particle-os/debian-koji
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Escape html values

Browse source 
Fixes: https://pagure.io/koji/issue/3155
This commit is contained in:
Jana Cupova 2021-12-09 07:06:54 +01:00 committed by Tomas Kopecek
parent 987946478e
commit c83d4598de
42 changed files with 229 additions and 232 deletions
Download patch file Download diff file Expand all files Collapse all files

8
www/kojiweb/archiveinfo.chtml
View file

@ -6,7 +6,7 @@
#attr _PASSTHROUGH = ['archiveID', 'fileOrder', 'fileStart', 'buildrootOrder', 'buildrootStart']
#include "includes/header.chtml"
<h4>Information for archive <a href="archiveinfo?archiveID=$archive.id">$archive.filename</a></h4>
<h4>Information for archive <a href="archiveinfo?archiveID=$archive.id">$util.escapeHTML($archive.filename)</a></h4>
<table>
<tr>
@ -16,7 +16,7 @@
#if $wininfo
<th>File Name</th><td>$koji.pathinfo.winfile($archive)</td>
#else
<th>File Name</th><td>$archive.filename</td>
<th>File Name</th><td>$util.escapeHTML($archive.filename)</td>
#end if
</tr>
#if $archive.metadata_only
@ -25,7 +25,7 @@
</tr>
#end if
<tr>
<th>File Type</th><td>$archive_type.description</td>
<th>File Type</th><td>$util.escapeHTML($archive_type.description)</td>
</tr>
<tr>
<th>Build</th><td><a href="buildinfo?buildID=$build.id">$koji.buildLabel($build)</a></td>
@ -97,7 +97,7 @@
</tr>
#for $file in $files
<tr class="$util.rowToggle($self)">
<td><a href="fileinfo?archiveID=$archive.id&filename=$quote($file.name)">$file.name</a></td><td><span title="$util.formatThousands($file.size)">$util.formatNatural($file.size)</span></td>
<td><a href="fileinfo?archiveID=$archive.id&filename=$quote($file.name)">$util.escapeHTML($file.name)</a></td><td><span title="$util.formatThousands($file.size)">$util.formatNatural($file.size)</span></td>
</tr>
#end for
</table>

6
www/kojiweb/archivelist.chtml
View file

@ -13,7 +13,7 @@ buildrootID=$buildroot.id #slurp
#if $type == 'component'
<h4>Component Archives of buildroot <a href="buildrootinfo?buildrootID=$buildroot.id">$util.brLabel($buildroot)</a></h4>
#elif $type == 'image'
<h4>Archives installed in <a href="archiveinfo?archiveID=$image.id">$image.filename</a></h4>
<h4>Archives installed in <a href="archiveinfo?archiveID=$image.id">$util.escapeHTML($image.filename)</a></h4>
#else
<h4>Archives built in buildroot <a href="buildrootinfo?buildrootID=$buildroot.id">$util.brLabel($buildroot)</a></h4>
#end if
@ -52,8 +52,8 @@ buildrootID=$buildroot.id #slurp
#if $len($archives) > 0
#for $archive in $archives
<tr class="$util.rowToggle($self)">
<td><a href="archiveinfo?archiveID=$archive.id">$archive.filename</a></td>
<td>$archive.type_name</td>
<td><a href="archiveinfo?archiveID=$archive.id">$util.escapeHTML($archive.filename)</a></td>
<td>$util.escapeHTML($archive.type_name)</td>
#if $type == 'component'
#set $project = $archive.project and 'yes' or 'no'
<td class="$project">$util.imageTag($project)</td>

