Почетна Преглед Помоћ
Пријавите се
wiki
/
openNAMU__openNAMU
огледало од https://github.com/openNAMU/openNAMU.git
2
0
Креирај огранак 0
Датотеке Дискусије 0 Вики
Преглед изворни кода

db_pas 폐기

2DU пре 8 година
родитељ
3990571e1b
комит
b677095272
4 измењених фајлова са 189 додато и 197 уклоњено
Подељен поглед Покажи статистику Diff
  1. 148 150
      app.py
  2. 33 35
      func.py
  3. 8 10
      mark.py
  4. 0 2
      update.py

Разлика између датотеке није приказан због своје велике величине
+ 148 - 150
app.py


+ 33 - 35
func.py
Прегледај датотеку 

@@ -18,8 +18,6 @@ session_opts = {
 
 
 app = beaker.middleware.SessionMiddleware(app(), session_opts)
 
 
-db_pas = pymysql.escape_string
 
-
 
 from mark import *
 
 
 def diff(seqm):
 
@@ -48,13 +46,13 @@ def admin_check(num):
 
     curs = conn.cursor(pymysql.cursors.DictCursor)
 
 
     ip = ip_check() 
-    curs.execute("select acl from user where id = '" + db_pas(ip) + "'")
 
+    curs.execute("select acl from user where id = '" + pymysql.escape_string(ip) + "'")
 
     user = curs.fetchall()
 
     if(user):
 
         reset = 0
 
         while(1):
 
             if(num == 1 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "ban"')
 
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "ban"')
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     conn.close()
 
@@ -62,7 +60,7 @@ def admin_check(num):
 
                 else:
 
                     reset = 1
 
             elif(num == 2 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "mdel"')
 
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "mdel"')
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     conn.close()
 
@@ -70,7 +68,7 @@ def admin_check(num):
 
                 else:
 
                     reset = 1
 
             elif(num == 3 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "toron"')
 
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "toron"')
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     conn.close()
 
@@ -78,7 +76,7 @@ def admin_check(num):
 
                 else:
 
                     reset = 1
 
             elif(num == 4 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "check"')
 
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "check"')
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     conn.close()
 
@@ -86,7 +84,7 @@ def admin_check(num):
 
                 else:
 
                     reset = 1
 
             elif(num == 5 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "acl"')
 
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "acl"')
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     conn.close()
 
@@ -94,7 +92,7 @@ def admin_check(num):
 
                 else:
 
                     reset = 1
 
             elif(num == 6 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "hidel"')
 
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "hidel"')
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     conn.close()
 
@@ -102,7 +100,7 @@ def admin_check(num):
 
                 else:
 
                     reset = 1
 
             else:
 
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "owner"')
 
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "owner"')
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     conn.close()
 
@@ -121,7 +119,7 @@ def include_check(name, data):
 
     curs = conn.cursor(pymysql.cursors.DictCursor)
 
 
     if(re.search('^틀:', name)):
 
-        curs.execute("select link from back where title = '" + db_pas(name) + "' and type = 'include'")
 
+        curs.execute("select link from back where title = '" + pymysql.escape_string(name) + "' and type = 'include'")
 
         back = curs.fetchall()
 
         for backp in back:
 
             namumark(backp['link'], data, 1)
 
@@ -147,7 +145,7 @@ def ip_pas(raw_ip, num):
 
     if(re.search("(\.|:)", raw_ip)):
 
         ip = raw_ip
 
     else:
 
-        curs.execute("select title from data where title = '사용자:" + db_pas(raw_ip) + "'")
 
+        curs.execute("select title from data where title = '사용자:" + pymysql.escape_string(raw_ip) + "'")
 
         row = curs.fetchall()
 
         if(row):
 
             ip = '<a href="/w/' + url_pas('사용자:' + raw_ip) + '">' + raw_ip + '</a>'
 
@@ -192,7 +190,7 @@ def acl_check(ip, name):
 
                 conn.close()
 
                 return(1)
 
             else:
 
-                curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
 
+                curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
 
                 rows = curs.fetchall()
 
                 if(rows):
 
                     conn.close()
 
@@ -211,22 +209,22 @@ def acl_check(ip, name):
 
         b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
 
         if(b):
 
             results = b.groups()
 
-            curs.execute("select * from ban where block = '" + db_pas(results[0]) + "' and band = 'O'")
 
