unencoded HTML handling within multisite code a bit more
Message-ID: <54ad5aa8.Lx/UxCJX1yNBjK2Z%lm(a)mathias-kettner.de>
User-Agent: Heirloom mailx 12.5 6/20/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Module: check_mk
Branch: master
Commit: 24d85b37230239997f86135c2bef81c5b756eb3c
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=24d85b37230239…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Jan 7 17:10:29 2015 +0100
Internal cleanup: Clarified encoded/unencoded HTML handling within multisite code a bit
more
---
web/htdocs/dashboard.py | 4 +---
web/htdocs/htmllib.py | 26 +++++++++++++++++++++++++-
web/htdocs/notify.py | 16 ++++++++--------
web/htdocs/visuals.py | 4 +---
web/htdocs/wato.py | 17 ++++++-----------
5 files changed, 41 insertions(+), 26 deletions(-)
diff --git a/web/htdocs/dashboard.py b/web/htdocs/dashboard.py
index a58367b..106d1e8 100644
--- a/web/htdocs/dashboard.py
+++ b/web/htdocs/dashboard.py
@@ -1034,9 +1034,7 @@ def page_edit_dashlet():
visuals.render_context_specs(dashlet, context_specs)
forms.end()
- url = "wato.py?mode=edit_configvar&varname=user_localizations"
- html.message("<sup>*</sup>" + _("These texts may be
localized depending on the users' "
- "language. You can configure the localizations <a
href=\"%s\">in the global settings</a>.") % url)
+ html.show_localization_hint()
html.button("save", _("Save"))
html.hidden_fields()
html.end_form()
diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py
index 4b29b9d..6fc7da5 100644
--- a/web/htdocs/htmllib.py
+++ b/web/htdocs/htmllib.py
@@ -36,6 +36,8 @@
#
# - Fix names of message() show_error() show_warning()
#
+# - change naming of html.attrencode() to html.render()
+#
# - General rules:
# 1. values of type str that are passed as arguments or
# return values or are stored in datastructures most not contain
@@ -44,7 +46,7 @@
# input to str or unicode must happen as early as possible,
# directly when reading from file or URL.
-import time, os, pwd, urllib, random, re
+import time, os, pwd, urllib, random, re, __builtin__
from lib import *
# Python 2.3 does not have 'set' in normal namespace.
@@ -63,6 +65,19 @@ class InvalidUserInput(Exception):
self.varname = varname
self.text = text
+# This is a simple class which wraps a string provided by the caller
+# to make html.attrencode() know that this string should not be
+# encoded, html.attrencode() will then return the unmodified value.
+#
+# This way we can implement encodings while still allowing HTML code
+# processing for some special cases. This is useful when one needs
+# to print out HTML tables in messages or help texts.
+class HTML:
+ def __init__(self, value):
+ self.value = value
+
+__builtin__.HTML = HTML
+
class html:
def __init__(self):
self.user_errors = {}
@@ -1002,6 +1017,13 @@ class html:
else:
self.write('%s: %s\n' % (prefix, self.strip_tags(msg)))
+ def show_localization_hint(self):
+ url = "wato.py?mode=edit_configvar&varname=user_localizations"
+ self.message(HTML("<sup>*</sup>" +
+ _("These texts may be localized depending on the users' "
+ "language. You can configure the localizations "
+ "<a href=\"%s\">in the global
settings</a>.") % url))
+
# Embed help box, whose visibility is controlled by a global
# button in the page.
def help(self, text):
@@ -1285,6 +1307,8 @@ class html:
ty = type(value)
if ty == int:
return str(value)
+ elif isinstance(value, HTML):
+ return value.value # This is HTML code which must not be escaped
elif ty not in [str, unicode]: # also possible: type Exception!