12
www/kojiweb/buildinfo.chtml
View file

@ -13,7 +13,7 @@
<th>ID</th><td>$build.id</td>
</tr>
<tr>
<th>Package Name</th><td><a href="packageinfo?packageID=$build.package_id">$build.package_name</a></td>
<th>Package Name</th><td><a href="packageinfo?packageID=$build.package_id">$util.escapeHTML($build.package_name)</a></td>
</tr>
<tr>
<th>Version</th><td>$build.version</td>
@ -61,7 +61,7 @@
</tr>
#end if
<tr>
<th>Built by</th><td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$build.owner_name</a></td>
<th>Built by</th><td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$util.escapeHTML($build.owner_name)</a></td>
</tr>
<tr>
#set $stateName = $util.stateName($build.state)
@ -76,7 +76,7 @@
</tr>
<tr>
<th>Volume</th>
<td>$build.volume_name</td>
<td>$util.escapeHTML($build.volume_name)</td>
</tr>
<tr>
<th>Started</th><td>$util.formatTimeLong($start_ts)</td>
@ -94,7 +94,7 @@
#end if
#if $build.cg_id
<tr>
<th>Content generator</th><td>$build.cg_name</td>
<th>Content generator</th><td>$util.escapeHTML($build.cg_name)</td>
</tr>
#end if
#if $task
@ -114,7 +114,7 @@
<table class="nested">
#for $tag in $tags
<tr>
<td><a href="taginfo?tagID=$tag.id">$tag.name</a></td>
<td><a href="taginfo?tagID=$tag.id">$util.escapeHTML($tag.name)</a></td>
</tr>
#end for
</table>
@ -219,7 +219,7 @@
<tr>
<td/>
<td>
<a href="$loginfo.dl_url">$loginfo.name</a>
<a href="$loginfo.dl_url">$util.escapeHTML($loginfo.name)</a>
</td>
</tr>
#end for

6
www/kojiweb/buildrootinfo.chtml
View file

@ -8,10 +8,10 @@
<table>
<tr>
<th>Host</th><td><a href="hostinfo?hostID=$buildroot.host_id">$buildroot.host_name</a></td>
<th>Host</th><td><a href="hostinfo?hostID=$buildroot.host_id">$util.escapeHTML($buildroot.host_name)</a></td>
</tr>
<tr>
<th>Arch</th><td>$buildroot.arch</td>
<th>Arch</th><td>$util.escapeHTML($buildroot.arch)</td>
</tr>
<tr>
<th>ID</th><td>$buildroot.id</td>
@ -32,7 +32,7 @@
<th>Repo ID</th><td><a href="repoinfo?repoID=$buildroot.repo_id">$buildroot.repo_id</a></td>
</tr>
<tr>
<th>Repo Tag</th><td><a href="taginfo?tagID=$buildroot.tag_id">$buildroot.tag_name</a></td>
<th>Repo Tag</th><td><a href="taginfo?tagID=$buildroot.tag_id">$util.escapeHTML($buildroot.tag_name)</a></td>
</tr>
<tr>
<th>Repo State</th><td>$util.imageTag($util.repoStateName($buildroot.repo_state))</td>

10
www/kojiweb/buildrootinfo_cg.chtml
View file

@ -11,19 +11,19 @@
<th>ID</th><td>$buildroot.id</td>
</tr>
<tr>
<th>Host OS</th><td>$buildroot.host_os</td>
<th>Host OS</th><td>$util.escapeHTML($buildroot.host_os)</td>
</tr>
<tr>
<th>Host Arch</th><td>$buildroot.host_arch</td>
<th>Host Arch</th><td>$util.escapeHTML($buildroot.host_arch)</td>
</tr>
<tr>
<th>Content Generator</th><td>$buildroot.cg_name ($buildroot.cg_version)</td>
<th>Content Generator</th><td>$util.escapeHTML($buildroot.cg_name) ($buildroot.cg_version)</td>
</tr>
<tr>
<th>Container Type</th><td>$buildroot.container_type</td>
<th>Container Type</th><td>$util.escapeHTML($buildroot.container_type)</td>
</tr>
<tr>
<th>Container Arch</th><td>$buildroot.container_arch</td>
<th>Container Arch</th><td>$util.escapeHTML($buildroot.container_arch)</td>
</tr>
#if $buildroot.get('extra')
<tr>

