From 748d511280ab36fecf6c1240dba53017942d4acd Mon Sep 17 00:00:00 2001
From: Bruno Nocera Zanette <brunonzanette@gmail.com>
Date: Fri, 13 Sep 2013 14:58:18 -0300
Subject: [PATCH] Fix Bad Chars on Text (1st Functional Release)
Fixed the problem of invalid chars in text, like', '\'. These chars crash the parser because the parser identifies them as the end of the tag, and then gets confused with the rest of the text.
The solution was to include a '\' in front of these chars on the small tags, like names and titles, and codify the whole text when it is too big, like descriptions and messages. This process makes the text unreadable for humans, but it doesnt loose any information when it is decoded.
Signed-off-by: Bruno Nocera Zanette <brunonzanette@gmail.com>
---
lib/json/group_section.py | 116 ++++++++++++++++++----------
lib/json/user_section.py | 42 +++++-----
lib/json/write_support_functions.py | 23 ++++--
3 files changed, 113 insertions(+), 68 deletions(-)
diff --git a/lib/json/group_section.py b/lib/json/group_section.py
index 155b903..855170c 100644
--- a/lib/json/group_section.py
+++ b/lib/json/group_section.py
@@ -51,8 +51,11 @@ def write_groupmembers_subsection (db, xml, group_guid):
prefix='profile/'
user_attr=wrt.urlparticipa(prefix,user_username)
- wrt.write_tag(xml,4,"uid",user_attr,",")
- wrt.write_tag(xml,4,"usuario",user_name,"")
+
+ wrt.write_open_tag(xml,4,"usuario","{")
+ wrt.write_tag(xml,5,"uid",user_attr,",")
+ wrt.write_tag(xml,5,"nome",wrt.substbadc(user_name),"")
+ wrt.write_close_tag(xml,4,"}",False)
wrt.write_close_tag(xml,3,"}",(row < group_members.rowcount))
@@ -71,7 +74,7 @@ def write_groupfiles_subsection (db, xml, group_guid):
# 50 = select * from elgg_metastrings where string='file_enable';
perm=wrt.postcontent_permission(db, group_guid, 50)
- wrt.write_tag(xml,2,"habilitado",wrt.permstr(perm),",")
+ wrt.write_tag(xml,2,"habilitado",perm,",")
wrt.write_open_tag(xml,2,"arquivos","[")
row=0
@@ -93,12 +96,15 @@ def write_groupfiles_subsection (db, xml, group_guid):
prefix='profile/'
owner_attr=wrt.urlparticipa(prefix,owner_username)
- wrt.write_tag(xml,4,"uid",owner_attr,",")
- wrt.write_tag(xml,4,"autor",owner_name,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_open_tag(xml,4,"autor","{")
+ wrt.write_tag(xml,5,"uid",owner_attr,",")
+ wrt.write_tag(xml,5,"nome",wrt.substbadc(owner_name),"")
+ wrt.write_close_tag(xml,4,"}",True)
+
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
wrt.write_tag(xml,4,"link",file_link,",")
- wrt.write_tag(xml,4,"descricao",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"descricao",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -119,7 +125,7 @@ def write_groupforumtopics_subsection (db, xml, group_guid):
# 52 = select * from elgg_metastrings where string='forum_enable';
perm=wrt.postcontent_permission(db, group_guid, 52)
- wrt.write_tag(xml,2,"habilitado",wrt.permstr(perm),",")
+ wrt.write_tag(xml,2,"habilitado",perm,",")
wrt.write_open_tag(xml,2,"debates","[")
row=0
@@ -138,11 +144,14 @@ def write_groupforumtopics_subsection (db, xml, group_guid):
prefix='profile/'
owner_attr=wrt.urlparticipa(prefix,owner_username)
- wrt.write_tag(xml,4,"uid",owner_attr,",")
- wrt.write_tag(xml,4,"autor",owner_name,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_open_tag(xml,4,"autor","{")
+ wrt.write_tag(xml,5,"uid",owner_attr,",")
+ wrt.write_tag(xml,5,"nome",wrt.substbadc(owner_name),"")
+ wrt.write_close_tag(xml,4,"}",True)
+
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
- wrt.write_tag(xml,4,"texto",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"texto",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -163,7 +172,7 @@ def write_groupbookmarks_subsection (db, xml, group_guid):
# 49 = select * from elgg_metastrings where string='bookmarks_enable';
perm=wrt.postcontent_permission(db, group_guid, 49)
- wrt.write_tag(xml,2,"habilitado",wrt.permstr(perm),",")
+ wrt.write_tag(xml,2,"habilitado",perm,",")