+            curs.execute("select * from ban where block = '" + pymysql.escape_string(results[0]) + "' and band = 'O'")
 
             rowss = curs.fetchall()
 
             if(rowss):
 
                 conn.close()
 
                 return(1)
 
             else:
 
-                curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
 
+                curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
 
                 rows = curs.fetchall()
 
                 if(rows):
 
                     conn.close()
 
                     return(1)
 
                 else:
 
-                    curs.execute("select acl from data where title = '" + db_pas(name) + "'")
 
+                    curs.execute("select acl from data where title = '" + pymysql.escape_string(name) + "'")
 
                     row = curs.fetchall()
 
                     if(row):
 
-                        curs.execute("select * from user where id = '" + db_pas(ip) + "'")
 
+                        curs.execute("select * from user where id = '" + pymysql.escape_string(ip) + "'")
 
                         rows = curs.fetchall()
 
                         if(row[0]['acl'] == 'user'):
 
                             if(rows):
 
@@ -253,16 +251,16 @@ def acl_check(ip, name):
 
                         conn.close()
 
                         return(0)
 
         else:
 
-            curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
 
+            curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
 
             rows = curs.fetchall()
 
             if(rows):
 
                 conn.close()
 
                 return(1)
 
             else:
 
-                curs.execute("select acl from data where title = '" + db_pas(name) + "'")
 
+                curs.execute("select acl from data where title = '" + pymysql.escape_string(name) + "'")
 
                 row = curs.fetchall()
 
                 if(row):
 
-                    curs.execute("select * from user where id = '" + db_pas(ip) + "'")
 
+                    curs.execute("select * from user where id = '" + pymysql.escape_string(ip) + "'")
 
                     rows = curs.fetchall()
 
                     if(row[0]['acl'] == 'user'):
 
                         if(rows):
 
@@ -302,13 +300,13 @@ def ban_check(ip):
 
     b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
 
     if(b):
 
         results = b.groups()
 
-        curs.execute("select * from ban where block = '" + db_pas(results[0]) + "' and band = 'O'")
 
+        curs.execute("select * from ban where block = '" + pymysql.escape_string(results[0]) + "' and band = 'O'")
 
         rowss = curs.fetchall()
 
         if(rowss):
 
             conn.close()
 
             return(1)
 
         else:
 
-            curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
 
+            curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
 
             rows = curs.fetchall()
 
             if(rows):
 
                 conn.close()
 
@@ -317,7 +315,7 @@ def ban_check(ip):
 
                 conn.close()
 
                 return(0)
 
     else:
 
-        curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
 
+        curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
 
         rows = curs.fetchall()
 
         if(rows):
 
             conn.close()
 
@@ -339,19 +337,19 @@ def topic_check(ip, name, sub):
 
     b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
 
     if(b):
 
         results = b.groups()
 
-        curs.execute("select * from ban where block = '" + db_pas(results[0]) + "' and band = 'O'")
 
+        curs.execute("select * from ban where block = '" + pymysql.escape_string(results[0]) + "' and band = 'O'")
 
         rowss = curs.fetchall()
 
         if(rowss):
 
             conn.close()
 
             return(1)
 
         else:
 
-            curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
 
+            curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
 
             rows = curs.fetchall()
 
             if(rows):
 
                 conn.close()
 
                 return(1)
 
             else:
 
-                curs.execute("select * from stop where title = '" + db_pas(name) + "' and sub = '" + db_pas(sub) + "'")
 
+                curs.execute("select * from stop where title = '" + pymysql.escape_string(name) + "' and sub = '" + pymysql.escape_string(sub) + "'")
 
                 rows = curs.fetchall()
 
                 if(rows):
 
                     conn.close()
 
@@ -360,13 +358,13 @@ def topic_check(ip, name, sub):
 
                     conn.close()
 
                     return(0)
 
     else:
 
-        curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
 
+        curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
 
         rows = curs.fetchall()
 
         if(rows):
 
             conn.close()
 
             return(1)
 
         else:
 
-            curs.execute("select * from stop where title = '" + db_pas(name) + "' and sub = '" + db_pas(sub) + "'")
 
+            curs.execute("select * from stop where title = '" + pymysql.escape_string(name) + "' and sub = '" + pymysql.escape_string(sub) + "'")
 
             rows = curs.fetchall()
 
             if(rows):
 
                 conn.close()
 