8
www/kojiweb/builds.chtml
View file

@ -5,7 +5,7 @@
#include "includes/header.chtml"
<h4>#if $latest then 'Latest ' else ''##if $state != None then $util.stateName($state).capitalize() + ' ' else ''##if $type then $type.capitalize() + ' ' else ''#Builds#if $package then ' of <a href="packageinfo?packageID=%i">%s</a>' % ($package.id, $package.name) else ''##if $prefix then ' starting with "%s"' % $prefix else ''##if $user then ' by <a href="userinfo?userID=%i">%s</a>' % ($user.id, $user.name) else ''##if $tag then ' in tag <a href="taginfo?tagID=%i">%s</a>' % ($tag.id, $tag.name) else ''#</h4>
<h4>#if $latest then 'Latest ' else ''##if $state != None then $util.stateName($state).capitalize() + ' ' else ''##if $type then $type.capitalize() + ' ' else ''#Builds#if $package then ' of <a href="packageinfo?packageID=%i">%s</a>' % ($package.id, $util.escapeHTML($package.name)) else ''##if $prefix then ' starting with "%s"' % $prefix else ''##if $user then ' by <a href="userinfo?userID=%i">%s</a>' % ($user.id, $util.escapeHTML($user.name)) else ''##if $tag then ' in tag <a href="taginfo?tagID=%i">%s</a>' % ($tag.id, $util.escapeHTML($tag.name)) else ''#</h4>
<table class="data-list">
<tr>
@ -38,7 +38,7 @@
<option value="$loggedInUser.name">me</option>
#end if
#for $userOption in $users
<option value="$userOption.name" #if $userOption.name == ($user and $user.name or None) then 'selected="selected"' else ''#>$userOption.name</option>
<option value="$userOption.name" #if $userOption.name == ($user and $user.name or None) then 'selected="selected"' else ''#>$util.escapeHTML($userOption.name)</option>
#end for
</select>
</td></tr>
@ -124,9 +124,9 @@
<td>$build.build_id</td>
<td><a href="buildinfo?buildID=$build.build_id">$koji.buildLabel($build)</a></td>
#if $tag
<td><a href="taginfo?tagID=$build.tag_id">$build.tag_name</a></td>
<td><a href="taginfo?tagID=$build.tag_id">$util.escapeHTML($build.tag_name)</a></td>
#end if
<td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$build.owner_name</a></td>
<td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$util.escapeHTML($build.owner_name)</a></td>
<td>$util.formatTime($build.completion_time)</td>
#set $stateName = $util.stateName($build.state)
<td class="$stateName">$util.stateImage($build.state)</td>

3
www/kojiweb/buildsbytarget.chtml
View file

@ -1,4 +1,5 @@
#from kojiweb import util
#from urllib.parse import quote
#def printOption(value, label=None)
#if not $label
@ -61,7 +62,7 @@
#if $len($targets) > 0
#for $target in $targets
<tr class="$util.rowToggle($self)">
<td><a href="buildtargetinfo?name=$target.name">$target.name</a></td>
<td><a href="buildtargetinfo?name=$quote($target.name)">$util.escapeHTML($target.name)</a></td>
<td width="#echo $graphWidth + 5#"><img src=$util.themePath('images/1px.gif') width="#echo $increment * $target.builds#" height="15" class="graphrow" alt="graph row"/></td>
<td>$target.builds</td>
</tr>

2
www/kojiweb/buildsbyuser.chtml
View file

@ -35,7 +35,7 @@
#if $len($userBuilds) > 0
#for $userBuild in $userBuilds
<tr class="$util.rowToggle($self)">
<td><a href="userinfo?userID=$userBuild.id">$userBuild.name</a></td>
<td><a href="userinfo?userID=$userBuild.id">$util.escapeHTML($userBuild.name)</a></td>
<td width="#echo $graphWidth + 5#"><img src="$util.themePath('images/1px.gif')" width="#echo $increment * $userBuild.builds#" height="15" class="graphrow" alt="graph row"/></td>
<td>$userBuild.builds</td>
</tr>

