From 7b22daa7847304dc220964694d550402c52ff27a Mon Sep 17 00:00:00 2001 From: Jacques Distler Date: Sun, 28 Feb 2010 23:51:33 -0600 Subject: [PATCH 1/4] Fix Revision 601 With tests, this time. --- app/views/layouts/error.html.erb | 6 +++++- test/functional/wiki_controller_test.rb | 5 +++++ vendor/plugins/dnsbl_check/lib/dnsbl_check.rb | 6 +++--- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/app/views/layouts/error.html.erb b/app/views/layouts/error.html.erb index cbdd1596..5c03dfce 100644 --- a/app/views/layouts/error.html.erb +++ b/app/views/layouts/error.html.erb @@ -31,7 +31,11 @@
-<%= h @content_for_layout %> +<%= if :raw + @content_for_layout + else + h @content_for_layout + end %>
diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb index ebd1166d..c63d4019 100644 --- a/test/functional/wiki_controller_test.rb +++ b/test/functional/wiki_controller_test.rb @@ -765,6 +765,11 @@ class WikiControllerTest < ActionController::TestCase 'author' => 'AuthorOfNewPage' assert_equal 403, r.response_code + resp = %{

Access denied. Your IP address, 127.0.0.2, was found on one or more DNSBL blocking } + + %{list(s).

\n

See here for more information.

\n

See here for more information.

\n} + assert_match Regexp.new(Regexp.escape(resp)), r.body end def test_dnsbl_filter_allow_action diff --git a/vendor/plugins/dnsbl_check/lib/dnsbl_check.rb b/vendor/plugins/dnsbl_check/lib/dnsbl_check.rb index a3bd44d1..c1ab3b06 100644 --- a/vendor/plugins/dnsbl_check/lib/dnsbl_check.rb +++ b/vendor/plugins/dnsbl_check/lib/dnsbl_check.rb @@ -45,7 +45,7 @@ module DNSBL_Check addr = Resolv.getaddress("#{host}") rescue '' if addr[0,7]=="127.0.0" logger.info("#{request.remote_addr} found using DNSBL #{host}") - ban_help << " See here for more information." + ban_help << "\n

See here for more information.

" passed = false end end @@ -58,8 +58,8 @@ module DNSBL_Check $dnsbl_passed.push request.remote_addr logger.warn("#{request.remote_addr} added to DNSBL passed cache") else - render( :text => "Access denied. Your IP address, #{request.remote_addr}, was found on one or more DNSBL" + - " blocking list(s).#{ban_help}", :status => 403, :layout => 'error') + render( :text => "

Access denied. Your IP address, #{request.remote_addr}, was found on one or more DNSBL" + + " blocking list(s).