@@ -385,12 +383,12 @@ def rd_plus(title, sub, date):
 
     )
 
     curs = conn.cursor(pymysql.cursors.DictCursor)
 
 
-    curs.execute("select * from rd where title = '" + db_pas(title) + "' and sub = '" + db_pas(sub) + "'")
 
+    curs.execute("select * from rd where title = '" + pymysql.escape_string(title) + "' and sub = '" + pymysql.escape_string(sub) + "'")
 
     rd = curs.fetchall()
 
     if(rd):
 
-        curs.execute("update rd set date = '" + db_pas(date) + "' where title = '" + db_pas(title) + "' and sub = '" + db_pas(sub) + "'")
 
+        curs.execute("update rd set date = '" + pymysql.escape_string(date) + "' where title = '" + pymysql.escape_string(title) + "' and sub = '" + pymysql.escape_string(sub) + "'")
 
     else:
 
-        curs.execute("insert into rd (title, sub, date) value ('" + db_pas(title) + "', '" + db_pas(sub) + "', '" + db_pas(date) + "')")
 
+        curs.execute("insert into rd (title, sub, date) value ('" + pymysql.escape_string(title) + "', '" + pymysql.escape_string(sub) + "', '" + pymysql.escape_string(date) + "')")
 
     conn.commit()
 
     
     conn.close()
 
@@ -404,7 +402,7 @@ def rb_plus(block, end, today, blocker, why):
 
     )
 
     curs = conn.cursor(pymysql.cursors.DictCursor)
 
 
-    curs.execute("insert into rb (block, end, today, blocker, why) value ('" + db_pas(block) + "', '" + db_pas(end) + "', '" + today + "', '" + db_pas(blocker) + "', '" + db_pas(why) + "')")
 
+    curs.execute("insert into rb (block, end, today, blocker, why) value ('" + pymysql.escape_string(block) + "', '" + pymysql.escape_string(end) + "', '" + today + "', '" + pymysql.escape_string(blocker) + "', '" + pymysql.escape_string(why) + "')")
 
     conn.commit()
 
     
     conn.close()
 
@@ -418,13 +416,13 @@ def history_plus(title, data, date, ip, send, leng):
 
     )
 
     curs = conn.cursor(pymysql.cursors.DictCursor)
 
 
-    curs.execute("select * from history where title = '" + db_pas(title) + "' order by id+0 desc limit 1")
 
+    curs.execute("select * from history where title = '" + pymysql.escape_string(title) + "' order by id+0 desc limit 1")
 
     rows = curs.fetchall()
 
     if(rows):
 
         number = int(rows[0]['id']) + 1
 
-        curs.execute("insert into history (id, title, data, date, ip, send, leng) value ('" + str(number) + "', '" + db_pas(title) + "', '" + db_pas(data) + "', '" + date + "', '" + db_pas(ip) + "', '" + db_pas(send) + "', '" + leng + "')")
 
+        curs.execute("insert into history (id, title, data, date, ip, send, leng) value ('" + str(number) + "', '" + pymysql.escape_string(title) + "', '" + pymysql.escape_string(data) + "', '" + date + "', '" + pymysql.escape_string(ip) + "', '" + pymysql.escape_string(send) + "', '" + leng + "')")
 
     else:
 
-        curs.execute("insert into history (id, title, data, date, ip, send, leng) value ('1', '" + db_pas(title) + "', '" + db_pas(data) + "', '" + date + "', '" + db_pas(ip) + "', '" + db_pas(send + ' (새 문서)') + "', '" + leng + "')")
 
+        curs.execute("insert into history (id, title, data, date, ip, send, leng) value ('1', '" + pymysql.escape_string(title) + "', '" + pymysql.escape_string(data) + "', '" + date + "', '" + pymysql.escape_string(ip) + "', '" + pymysql.escape_string(send + ' (새 문서)') + "', '" + leng + "')")
 
     conn.commit()
 
     
     conn.close()

+ 8 - 10
mark.py
Прегледај датотеку 

@@ -35,8 +35,6 @@ def ip_check():
 
             ip = request.environ.get('REMOTE_ADDR')
 
 
     return(ip)
 
-    
-db_pas = pymysql.escape_string
 
 
 def url_pas(data):
 
     return(parse.quote(data).replace('/','%2F'))
 