wrt.write_open_tag(xml,2,"favoritos","[")
row=0
@@ -185,12 +194,15 @@ def write_groupbookmarks_subsection (db, xml, group_guid):
prefix='profile/'
owner_attr=wrt.urlparticipa(prefix,owner_username)
- wrt.write_tag(xml,4,"uid",owner_attr,",")
- wrt.write_tag(xml,4,"autor",owner_name,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_open_tag(xml,4,"autor","{")
+ wrt.write_tag(xml,5,"uid",owner_attr,",")
+ wrt.write_tag(xml,5,"nome",wrt.substbadc(owner_name),"")
+ wrt.write_close_tag(xml,4,"}",True)
+
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
wrt.write_tag(xml,4,"link",bookmark_link,",")
- wrt.write_tag(xml,4,"descricao",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"descricao",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -211,7 +223,7 @@ def write_grouppages_subsection (db, xml, group_guid):
# 53 = select * from elgg_metastrings where string='pages_enable';
perm=wrt.postcontent_permission(db, group_guid, 53)
- wrt.write_tag(xml,2,"habilitado",wrt.permstr(perm),",")
+ wrt.write_tag(xml,2,"habilitado",perm,",")
wrt.write_open_tag(xml,2,"paginas","[")
row=0
@@ -230,11 +242,14 @@ def write_grouppages_subsection (db, xml, group_guid):
prefix='profile/'
owner_attr=wrt.urlparticipa(prefix,owner_username)
- wrt.write_tag(xml,4,"uid",owner_attr,",")
- wrt.write_tag(xml,4,"autor",owner_name,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_open_tag(xml,4,"autor","{")
+ wrt.write_tag(xml,5,"uid",owner_attr,",")
+ wrt.write_tag(xml,5,"nome",wrt.substbadc(owner_name),"")
+ wrt.write_close_tag(xml,4,"}",True)
+
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
- wrt.write_tag(xml,4,"texto",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"texto",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -255,7 +270,7 @@ def write_groupvideos_subsection (db, xml, group_guid):
# 399 = select * from elgg_metastrings where string='videos_enable';
perm=wrt.postcontent_permission(db, group_guid, 399)
- wrt.write_tag(xml,2,"habilitado",wrt.permstr(perm),",")
+ wrt.write_tag(xml,2,"habilitado",perm,",")
wrt.write_open_tag(xml,2,"videos","[")
row=0
@@ -277,12 +292,15 @@ def write_groupvideos_subsection (db, xml, group_guid):
prefix='profile/'
owner_attr=wrt.urlparticipa(prefix,owner_username)
- wrt.write_tag(xml,4,"uid",owner_attr,",")
- wrt.write_tag(xml,4,"autor",owner_name,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_open_tag(xml,4,"autor","{")
+ wrt.write_tag(xml,5,"uid",owner_attr,",")
+ wrt.write_tag(xml,5,"nome",wrt.substbadc(owner_name),"")
+ wrt.write_close_tag(xml,4,"}",True)
+
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
wrt.write_tag(xml,4,"link",video_link,",")
- wrt.write_tag(xml,4,"descricao",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"descricao",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -303,7 +321,7 @@ def write_groupevents_subsection (db, xml, group_guid):
# 54 = select * from elgg_metastrings where string='event_calendar_enable';
perm=wrt.postcontent_permission(db, group_guid, 54)
- wrt.write_tag(xml,2,"habilitado",wrt.permstr(perm),",")
+ wrt.write_tag(xml,2,"habilitado",perm,",")
wrt.write_open_tag(xml,2,"eventos","[")
row=0
@@ -340,17 +358,20 @@ def write_groupevents_subsection (db, xml, group_guid):
prefix='profile/'
owner_attr=wrt.urlparticipa(prefix,owner_username)
- wrt.write_tag(xml,4,"uid",owner_attr,",")
- wrt.write_tag(xml,4,"autor",owner_name,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_open_tag(xml,4,"autor","{")
+ wrt.write_tag(xml,5,"uid",owner_attr,",")
+ wrt.write_tag(xml,5,"nome",wrt.substbadc(owner_name),"")
+ wrt.write_close_tag(xml,4,"}",True)
+
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
- wrt.write_tag(xml,4,"organizador",organizer,",")
- wrt.write_tag(xml,4,"contato",contact,",")
- wrt.write_tag(xml,4,"endereco",venue,",")
+ wrt.write_tag(xml,4,"organizador",wrt.substbadc(organizer),",")
+ wrt.write_tag(xml,4,"contato",wrt.substbadc(contact),",")