#{ban_help}", :status => 403, :layout => 'error', :locals => {:raw => true}) return false end end From a6bceb2a8e55a4720e4a825a75c159220bd7f4f2 Mon Sep 17 00:00:00 2001 From: Jacques Distler Date: Mon, 1 Mar 2010 12:27:04 -0600 Subject: [PATCH 2/4] Ensure that itex endpoint returns well-formed XML Since itex's \begin{svg}...\end{svg} syntax allows the client to pass arbitrary junk through the document, we need to check that the result is well-formed. Use a pluggable XML parser: nokogiri, if installed, REXML otherwise. --- app/metal/itex.rb | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/app/metal/itex.rb b/app/metal/itex.rb index b63c027a..075e3656 100644 --- a/app/metal/itex.rb +++ b/app/metal/itex.rb @@ -13,7 +13,20 @@ class Itex end private - + + # plugable XML parser; falls back to REXML + begin + require 'nokogiri' + def self.xmlparse(text) + Nokogiri::XML(text) { |config| config.options = Nokogiri::XML::ParseOptions::STRICT } + end + rescue LoadError + require 'rexml/document' + def self.xmlparse(text) + REXML::Document.new(text) + end + end + def self.response(env) @params = Rack::Request.new(env).params tex = (@params['tex'] || '').purify @@ -30,7 +43,14 @@ class Itex begin require 'itextomml' @itex2mml_parser ||= Itex2MML::Parser.new - @itex2mml_parser.send(filter, tex).to_utf8 + doc = @itex2mml_parser.send(filter, tex).to_utf8 + # make sure the result is well-formed, before sending it off + begin + xmlparse(doc) + rescue + return estart +"Ill-formed XML." + eend + end + return doc rescue LoadError estart + "Please install the itex2MML Ruby bindings." + eend rescue Itex2MML::Error => e From e07960a897859b3b82cc71dbe99a9d451c150eb1 Mon Sep 17 00:00:00 2001 From: Jacques Distler Date: Mon, 1 Mar 2010 21:10:13 -0600 Subject: [PATCH 3/4] Efficiency improvements to itex endpoint Benchmarks at up to twice as fast. --- app/metal/itex.rb | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/app/metal/itex.rb b/app/metal/itex.rb index 075e3656..900ef0cd 100644 --- a/app/metal/itex.rb +++ b/app/metal/itex.rb @@ -14,6 +14,9 @@ class Itex private + ESTART = "" + EEND = "" + # plugable XML parser; falls back to REXML begin require 'nokogiri' @@ -26,37 +29,43 @@ class Itex REXML::Document.new(text) end end + + # itex2MML parser + begin + require 'itextomml' + def self.parse_itex(tex, filter) + Itex2MML::Parser.new.send(filter, tex).to_utf8 + end + rescue LoadError + def self.parse_itex(tex, filter) + ESTART + "Please install the itex2MML Ruby bindings." + EEND + end + end def self.response(env) - @params = Rack::Request.new(env).params - tex = (@params['tex'] || '').purify - case @params['display'] + params = Rack::Request.new(env).params + tex = (params['tex'] || '').purify.strip + case params['display'] when 'block' filter = :block_filter else filter = :inline_filter end return "" if tex.strip == '' - estart = "" - eend = "" + filter.to_s[/(.*?)_filter/] + "'/>" if tex == '' begin - require 'itextomml' - @itex2mml_parser ||= Itex2MML::Parser.new - doc = @itex2mml_parser.send(filter, tex).to_utf8 + doc = parse_itex(tex, filter) # make sure the result is well-formed, before sending it off begin xmlparse(doc) rescue - return estart +"Ill-formed XML." + eend + return ESTART +"Ill-formed XML." + EEND end return doc - rescue LoadError - estart + "Please install the itex2MML Ruby bindings." + eend rescue Itex2MML::Error => e - estart + e.to_s + eend + ESTART + e.to_s + EEND rescue - estart + "Unknown Error" + eend + ESTART + "Unknown Error" + EEND end end end From 932c42c24a76d04ead16df57d6a4491d514f470a Mon Sep 17 00:00:00 2001 From: Jacques Distler Date: Tue, 2 Mar 2010 13:59:50 -0600 Subject: [PATCH 4/4] More itex Metal Refactoring --- app/metal/itex.rb | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/app/metal/itex.rb b/app/metal/itex.rb index 900ef0cd..63e300bb 100644 --- a/app/metal/itex.rb +++ b/app/metal/itex.rb @@ -14,9 +14,6 @@ class Itex private - ESTART = "" - EEND = "" - # plugable XML parser; falls back to REXML begin require 'nokogiri' @@ -30,6 +27,12 @@ class Itex end end + #error message to return + def self.error(str) + "" + + str + "" + end + # itex2MML parser begin require 'itextomml' @@ -38,10 +41,11 @@ class Itex end rescue LoadError def self.parse_itex(tex, filter) - ESTART + "Please install the itex2MML Ruby bindings." + EEND + error("Please install the itex2MML Ruby bindings.") end end - + + # the actual response def self.response(env) params = Rack::Request.new(env).params tex = (params['tex'] || '').purify.strip @@ -59,13 +63,13 @@ class Itex begin xmlparse(doc) rescue - return ESTART +"Ill-formed XML." + EEND + return error("Ill-formed XML.") end return doc rescue Itex2MML::Error => e - ESTART + e.to_s + EEND + error(e.to_s) rescue - ESTART + "Unknown Error" + EEND + error("Unknown Error") end end end