@@ -330,10 +328,10 @@ def backlink_plus(name, link, backtype, num):
 
         conn = pymysql.connect(user = set_data['user'], password = set_data['pw'], charset = 'utf8mb4', db = set_data['db'])
 
         curs = conn.cursor(pymysql.cursors.DictCursor)
 
         
-        curs.execute("select title from back where title = '" + db_pas(link) + "' and link = '" + db_pas(name) + "' and type = '" + backtype + "'")
 
+        curs.execute("select title from back where title = '" + pymysql.escape_string(link) + "' and link = '" + pymysql.escape_string(name) + "' and type = '" + backtype + "'")
 
         y = curs.fetchall()
 
         if(not y):
 
-            curs.execute("insert into back (title, link, type) value ('" + db_pas(link) + "', '" + db_pas(name) + "',  '" + backtype + "')")
 
+            curs.execute("insert into back (title, link, type) value ('" + pymysql.escape_string(link) + "', '" + pymysql.escape_string(name) + "',  '" + backtype + "')")
 
             conn.commit()
 
             
         conn.close()
 
@@ -343,10 +341,10 @@ def cat_plus(name, link, num):
 
         conn = pymysql.connect(user = set_data['user'], password = set_data['pw'], charset = 'utf8mb4', db = set_data['db'])
 
         curs = conn.cursor(pymysql.cursors.DictCursor)
 
         
-        curs.execute("select title from cat where title = '" + db_pas(link) + "' and cat = '" + db_pas(name) + "'")
 
+        curs.execute("select title from cat where title = '" + pymysql.escape_string(link) + "' and cat = '" + pymysql.escape_string(name) + "'")
 
         y = curs.fetchall()
 
         if(not y):
 
-            curs.execute("insert into cat (title, cat) value ('" + db_pas(link) + "', '" + db_pas(name) + "')")
 
+            curs.execute("insert into cat (title, cat) value ('" + pymysql.escape_string(link) + "', '" + pymysql.escape_string(name) + "')")
 
             conn.commit()
 
             
         conn.close()
 
@@ -374,7 +372,7 @@ def namumark(title, data, num):
 
             if(results[0] == title):
 
                 data = include.sub("<b>" + results[0] + "</b>", data, 1)
 
             else:
 
-                curs.execute("select * from data where title = '" + db_pas(results[0]) + "'")
 
+                curs.execute("select * from data where title = '" + pymysql.escape_string(results[0]) + "'")
 
                 in_con = curs.fetchall()
 
                 
                 backlink_plus(title, results[0], 'include', num)
 
@@ -455,7 +453,7 @@ def namumark(title, data, num):
 
                 cat_plus(title, g[0], num)
 
                     
                 if(category == ''):
 
-                    curs.execute("select title from data where title = '" + db_pas(g[0]) + "'")
 
+                    curs.execute("select title from data where title = '" + pymysql.escape_string(g[0]) + "'")
 
                     exists = curs.fetchall()
 
                     if(exists):
 
                         red = ""
 
@@ -464,7 +462,7 @@ def namumark(title, data, num):
 
                         
                     category += '<a ' + red + ' href="/w/' + url_pas(g[0]) + '">' + re.sub("분류:", "", g[0]) + '</a>'
 
                 else:
 
-                    curs.execute("select title from data where title = '" + db_pas(g[0]) + "'")
 
+                    curs.execute("select title from data where title = '" + pymysql.escape_string(g[0]) + "'")
 
                     exists = curs.fetchall()
 
                     if(exists):
 
                         red = ""
 
@@ -664,7 +662,7 @@ def namumark(title, data, num):
 
                 else:
 
                     nosharp = re.sub("<sharp>", "#", results[0])
 
                     
-                    curs.execute("select title from data where title = '" + db_pas(nosharp) + "'")
 
+                    curs.execute("select title from data where title = '" + pymysql.escape_string(nosharp) + "'")
 
                     y = curs.fetchall()
 
                     if(y):
 
                         clas = ''

+ 0 - 2
update.py
Прегледај датотеку 

@@ -13,8 +13,6 @@ conn = pymysql.connect(
 
 )
 
 curs = conn.cursor(pymysql.cursors.DictCursor)   
 
-db_pas = pymysql.escape_string
 
-
 
 r_ver = '2.1.7'
 
 
 conn.commit()

Неке датотеке нису приказане због велике количине промена