+ wrt.write_tag(xml,4,"endereco",wrt.substbadc(venue),",")
wrt.write_tag(xml,4,"data_inicio",wrt.datestr(time_start),",")
wrt.write_tag(xml,4,"data_fim",wrt.datestr(time_end),",")
- wrt.write_tag(xml,4,"taxa_participacao",fees,",")
- wrt.write_tag(xml,4,"descricao",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"taxa_participacao",wrt.substbadc(fees),",")
+ wrt.write_tag(xml,4,"descricao",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -376,6 +397,8 @@ def write_groups_section(db, xml_file):
for (guid, title, desc, owner_id, owner_name, owner_username, time)\
in groups_info:
+ row=row+1
+
# 45 = select * from elgg_metastrings where string='briefdescription';
brief_desc=wrt.post_content(db,guid, 45)
@@ -389,13 +412,22 @@ def write_groups_section(db, xml_file):
prefix='profile/'
owner_attr=wrt.urlparticipa(prefix,owner_username)
- wrt.write_tag(xml,2,"uid",owner_attr,",")
- wrt.write_tag(xml,2,"proprietario",owner_name,",")
- wrt.write_tag(xml,2,"titulo",title,",")
+ wrt.write_open_tag(xml,2,"proprietario","{")
+ wrt.write_tag(xml,3,"uid",owner_attr,",")
+ wrt.write_tag(xml,3,"nome",wrt.substbadc(owner_name),"")
+ wrt.write_close_tag(xml,2,"}",True)
+
+ wrt.write_tag(xml,2,"titulo",wrt.substbadc(title),",")
wrt.write_tag(xml,2,"data",wrt.datestr(time),",")
- wrt.write_tag(xml,2,"descricao",wrt.replacebadchars(desc),",")
- wrt.write_tag(xml,2,"breve_descricao",wrt.replacebadchars(brief_desc),",")
-
+ wrt.write_tag(xml,2,"descricao",wrt.encb64(desc),",")
+
+ if wrt.groupaccess_permission(db, guid) == 'public':
+ comma=","
+ else:
+ comma=""
+
+ wrt.write_tag(xml,2,"breve_descricao",wrt.encb64(brief_desc),comma)
+
if wrt.groupaccess_permission(db, guid) == 'public':
# Write a list of group member's name
diff --git a/lib/json/user_section.py b/lib/json/user_section.py
index 93cff66..febee14 100644
--- a/lib/json/user_section.py
+++ b/lib/json/user_section.py
@@ -50,7 +50,7 @@ def write_userfriends_subsection (db, xml, user_guid):
friend_attr=wrt.urlparticipa(prefix,friend_username)
wrt.write_tag(xml,4,"uid",friend_attr,",")
- wrt.write_tag(xml,4,"usuario",friend_name,"")
+ wrt.write_tag(xml,4,"usuario",wrt.substbadc(friend_name),"")
wrt.write_close_tag(xml,3,"}",(row < friends_info.rowcount))
@@ -78,7 +78,7 @@ def write_userowngroup_subsection (db, xml, user_guid):
group_attr=wrt.urlparticipa(prefix,str(group_id))
wrt.write_tag(xml,5,"cid",group_attr,",")
- wrt.write_tag(xml,5,"titulo",group_title,"")
+ wrt.write_tag(xml,5,"titulo",wrt.substbadc(group_title),"")
wrt.write_close_tag(xml,4,"}",(row < user_owngroups.rowcount))
@@ -106,7 +106,7 @@ def write_usermembergroup_subsection (db, xml, user_guid):
group_attr=wrt.urlparticipa(prefix,str(group_id))
wrt.write_tag(xml,5,"cid",group_attr,",")
- wrt.write_tag(xml,5,"titulo",group_title,"")
+ wrt.write_tag(xml,5,"titulo",wrt.substbadc(group_title),"")
wrt.write_close_tag(xml,4,"}",(row < user_membergroups.rowcount))
@@ -147,10 +147,10 @@ def write_userfiles_subsection (db, xml, user_guid):
wrt.write_open_tag(xml,3,"","{")
wrt.write_tag(xml,4,"pid",post_attr,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
wrt.write_tag(xml,4,"link",file_link,",")
- wrt.write_tag(xml,4,"descricao",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"descricao",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -186,10 +186,10 @@ def write_userblogs_subsection (db, xml, user_guid):
wrt.write_open_tag(xml,3,"","{")
wrt.write_tag(xml,4,"pid",post_attr,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
- wrt.write_tag(xml,4,"resumo",wrt.replacebadchars(post_excerpt),",")
- wrt.write_tag(xml,4,"texto",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"resumo",wrt.encb64(post_excerpt),",")
+ wrt.write_tag(xml,4,"texto",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -223,10 +223,10 @@ def write_userbookmarks_subsection (db, xml, user_guid):
wrt.write_open_tag(xml,3,"","{")
wrt.write_tag(xml,4,"pid",post_attr,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