value = "%s" % value # Note: this allows Unicode. value might not
have type str now
diff --git a/web/htdocs/notify.py b/web/htdocs/notify.py
index eb3cb62..4d9f88f 100644
--- a/web/htdocs/notify.py
+++ b/web/htdocs/notify.py
@@ -212,7 +212,7 @@ def page_notify():
handler(user_id, msg)
num_success[method] = num_success[method] + 1
except MKInternalError, e:
- errors.setdefault(method, []).append( (user_id, e) )
+ errors.setdefault(method, []).append((user_id, e))
message = _('The notification has been sent via<br>')
message += "<table>"
@@ -221,19 +221,19 @@ def page_notify():
(notify_methods[method]["title"],
num_success[method], num_recipients)
message += "</table>"
- message += ' <a href="%s">%s</a>' %
(html.makeuri([]), _('Back to previous page'))
message += _('<p>Sent notification to: %s</p>') % ',
'.join(recipients)
- html.message(message)
+ message += '<a href="%s">%s</a>' %
(html.makeuri([]), _('Back to previous page'))
+ html.message(HTML(message))
if errors:
error_message = ""
- for key, values in errors.items():
- error_message += _("Failed to sent %s notifications to the following
users") % key
+ for method, method_errors in errors.items():
+ error_message += _("Failed to send %s notifications to the following
users:") % method
error_message += "<table>"
- for user, error in values:
- error_message +=
"<tr><td>%s</td><td>%s</td></tr>" % (user,
error )
+ for user, exception in method_errors:
+ error_message +=
"<tr><td><tt>%s</tt></td><td>%s</td></tr>"
% (user, html.attrencode(exception))
error_message += "</table><br>"
- html.show_error(error_message)
+ html.show_error(HTML(error_message))
html.footer()
diff --git a/web/htdocs/visuals.py b/web/htdocs/visuals.py
index 4972117..e35205e 100644
--- a/web/htdocs/visuals.py
+++ b/web/htdocs/visuals.py
@@ -730,9 +730,7 @@ def page_edit_visual(what, all_visuals, custom_field_handler = None,
render_context_specs(visual, context_specs)
forms.end()
- url = "wato.py?mode=edit_configvar&varname=user_localizations"
- html.message("<sup>*</sup>" + _("These texts may be
localized depending on the users' "
- "language. You can configure the localizations <a
href=\"%s\">in the global settings</a>.") % url)
+ html.show_localization_hint()
html.button("save", _("Save"))
for nr, (title, pagename, icon) in enumerate(sub_pages):
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index cea3a10..2609339 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -962,7 +962,7 @@ def mode_folder(phase):
render_folder_path()
if not auth_read:
- html.message('<img class=authicon
src="images/icon_autherr.png"> %s' % auth_message)
+ html.message(HTML('<img class=authicon
src="images/icon_autherr.png"> %s' % html.attrencode(auth_message)))
lock_messages = []
if g_folder.get(".lock_hosts"):
@@ -7238,7 +7238,7 @@ def mode_ldap_config(phase):
html.write('<h2>' + _('Diagnostics') + '</h2>')
if not html.var('_test'):
- html.message('<p>%s</p><p>%s</p>' %
+ html.message(HTML('<p>%s</p><p>%s</p>' %
(_('You can verify the single parts of your ldap configuration
using this '
'dialog. Simply make your configuration in the form on the
left side and '
'hit the "Save & Test" button to execute the
tests. After '
@@ -7246,7 +7246,7 @@ def mode_ldap_config(phase):
_('If you need help during configuration or experience problems,
please refer '
'to the Multisite <a target="_blank" '
'href="http://mathias-kettner.de/checkmk_multisite_ldap_integration.html">'
- 'LDAP Documentation</a>.')))
+ 'LDAP Documentation</a>.'))))
else:
def test_connect(address):
conn, msg = userdb.ldap_connect_server(address)
@@ -12972,7 +12972,7 @@ def mode_edit_auxtag(phase):
# Button and end
forms.end()
- show_localization_hint()
+ html.show_localization_hint()
html.button("save", _("Save"))
html.hidden_fields()
html.end_form()
@@ -13216,17 +13216,12 @@ def mode_edit_hosttag(phase):
# Button and end
forms.end()
- show_localization_hint()
+ html.show_localization_hint()
html.button("save", _("Save"))
html.hidden_fields()
html.end_form()
-def show_localization_hint():
- url = "wato.py?mode=edit_configvar&varname=user_localizations"
- html.message("<sup>*</sup>" + _("These texts may be
localized depending on the users' "
- "language. You can configure the localizations <a
href=\"%s\">in the global settings</a>.") % url)
-
def format_php(data, lvl = 1):
s = ''
if isinstance(data, tuple) or isinstance(data, list):
@@ -17330,7 +17325,7 @@ def mode_edit_custom_attr(phase, what):
html.checkbox('add_custom_macro', attr.get('add_custom_macro',
False))
forms.end()
- show_localization_hint()
+ html.show_localization_hint()
html.button("save", _("Save"))
html.hidden_fields()
html.end_form()