Home Esplora Aiuto
Accedi
wiki
/
openNAMU__openNAMU
mirror da https://github.com/openNAMU/openNAMU.git
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

인코딩 추가

2DU 8 anni fa
parent
818efaff8c
commit
ef327f5806
4 ha cambiato i file con 208 aggiunte e 221 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 157 158
      app.py
  2. 27 27
      func.py
  3. 8 14
      mark.py
  4. 16 22
      update_mysql.py

File diff suppressed because it is too large
+ 157 - 158
app.py


+ 27 - 27
func.py
Vedi File 

@@ -41,55 +41,55 @@ def diff(seqm):
 
            
 def admin_check(num):
 
     ip = ip_check() 
-    curs.execute("select acl from user where id = '" + escape(ip) + "'")
 
+    curs.execute("select acl from user where id = ?", [ip])
 
     user = curs.fetchall()
 
     if(user):
 
         reset = 0
 
         while(1):
 
             if(num == 1 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "ban"')
 
+                curs.execute('select name from alist where name = ? and acl = "ban"', [user[0][0]])
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     return(1)
 
                 else:
 
                     reset = 1
 
             elif(num == 2 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "mdel"')
 
+                curs.execute('select name from alist where name = ? and acl = "mdel"', [user[0][0]])
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     return(1)
 
                 else:
 
                     reset = 1
 
             elif(num == 3 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "toron"')
 
+                curs.execute('select name from alist where name = ? and acl = "toron"', [user[0][0]])
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     return(1)
 
                 else:
 
                     reset = 1
 
             elif(num == 4 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "check"')
 
+                curs.execute('select name from alist where name = ? and acl = "check"', [user[0][0]])
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     return(1)
 
                 else:
 
                     reset = 1
 
             elif(num == 5 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "acl"')
 
+                curs.execute('select name from alist where name = ? and acl = "acl"', [user[0][0]])
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     return(1)
 
                 else:
 
                     reset = 1
 
             elif(num == 6 and reset == 0):
 
-                curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "hidel"')
 
+                curs.execute('select name from alist where name = ? and acl = "hidel"', [user[0][0]])
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     return(1)
 
                 else:
 
                     reset = 1
 
             else:
 
-                curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "owner"')
 
+                curs.execute('select name from alist where name = ? and acl = "owner"', [user[0][0]])
 
                 acl_data = curs.fetchall()
 
                 if(acl_data):
 
                     return(1)
 
@@ -98,7 +98,7 @@ def admin_check(num):
 
                 
 def include_check(name, data):
 
     if(re.search('^틀:', name)):
 
-        curs.execute("select link from back where title = '" + escape(name) + "' and type = 'include'")
 
+        curs.execute("select link from back where title = ? and type = 'include'", [name])
 
         back = curs.fetchall()
 
         for backp in back:
 
             namumark(backp[0], data, 1)    
@@ -114,7 +114,7 @@ def ip_pas(raw_ip, num):
 
     if(re.search("(\.|:)", raw_ip)):
 
         ip = raw_ip
 
     else:
 
-        curs.execute("select title from data where title = '사용자:" + escape(raw_ip) + "'")
 
+        curs.execute("select title from data where title = ?", ['사용자:' + raw_ip])
 
         row = curs.fetchall()
 
         if(row):
 
             ip = '<a href="/w/' + url_pas('사용자:' + raw_ip) + '">' + raw_ip + '</a>'
 
@@ -148,7 +148,7 @@ def acl_check(ip, name):
 
             if(re.search("(\.|:)", g[0])):
 
                 return(1)
 
             else:
 
-                curs.execute("select block from ban where block = '" + escape(ip) + "'")
 
+                curs.execute("select block from ban where block = ?", [ip])
 
                 rows = curs.fetchall()
 
                 if(rows):
 
                     return(1)
 
@@ -162,20 +162,20 @@ def acl_check(ip, name):
 
         b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
 
         if(b):
 
             results = b.groups()
 
-            curs.execute("select block from ban where block = '" + escape(results[0]) + "' and band = 'O'")
 
+            curs.execute("select block from ban where block = ? and band = 'O'", [results[0]])
 
             rowss = curs.fetchall()
 
             if(rowss):
 
                 return(1)
 
 
-        curs.execute("select block from ban where block = '" + escape(ip) + "'")
 
+        curs.execute("select block from ban where block = ?", [ip])
 
         rows = curs.fetchall()
 
         if(rows):
 
             return(1)
 
         else:
 
-            curs.execute("select acl from data where title = '" + escape(name) + "'")
 
+            curs.execute("select acl from data where title = ?", [name])
 
             row = curs.fetchall()
 
             if(row):
 
-                curs.execute("select acl from user where id = '" + escape(ip) + "'")
 
+                curs.execute("select acl from user where id = ?", [ip])
 
                 rows = curs.fetchall()
 
                 if(row[0][0] == 'user'):
 
                     if(rows):
 
@@ -196,12 +196,12 @@ def ban_check(ip):
 
     b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
 
     if(b):
 
         results = b.groups()
 
-        curs.execute("select block from ban where block = '" + escape(results[0]) + "' and band = 'O'")
 
+        curs.execute("select block from ban where block = ? and band = 'O'", [results[0]])
 
         rowss = curs.fetchall()
 
         if(rowss):
 
             return(1)
 
 
-    curs.execute("select block from ban where block = '" + escape(ip) + "'")
 
+    curs.execute("select block from ban where block = ?", [ip])
 
     rows = curs.fetchall()
 
     if(rows):
 
         return(1)
 
@@ -212,17 +212,17 @@ def topic_check(ip, name, sub):
 
     b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
 
     if(b):
 
         results = b.groups()
 
-        curs.execute("select block from ban where block = '" + escape(results[0]) + "' and band = 'O'")
 
+        curs.execute("select block from ban where block = ? and band = 'O'", [results[0]])
 
         rowss = curs.fetchall()
 
         if(rowss):
 
             return(1)
 
 
-    curs.execute("select block from ban where block = '" + escape(ip) + "'")
 
+    curs.execute("select block from ban where block = ?", [ip])
 
     rows = curs.fetchall()
 
     if(rows):
 
         return(1)
 
     else:
 
-        curs.execute("select title from stop where title = '" + escape(name) + "' and sub = '" + escape(sub) + "'")
 
+        curs.execute("select title from stop where title = ? and sub = ?", [name, sub])
 
         rows = curs.fetchall()
 
         if(rows):
 
             return(1)
 
@@ -230,26 +230,26 @@ def topic_check(ip, name, sub):
 
             return(0)
 
 
 def rd_plus(title, sub, date):
 
-    curs.execute("select title from rd where title = '" + escape(title) + "' and sub = '" + escape(sub) + "'")
 
+    curs.execute("select title from rd where title = ? and sub = ?", [title, sub])
 
     rd = curs.fetchall()
 
     if(rd):
 
-        curs.execute("update rd set date = '" + escape(date) + "' where title = '" + escape(title) + "' and sub = '" + escape(sub) + "'")
 
+        curs.execute("update rd set date = ? where title = ? and sub = ?", [date, title, sub])
 
     else:
 
-        curs.execute("insert into rd (title, sub, date) values ('" + escape(title) + "', '" + escape(sub) + "', '" + escape(date) + "')")
 
+        curs.execute("insert into rd (title, sub, date) values (?, ?, ?)", [title, sub, date])
 
     conn.commit()
 
     
 def rb_plus(block, end, today, blocker, why):
 
-    curs.execute("insert into rb (block, end, today, blocker, why) values ('" + escape(block) + "', '" + escape(end) + "', '" + today + "', '" + escape(blocker) + "', '" + escape(why) + "')")
 
+    curs.execute("insert into rb (block, end, today, blocker, why) values (?, ?, ?, ?, ?)", [block, end, today, blocker, why])
 
     conn.commit()
 
 
 def history_plus(title, data, date, ip, send, leng):
 
-    curs.execute("select id from history where title = '" + escape(title) + "' order by id+0 desc limit 1")
 
+    curs.execute("select id from history where title = ? order by id+0 desc limit 1", [title])
 
     rows = curs.fetchall()
 
     if(rows):
 
         number = int(rows[0][0]) + 1
 
-        curs.execute("insert into history (id, title, data, date, ip, send, leng) values ('" + str(number) + "', '" + escape(title) + "', '" + escape(data) + "', '" + date + "', '" + escape(ip) + "', '" + escape(send) + "', '" + leng + "')")
 
+        curs.execute("insert into history (id, title, data, date, ip, send, leng) values (?, ?, ?, ?, ?, ?, ?)", [str(number), title, data, date, ip, send, leng])
 
     else:
 
-        curs.execute("insert into history (id, title, data, date, ip, send, leng) values ('1', '" + escape(title) + "', '" + escape(data) + "', '" + date + "', '" + escape(ip) + "', '" + escape(send + ' (새 문서)') + "', '" + leng + "')")
 
+        curs.execute("insert into history (id, title, data, date, ip, send, leng) values ('1', ?, ?, ?, ?, ?, ?)", [title, data, date, ip, send + ' (새 문서)', leng])
 
     conn.commit()
 
 
 def leng_check(a, b):

+ 8 - 14
mark.py
Vedi File 

@@ -26,12 +26,6 @@ def get_time():
 
     date = "%04d-%02d-%02d %02d:%02d:%02d" % (now.tm_year, now.tm_mon, now.tm_mday, now.tm_hour, now.tm_min, now.tm_sec)
 
 
     return(date)
 
-
 
-def escape(data):
 
-    data = data.replace("'", "''")
 
-    data = data.replace('"', '""')
 
-
 
-    return(data)
 
     
 def ip_check():
 
     session = request.environ.get('beaker.session')
 
@@ -334,18 +328,18 @@ def toc_pas(data, title):
 
 
 def backlink_plus(name, link, backtype, num):
 
     if(num == 1):       
-        curs.execute("select title from back where title = '" + escape(link) + "' and link = '" + escape(name) + "' and type = '" + backtype + "'")
 
+        curs.execute("select title from back where title = ? and link = ? and type = ?", [link, name, backtype])
 
         y = curs.fetchall()
 
         if(not y):
 
-            curs.execute("insert into back (title, link, type) values ('" + escape(link) + "', '" + escape(name) + "',  '" + backtype + "')")
 
+            curs.execute("insert into back (title, link, type) values (?, ?,  ?)", [link, name, backtype])
 
             conn.commit()
 
 
 def cat_plus(name, link, num):
 
     if(num == 1):        
-        curs.execute("select title from cat where title = '" + escape(link) + "' and cat = '" + escape(name) + "'")
 
+        curs.execute("select title from cat where title = ? and cat = ?", [link, name])
 
         y = curs.fetchall()
 
         if(not y):
 
-            curs.execute("insert into cat (title, cat) values ('" + escape(link) + "', '" + escape(name) + "')")
 
+            curs.execute("insert into cat (title, cat) values (?, ?)", [link, name])
 
             conn.commit()
 
 
 def namumark(title, data, num):    
@@ -368,7 +362,7 @@ def namumark(title, data, num):
 
             if(results[0] == title):
 
                 data = include.sub("<b>" + results[0] + "</b>", data, 1)
 
             else:
 
-                curs.execute("select data from data where title = '" + escape(results[0]) + "'")
 
+                curs.execute("select data from data where title = ?", [results[0]])
 
                 in_con = curs.fetchall()
 
                 
                 backlink_plus(title, results[0], 'include', num)
 
@@ -449,7 +443,7 @@ def namumark(title, data, num):
 
                 cat_plus(title, g[0], num)
 
                     
                 if(category == ''):
 
-                    curs.execute("select title from data where title = '" + escape(g[0]) + "'")
 
+                    curs.execute("select title from data where title = ?", [g[0]])
 
                     exists = curs.fetchall()
 
                     if(exists):
 
                         red = ""
 
@@ -458,7 +452,7 @@ def namumark(title, data, num):
 
                         
                     category += '<a ' + red + ' href="/w/' + url_pas(g[0]) + '">' + re.sub("분류:", "", g[0]) + '</a>'
 
                 else:
 
-                    curs.execute("select title from data where title = '" + escape(g[0]) + "'")
 
+                    curs.execute("select title from data where title = ?", [g[0]])
 
                     exists = curs.fetchall()
 
                     if(exists):
 
                         red = ""
 
@@ -658,7 +652,7 @@ def namumark(title, data, num):
 
                 else:
 
                     nosharp = re.sub("<sharp>", "#", results[0])
 
                     
-                    curs.execute("select title from data where title = '" + escape(nosharp) + "'")
 
+                    curs.execute("select title from data where title = ?", [nosharp])
 
                     y = curs.fetchall()
 
                     if(y):
 
                         clas = ''

+ 16 - 22
update_mysql.py
Vedi File 

@@ -9,12 +9,6 @@ set_data = json.loads(json_data)
 
 conn2 = sqlite3.connect(set_data['db'] + '.db')
 
 curs2 = conn2.cursor()
 
 
-def escape(data):
 
-    data = data.replace("'", "''")
 
-    data = data.replace('"', '""')
 
-
 
-    return(data)
 
-
 
 conn = pymysql.connect(
 
     user = set_data['user'], 
     password = set_data['pw'], 
@@ -42,84 +36,84 @@ curs2.execute("create table custom(user text, css text)")
 
 curs2.execute("create table other(name text, data text)")
 
 curs2.execute("create table alist(name text, acl text)")
 
 
-curs2.execute("insert into other (name, data) values ('version', '" + escape(r_ver) + "')")
 
+curs2.execute("insert into other (name, data) values ('version', ?)", [r_ver])
 
 
 conn2.commit()
 
 
 curs.execute("select * from data")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into data (title, data, acl) values ('" + escape(data2['title']) + "', '" + escape(data2['data']) + "', '" + escape(data2['acl']) + "')")
 
+    curs2.execute("insert into data (title, data, acl) values (?, ?, ?)", [data2['title'], data2['data'], data2['acl']])
 
 
 curs.execute("select * from history")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into history (id, title, data, date, ip, send, leng) values ('" + escape(data2['id']) + "', '" + escape(data2['title']) + "', '" + escape(data2['data']) + "', '" + escape(data2['date']) + "', '" + escape(data2['ip']) + "', '" + escape(data2['send']) + "', '" + escape(data2['leng']) + "')")
 
+    curs2.execute("insert into history (id, title, data, date, ip, send, leng) values (?, ?, ?, ?, ?, ?, ?)", [data2['id'], data2['title'], data2['data'], data2['date'], data2['ip'], data2['send'], data2['leng']])
 
 
 curs.execute("select * from rd")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into rd (title, sub, date) values ('" + escape(data2['title']) + "', '" + escape(data2['sub']) + "', '" + escape(data2['date']) + "')")
 
+    curs2.execute("insert into rd (title, sub, date) values (?, ?, ?)", [data2['title'], data2['sub'], data2['date']])
 
 
 curs.execute("select * from user")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into user (id, pw, acl) values ('" + escape(data2['id']) + "', '" + escape(data2['pw']) + "', '" + escape(data2['acl']) + "')")
 
+    curs2.execute("insert into user (id, pw, acl) values (?, ?, ?)", [data2['id'], data2['pw'], data2['acl']])
 
 
 curs.execute("select * from ban")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into ban (block, end, why, band) values ('" + escape(data2['block']) + "', '" + escape(data2['end']) + "', '" + escape(data2['why']) + "', '" + escape(data2['band']) + "')")
 
+    curs2.execute("insert into ban (block, end, why, band) values (?, ?, ?, ?)", [data2['block'], data2['end'], data2['why'], data2['band']])
 
 
 curs.execute("select * from topic")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into topic (id, title, sub, data, date, ip, block, top) values ('" + escape(data2['id']) + "', '" + escape(data2['title']) + "', '" + escape(data2['sub']) + "', '" + escape(data2['data']) + "', '" + escape(data2['date']) + "', '" + escape(data2['ip']) + "', '" + escape(data2['block']) + "', '" + escape(data2['top']) + "')")
 
+    curs2.execute("insert into topic (id, title, sub, data, date, ip, block, top) values (?, ?, ?, ?, ?, ?, ?, ?)", [data2['id'], data2['title'], data2['sub'], data2['data'], data2['date'], data2['ip'], data2['block'], data2['top']])
 
 
 curs.execute("select * from stop")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into stop (title, sub, close) values ('" + escape(data2['title']) + "', '" + escape(data2['sub']) + "', '" + escape(data2['close']) + "')")
 
+    curs2.execute("insert into stop (title, sub, close) values (?, ?, ?)", [data2['title'], data2['sub'], data2['close']])
 
 
 curs.execute("select * from rb")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into rb (block, end, today, blocker, why) values ('" + escape(data2['block']) + "', '" + escape(data2['end']) + "', '" + escape(data2['today']) + "', '" + escape(data2['blocker']) + "', '" + escape(data2['why']) + "')")
 
+    curs2.execute("insert into rb (block, end, today, blocker, why) values (?, ?, ?, ?, ?)", [data2['block'], data2['end'], data2['today'], data2['blocker'], data2['why']])
 
 
 curs.execute("select * from login")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into login (user, ip, today) values ('" + escape(data2['user']) + "', '" + escape(data2['ip']) + "', '" + escape(data2['today']) + "')")
 
+    curs2.execute("insert into login (user, ip, today) values (?, ?, ?)", [data2['user'], data2['ip'], data2['today']])
 
 
 curs.execute("select * from cat")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into cat (title, cat) values ('" + escape(data2['title']) + "', '" + escape(data2['cat']) + "')")
 
+    curs2.execute("insert into cat (title, cat) values (?, ?)", [data2['title'], data2['cat']])
 
 
 curs.execute("select * from back")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into back (title, link, type) values ('" + escape(data2['title']) + "', '" + escape(data2['link']) + "', '" + escape(data2['type']) + "')")
 
+    curs2.execute("insert into back (title, link, type) values (?, ?, ?)", [data2['title'], data2['link'], data2['type']])
 
 
 curs.execute("select * from hidhi")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into hidhi (title, re) values ('" + escape(data2['title']) + "', '" + escape(data2['re']) + "')")
 
+    curs2.execute("insert into hidhi (title, re) values (?, ?)", [data2['title'], data2['re']])
 
 
 curs.execute("select * from agreedis")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into agreedis (title, sub) values ('" + escape(data2['title']) + "', '" + escape(data2['sub']) + "')")
 
+    curs2.execute("insert into agreedis (title, sub) values (?, ?)", [data2['title'], data2['sub']])
 
 
 curs.execute("select * from custom")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into custom (user, css) values ('" + escape(data2['user']) + "', '" + escape(data2['css']) + "')")
 
+    curs2.execute("insert into custom (user, css) values (?, ?)", [data2['user'], data2['css']])
 
 
 curs.execute("select * from alist")
 
 data = curs.fetchall()
 
 for data2 in data:
 
-    curs2.execute("insert into alist (name, acl) values ('" + escape(data2['name']) + "', '" + escape(data2['acl']) + "')")
 
+    curs2.execute("insert into alist (name, acl) values (?, ?)", [data2['name'], data2['acl']])
 
 
 conn2.commit()

Some files were not shown because too many files changed in this diff