wrt.write_tag(xml,4,"link",bookmark_link,",")
- wrt.write_tag(xml,4,"descricao",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"descricao",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -258,9 +258,9 @@ def write_userpages_subsection (db, xml, user_guid):
wrt.write_open_tag(xml,3,"","{")
wrt.write_tag(xml,4,"pid",post_attr,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
- wrt.write_tag(xml,4,"texto",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"texto",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -295,10 +295,10 @@ def write_uservideos_subsection (db, xml, user_guid):
wrt.write_open_tag(xml,3,"","{")
wrt.write_tag(xml,4,"pid",post_attr,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
wrt.write_tag(xml,4,"link",video_link,",")
- wrt.write_tag(xml,4,"descricao",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"descricao",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -349,15 +349,15 @@ def write_userevents_subsection (db, xml, user_guid):
wrt.write_open_tag(xml,3,"","{")
wrt.write_tag(xml,4,"pid",post_attr,",")
- wrt.write_tag(xml,4,"titulo",post_title,",")
+ wrt.write_tag(xml,4,"titulo",wrt.substbadc(post_title),",")
wrt.write_tag(xml,4,"data",wrt.datestr(time),",")
- wrt.write_tag(xml,4,"organizador",organizer,",")
- wrt.write_tag(xml,4,"contato",contact,",")
- wrt.write_tag(xml,4,"endereco",venue,",")
+ wrt.write_tag(xml,4,"organizador",wrt.substbadc(organizer),",")
+ wrt.write_tag(xml,4,"contato",wrt.substbadc(contact),",")
+ wrt.write_tag(xml,4,"endereco",wrt.substbadc(venue),",")
wrt.write_tag(xml,4,"data_inicio",wrt.datestr(time_start),",")
wrt.write_tag(xml,4,"data_fim",wrt.datestr(time_end),",")
- wrt.write_tag(xml,4,"taxa_participacao",fees,",")
- wrt.write_tag(xml,4,"descricao",wrt.replacebadchars(post_desc),",")
+ wrt.write_tag(xml,4,"taxa_participacao",wrt.substbadc(fees),",")
+ wrt.write_tag(xml,4,"descricao",wrt.encb64(post_desc),",")
wrt.write_comments(db,xml,post_guid)
@@ -392,7 +392,7 @@ def write_users_section (db, xml_file):
# Write all user's information
wrt.write_tag(xml,2,"uid",user_attr,",")
- wrt.write_tag(xml,2,"nome",name,",")
+ wrt.write_tag(xml,2,"nome",wrt.substbadc(name),",")
# Write a list of user friend's names
write_userfriends_subsection(db, xml, guid)
diff --git a/lib/json/write_support_functions.py b/lib/json/write_support_functions.py
index 9e5cb3f..1806b30 100644
--- a/lib/json/write_support_functions.py
+++ b/lib/json/write_support_functions.py
@@ -24,6 +24,7 @@
import MySQLdb
import codecs
import datetime
+import base64
import queries_definition as qry
@@ -51,8 +52,17 @@ def lvl (l):
#--------------------------------------------------------------------#
#--------------------------------------------------------------------#
-def replacebadchars (string):
- return "xyz"
+def substbadc (string):
+ string = string.replace('\\','\\\\')
+ string = string.replace('"','\\"')
+ string = string.replace('\t',' ')
+ return string
+#--------------------------------------------------------------------#
+
+#--------------------------------------------------------------------#
+def encb64 (string):
+ encoded_string = base64.standard_b64encode(string.encode('utf-8'))
+ return encoded_string
#--------------------------------------------------------------------#
#--------------------------------------------------------------------#
@@ -204,11 +214,14 @@ def write_comments (db, xml, post_guid):
prefix='profile/'
user_attr=urlparticipa(prefix,user_username)
+
+ write_open_tag(xml,6,"usuario","{")
+ write_tag(xml,7,"uid",user_attr,",")
+ write_tag(xml,7,"nome",substbadc(user_name),"")
+ write_close_tag(xml,6,"}",True)
- write_tag(xml,6,"uid",user_attr,",")
- write_tag(xml,6,"usuario",user_name,",")
write_tag(xml,6,"data",datestr(time),",")
- write_tag(xml,6,"mensagem",replacebadchars(string),"")
+ write_tag(xml,6,"mensagem",encb64(string),"")
write_close_tag(xml,5,"}",(row < post_comments.rowcount))
--
GitLab