8
www/kojiweb/buildtargetedit.chtml
View file

@ -3,7 +3,7 @@
#include "includes/header.chtml"
#if $target
<h4>Edit target $target.name</h4>
<h4>Edit target $util.escapeHTML($target.name)</h4>
#else
<h4>Create build target</h4>
#end if
@ -17,7 +17,7 @@
<tr>
<th>Name</th>
<td>
<input type="text" name="name" size="50" value="#if $target then $target.name else ''#"/>
<input type="text" name="name" size="50" value="#if $target then $util.escapeHTML($target.name) else ''#"/>
</td>
</tr>
#if $target
@ -31,7 +31,7 @@
<select name="buildTag">
<option value="">select tag</option>
#for $tag in $tags
<option value="$tag.id"#if $target and $target.build_tag == $tag.id then ' selected="selected"' else ''#>$tag.name</option>
<option value="$tag.id"#if $target and $target.build_tag == $tag.id then ' selected="selected"' else ''#>$util.escapeHTML($tag.name)</option>
#end for
</select>
</td>
@ -42,7 +42,7 @@
<select name="destTag">
<option value="">select tag</option>
#for $tag in $tags
<option value="$tag.id"#if $target and $target.dest_tag == $tag.id then ' selected="selected"' else ''#>$tag.name</option>
<option value="$tag.id"#if $target and $target.dest_tag == $tag.id then ' selected="selected"' else ''#>$util.escapeHTML($tag.name)</option>
#end for
</select>
</td>

8
www/kojiweb/buildtargetinfo.chtml
View file

@ -2,20 +2,20 @@
#include "includes/header.chtml"
<h4>Information for target <a href="buildtargetinfo?targetID=$target.id">$target.name</a></h4>
<h4>Information for target <a href="buildtargetinfo?targetID=$target.id">$util.escapeHTML($target.name)</a></h4>
<table>
<tr>
<th>Name</th><td>$target.name</td>
<th>Name</th><td>$util.escapeHTML($target.name)</td>
</tr>
<tr>
<th>ID</th><td>$target.id</td>
</tr>
<tr>
<th>Build Tag</th><td><a href="taginfo?tagID=$buildTag.id">$buildTag.name</a></td>
<th>Build Tag</th><td><a href="taginfo?tagID=$buildTag.id">$util.escapeHTML($buildTag.name)</a></td>
</tr>
<tr>
<th>Destination Tag</th><td><a href="taginfo?tagID=$destTag.id">$destTag.name</a></td>
<th>Destination Tag</th><td><a href="taginfo?tagID=$destTag.id">$util.escapeHTML($destTag.name)</a></td>
</tr>
#if 'admin' in $perms
<tr>

2
www/kojiweb/buildtargets.chtml
View file

@ -35,7 +35,7 @@
#for $target in $targets
<tr class="$util.rowToggle($self)">
<td>$target.id</td>
<td><a href="buildtargetinfo?targetID=$target.id">$target.name</a></td>
<td><a href="buildtargetinfo?targetID=$target.id">$util.escapeHTML($target.name)</a></td>
</tr>
#end for
#else

4
www/kojiweb/channelinfo.chtml
View file

@ -2,7 +2,7 @@
#include "includes/header.chtml"
<h4>Information for channel <a href="channelinfo?channelID=$channel.id">$channel.name</a></h4>
<h4>Information for channel <a href="channelinfo?channelID=$channel.id">$util.escapeHTML($channel.name)</a></h4>
<table>
<tr>
@ -39,7 +39,7 @@
</tr>
#for $host in $hosts
<tr class="$util.rowToggle($self)">
<td><a href="hostinfo?hostID=$host.id">$host.name</a></td>
<td><a href="hostinfo?hostID=$host.id">$util.escapeHTML($host.name)</a></td>
<td class="$str($bool($host.enabled)).lower()">#if $host.enabled then $util.imageTag('yes') else $util.imageTag('no')#</td>
<td class="$str($bool($host.ready)).lower()">#if $host.ready then $util.imageTag('yes') else $util.imageTag('no')#</td>
</tr>

2
www/kojiweb/clusterhealth.chtml
View file

@ -59,7 +59,7 @@
#for $channel in $channels
<tr>
<th>
<a href="channelinfo?channelID=$channel['id']">$channel['name']</a>
<a href="channelinfo?channelID=$channel['id']">$util.escapeHTML($channel['name'])</a>
#if not $channel['enabled_channel']
[disabled]
#end if

