Annikka/evennia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Escape, correct unicode/byte conversion in AJAX client

Browse source
This commit is contained in:
Griatch 2019-06-09 14:41:30 +02:00
parent 4bcadc96a0
commit 5999dc1c3c
1 changed files with 17 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

31
evennia/server/portal/webclient_ajax.py
View file

@ -19,7 +19,7 @@ http://localhost:4001/webclient.)
import json import json
import re import re
import time import time
import cgi import html
from twisted.web import server, resource from twisted.web import server, resource
from twisted.internet.task import LoopingCall from twisted.internet.task import LoopingCall
@ -27,6 +27,7 @@ from django.utils.functional import Promise
from django.conf import settings from django.conf import settings
from evennia.utils.ansi import parse_ansi from evennia.utils.ansi import parse_ansi
from evennia.utils import utils from evennia.utils import utils
from evennia.utils.utils import to_bytes, to_str
from evennia.utils.text2html import parse_html from evennia.utils.text2html import parse_html
from evennia.server import session from evennia.server import session
@ -49,7 +50,7 @@ class LazyEncoder(json.JSONEncoder):
def jsonify(obj): def jsonify(obj):
return utils.to_str(json.dumps(obj, ensure_ascii=False, cls=LazyEncoder)) return to_bytes(json.dumps(obj, ensure_ascii=False, cls=LazyEncoder))
# #
@ -158,10 +159,12 @@ class AjaxWebClient(resource.Resource):
request (Request): Incoming request. request (Request): Incoming request.
""" """
csessid = cgi.escape(request.args['csessid'][0]) csessid = html.escape(request.args[b'csessid'][0].decode("utf-8"))
remote_addr = request.getClientIP() remote_addr = request.getClientIP()
host_string = "%s (%s:%s)" % (_SERVERNAME, request.getRequestHostname(), request.getHost().port) host_string = "%s (%s:%s)" % (_SERVERNAME,
request.getRequestHostname(),
request.getHost().port)
sess = AjaxWebClientSession() sess = AjaxWebClientSession()
sess.client = self sess.client = self
@ -190,9 +193,9 @@ class AjaxWebClient(resource.Resource):
This is called by render_POST when the This is called by render_POST when the
client is replying to the keepalive. client is replying to the keepalive.
""" """
csessid = cgi.escape(request.args['csessid'][0]) csessid = html.escape(request.args[b'csessid'][0].decode("utf-8"))
self.last_alive[csessid] = (time.time(), False) self.last_alive[csessid] = (time.time(), False)
return '""' return b'""'
def mode_input(self, request): def mode_input(self, request):
""" """
@ -203,14 +206,14 @@ class AjaxWebClient(resource.Resource):
request (Request): Incoming request. request (Request): Incoming request.
""" """
csessid = cgi.escape(request.args['csessid'][0]) csessid = html.escape(request.args[b'csessid'][0].decode("utf-8"))
self.last_alive[csessid] = (time.time(), False) self.last_alive[csessid] = (time.time(), False)
sess = self.sessionhandler.sessions_from_csessid(csessid) sess = self.sessionhandler.sessions_from_csessid(csessid)
if sess: if sess:
sess = sess[0] sess = sess[0]
cmdarray = json.loads(cgi.escape(request.args.get('data')[0])) cmdarray = json.loads(request.args.get(b'data')[0])
sess.sessionhandler.data_in(sess, **{cmdarray[0]: [cmdarray[1], cmdarray[2]]}) sess.sessionhandler.data_in(sess, **{cmdarray[0]: [cmdarray[1], cmdarray[2]]})
return '""' return b'""'
def mode_receive(self, request): def mode_receive(self, request):
""" """
@ -223,7 +226,7 @@ class AjaxWebClient(resource.Resource):
request (Request): Incoming request. request (Request): Incoming request.
""" """
csessid = cgi.escape(request.args['csessid'][0]) csessid = html.escape(request.args[b'csessid'][0].decode("utf-8"))
self.last_alive[csessid] = (time.time(), False) self.last_alive[csessid] = (time.time(), False)
dataentries = self.databuffer.get(csessid, []) dataentries = self.databuffer.get(csessid, [])
@ -244,13 +247,13 @@ class AjaxWebClient(resource.Resource):
request (Request): Incoming request. request (Request): Incoming request.
""" """
csessid = cgi.escape(request.args['csessid'][0]) csessid = html.escape(request.args[b'csessid'][0].decode("utf-8"))
try: try:
sess = self.sessionhandler.sessions_from_csessid(csessid)[0] sess = self.sessionhandler.sessions_from_csessid(csessid)[0]
sess.sessionhandler.disconnect(sess) sess.sessionhandler.disconnect(sess)
except IndexError: except IndexError:
self.client_disconnect(csessid) self.client_disconnect(csessid)
return '""' return b'""'
def render_POST(self, request): def render_POST(self, request):
""" """
@ -265,7 +268,7 @@ class AjaxWebClient(resource.Resource):
request (Request): Incoming request. request (Request): Incoming request.
""" """
dmode = request.args.get('mode', [None])[0] dmode = request.args.get(b'mode', [b'None'])[0].decode("utf-8")
if dmode == 'init': if dmode == 'init':
# startup. Setup the server. # startup. Setup the server.
@ -284,7 +287,7 @@ class AjaxWebClient(resource.Resource):
return self.mode_keepalive(request) return self.mode_keepalive(request)
else: else:
# This should not happen if client sends valid data. # This should not happen if client sends valid data.
return '""' return b'""'
# #