| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
| |
1. Our session cookies only need to be available to http, so
mark them appropiately.
2. Send the cookie to the subpath for mediagoblin.
And instantiate a session manager on the app, once.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The previous code was theoretically subject to timing attacks, where
an attacker could read the key in between the time it was saved to the
file and when the chmod happened. This version prevents that by using
umasks to ensure the files always have the right permissions.
This version also avoids using a key that cannot be saved due to some
system setup bug.
|
| |
|
|
|
|
| |
This makes session.__init__ slightly more complicated but probably
simplifies everything else, especially if we make the class smarter
later by having it track changes itself.
|
| | |
|
| |
|
|
| |
This is a contribution to #668.
|
| |
|
|
| |
Set mode 700 on the directory, mode 600 on the file.
|
| | |
|
| |
|
|
|
| |
Implement the basic infrastructure for using itsdangerous
in mediagoblin. Usage instructions will follow.
|
| |
|
|
|
|
|
|
| |
exif_fix_image_orientation
Thanks to dnet for catching this.
This commit sponsored by Chester Zeller. Thanks!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
transcode
- Update get_display_media in several ways:
- now uses the media type's own declaration of the order of things
- returns both the media_size and the media_path, as per the docstring
- implicitly uses self.media_files as opposed to forcing you to pass it in
- update videos to use get_display_media
- update images to declare media_fetch_order in the media manager (videos also)
- update stl to use media.media_files['original'] instead of weird
use of get_display_media
- update sidebar to only conditionally show webm_640
TODO still: identify video type information *during* processing, show
that in the <video><source /></video> element.
This commit sponsored by Nathan Yergler. Thanks, nyergler!
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| | |
* pythonsnake/537_version:
Added "version" before the version
Fix bug 537
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
If one deletes a media with attachments, there have been
various problems:
1) If the file in the storage did not exist any more (maybe
because due to a previous deletion attempt?), the error
propagation failed, because the wrong thing was
gathered.
2) The attachment database entries were not deleted.
Using cascade for this, for now.
Also add a simple unit test, that tests both by having a
broken attachment on a media.
|
| |
|
|
|
|
| |
Created and tested by Simon Fondrie-Teitler.
Thanks!
|
| | |
|
| | |
|
| |
|
|
| |
Tells how you *can* use it in templates if you really like.
|
| | |
|
| |
|
|
| |
method
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
- I'm having trouble seeing if the geolocation stuff actually works,
but plugins are included
- including a list of template hooks works, however the macro to
include them does not, so it's kinda verbose
|
| |
|
|
|
|
|
|
| |
- Added start of template hook code to pluginapi.py
- Started to break openstreetmap into plugin; moved templates
- Added plugin hooks in media and image media templates
... almost certainly, none of this works yet. :)
|
| |
|
|
|
|
|
|
| |
py3 does not have dict.has_key any more. You have to use
"key in dict" instead. As that works in python2 as well,
let's use that.
Also some small bits of pep8.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
We might want to use "id:IDN" as a special case slug to point to a media's
id.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We were case normalizing the email address for registration, but not at
all for the forgotten password retrieval. Make a
tools.mail.normalize_email helper that can be used to normalize the
email in the same way in all places.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous exif bump copied the newer version into
mediagoblin/tools/extlib/exif but not in extlib/exif. Fix this by
bumping extlib/exif and symlinking to tools/extlib/exif.
Do note that this is still the version fetched from http://sourceforge.net/projects/exif-py/
while the upstream maintainer seems to be active on:
https://github.com/ianare/exif-py
(The sf.net download is quite new though)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
| |
This was one of the last remaining Mongo holdouts and has been removed from
the tree herewith. Good bye, ObjectId.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
| |
It was a NoOp in our Non-mongo world. So it is safe to remove.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
|
| |
Since sqlalchemy is providing our database abstraction and we have
moved away from Mongo as the underlying database, it is now time to
simplify things and rip out mongo. This provides the bulk of the
changes, and can stand on its own. There are some followup tasks
that can be done, such as removing now unneeded abstraction layers,
e.g. db.sql.fake.py
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bump bundled EXIF lib to 1.0.10 as release in Sep 2012.
Also skip unused detailed EXIF tags for reading, we might turn that
on when we need them.
Adapt test to wording change in EXIF Flas field and due to the fact
that we use "details=False" by default now (we did not use these
anyway)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
MGRoute subclasses Rule():
Rule doesn't have a way to tag extra data, like the
controller function, we need. So MGRoute has a new
attribute .gmg_controller, which holds this.
Rewrite everything to use this new Rule variant and drop
all the other stuff that mapped endpoints to controller
functions, mostly.
|
| |
|
|
|
|
|
| |
This stops a cyclic import.
Move add_route, mount and endpoint_to_controller into
tools/routing.py and change all callers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After the webob->werkzeug transition, controller functions can raise
werkzeug.HttpExceptions. We need to catch these in app.py when calling
the controller and handle them, rendering the corresponding error Response()
object. For consistency, we also want to allow meddleware functions to
raise HttpExceptions (e.g. the csrf meddleware needs to complain about lack
of cookies), so wrap the request and response parts of the meddleware too.
Finally, the urlmap.match() can also raise HttpExceptions, so we give it the
same treatment (render_http_exception). I am not sure, if we do not need to
handle the Redirect exception there in any different way though...
The new function render_http_exception makes use of the render_error infrastructure
to return a nicely templated error page. It also checks if the stock error
messages was used in cases where we have localizations (403, 404) and use those.
It is now possible to do things like "raise Forbidden(_('You suckr'))" or
raise NotFound(_('where is my left show again')) if you want to return
customized error messages to the user.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
|
|
| |
sqlalchemy supports slice() or [n:m] just fine.
Right now, it seems we cannot distinguish beween "empty" results
and out-of bound slices. It would be nice if we could distinguish
these somehow.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
|
|
| |
We were still using webob's Response objects for template rendering.
Transition to werkzeug's Response object. One caveat was that it
seemed to have used the default mimetype "text/plain" for all pages,
so we override the default Response class, setting the default mime
type to "text/html".
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
