable()
import cgi, os, sys, json
from xml.sax.saxutils import quoteattr
from urllib.parse import quote as urlquote, unquote as urlunquote, urljoin
from os import environ
from base64 import b64encode as encode, b64decode as decode
import binascii
from directory import *
from aa_password import PASSWORD
from login import authenticate
#DEBUG
env = os.environ
method = os.environ.get("REQUEST_METHOD", "GET").upper()
docroot = os.environ.get("DOCUMENT_ROOT", "/var/www/html")
fs = cgi.FieldStorage()
url = fs.getvalue("u", "/")
assert(url.startswith("/"))
fullpath = os.path.join(docroot, urlunquote(url).strip("/"))
# compute normalized_url
normalized_url = urlquote(os.path.relpath(fullpath, docroot))
if normalized_url == ".":
normalized_url = "/"
else:
normalized_url = "/"+normalized_url
if os.path.isdir(fullpath):
normalized_url += "/"
authorized = authenticate(environ)
if not authorized:
current_url = get_current_url(env)
login_url = urljoin(current_url, "/cgi-bin/login.cgi")
login_url += "?next="+urlquote(current_url)
print ("Location: {0}".format(login_url))
print ()
sys.exit(0)
if method=="POST":
description = fs.getvalue("description")
print ("Content-type: text/html; charset=utf8")
print ()
# nb fs_item represents the merged version
print("""
Coming soon!
""")
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment