## Some handy regular expressions.
R_URLESC = RX.compile('%([0-9a-fA-F]{2})')
R_URLBAD = RX.compile('[^-\\w,.!]')
-R_HTMLBAD = RX.compile('[&<>]')
+R_HTMLBAD = RX.compile('[&<>\'"]')
def urldecode(s):
"""Decode a single form-url-encoded string S."""
## Some standard character sequences, and HTML entity names for prettier
## versions.
-_quotify = U.StringSubst({
+html_quotify = U.StringSubst({
+ "<": '<',
+ ">": '>',
+ "&": '&',
"`": '‘',
"'": '’',
+ '"': '"',
"``": '“',
"''": '”',
"--": '–',
"---": '—'
})
-def html_quotify(s):
- """Return a pretty HTML version of S."""
- return _quotify(htmlescape(s))
###--------------------------------------------------------------------------
### Output machinery.
T.gmtime(U.NOW + maxage))
return '; '.join(['%s=%s' % (urlencode(name), urlencode(value))] +
[v is not True and '%s=%s' % (k, v) or k
- for k, v in attr.iteritems()])
+ for k, v in attr.iteritems() if v])
def action(*v, **kw):
"""
package = PACKAGE,
version = VERSION,
script = CFG.SCRIPT_NAME,
- static = CFG.STATIC)
+ static = CFG.STATIC,
+ allowop = CFG.ALLOWOP)
class TemplateFinder (object):
"""
"""
~H: escape output suitable for inclusion in HTML.
- With `:', instead apply form-urlencoding.
+ With `:', additionally apply quotification.
"""
def _convert(me, arg):
if me.colonp: return html_quotify(arg)
PARAM = []
PARAMDICT = {}
PATH = []
+SSLP = False
## Regular expressions for splitting apart query and cookie strings.
R_QSPLIT = RX.compile('[;&]')
`PATH'
The trailing `PATH_INFO' path, split at `/' markers, with any
trailing empty component removed.
+
+ `SSLP'
+ True if the client connection is carried over SSL or TLS.
"""
+ global SSLP
+
def getenv(var):
try: return ENV[var]
except KeyError: raise U.ExpectedError, (500, "No `%s' supplied" % var)
if pp and not pp[-1]: pp.pop()
PATH[:] = pp
+ ## Check the crypto for the connection.
+ if ENV.get('SSL_PROTOCOL'):
+ SSLP = True
+
###--------------------------------------------------------------------------
### CGI subcommands.
~mdw / chopwood / blobdiff