8
www/kojiweb/externalrepoinfo.chtml
View file

@ -2,24 +2,24 @@
#include "includes/header.chtml"
<h4>Information for external repo <a href="externalrepoinfo?extrepoID=$extRepo.id">$extRepo.name</a></h4>
<h4>Information for external repo <a href="externalrepoinfo?extrepoID=$extRepo.id">$util.escapeHTML($extRepo.name)</a></h4>
<table>
<tr>
<th>Name</th><td>$extRepo.name</td>
<th>Name</th><td>$util.escapeHTML($extRepo.name)</td>
</tr>
<tr>
<th>ID</th><td>$extRepo.id</td>
</tr>
<tr>
<th>URL</th><td><a href="$extRepo.url">$extRepo.url</a></td>
<th>URL</th><td><a href="$util.escapeHTML($extRepo.url)">$util.escapeHTML($extRepo.url)</a></td>
</tr>
<tr>
<th>Tags using this external repo</th>
<td>
#if $len($repoTags)
#for $tag in $repoTags
<a href="taginfo?tagID=$tag.tag_id">$tag.tag_name</a><br/>
<a href="taginfo?tagID=$tag.tag_id">$util.escapeHTML($tag.tag_name)</a><br/>
#end for
#else
No tags

12
www/kojiweb/fileinfo.chtml
View file

@ -4,14 +4,14 @@
#include "includes/header.chtml"
#if $rpm
<h4>Information for file <a href="fileinfo?rpmID=$rpm.id&amp;filename=$quote($file.name)">$file.name</a></h4>
<h4>Information for file <a href="fileinfo?rpmID=$rpm.id&amp;filename=$quote($file.name)">$util.escapeHTML($file.name)</a></h4>
#elif $archive
<h4>Information for file <a href="fileinfo?archiveID=$archive.id&amp;filename=$quote($file.name)">$file.name</a></h4>
<h4>Information for file <a href="fileinfo?archiveID=$archive.id&amp;filename=$quote($file.name)">$util.escapeHTML($file.name)</a></h4>
#end if
<table>
<tr>
<th>Name</th><td>$file.name</td>
<th>Name</th><td>$util.escapeHTML($file.name)</td>
</tr>
#if $rpm
<tr>
@ -28,12 +28,12 @@
#end if
#if 'user' in $file and $file.user
<tr>
<th>User</th><td>$file.user</td>
<th>User</th><td>$util.escapeHTML($file.user)</td>
</tr>
#end if
#if 'group' in $file and $file.group
<tr>
<th>Group</th><td>$file.group</td>
<th>Group</th><td>$util.escapeHTML($file.group)</td>
</tr>
#end if
#if 'mode' in $file and $file.mode
@ -56,7 +56,7 @@
</tr>
#elif $archive
<tr>
<th>Archive</th><td><a href="archiveinfo?archiveID=$archive.id">$archive.filename</a></td>
<th>Archive</th><td><a href="archiveinfo?archiveID=$archive.id">$util.escapeHTML($archive.filename)</a></td>
</tr>
#end if
</table>

8
www/kojiweb/hostedit.chtml
View file

@ -2,14 +2,14 @@
#include "includes/header.chtml"
<h4>Edit host $host.name</h4>
<h4>Edit host $util.escapeHTML($host.name)</h4>
<form action="hostedit">
$util.authToken($self, form=True)
<table>
<tr>
<th>Name</th>
<td>$host.name</td>
<td>$util.escapeHTML($host.name)</td>
</tr>
<tr>
<th>ID</th>
@ -20,7 +20,7 @@
</tr>
<tr>
<th>Arches</th>
<td><input type="text" name="arches" value="$host.arches"/></td>
<td><input type="text" name="arches" value=$util.escapeHTML("$host.arches)"/></td>
</tr>
<tr>
<th>Capacity</th>
@ -43,7 +43,7 @@
<td>
<select name="channels" multiple="multiple">
#for $channel in $allChannels
<option value="$channel.name" #if $channel in $hostChannels then 'selected="selected"' else ''#>$channel.name</option>
<option value="$channel.name" #if $channel in $hostChannels then 'selected="selected"' else ''#>$util.escapeHTML($channel.name)</option>
#end for
</select>
</td>

10
www/kojiweb/hostinfo.chtml
View file

@ -2,17 +2,17 @@
#include "includes/header.chtml"
<h4>Information for host <a href="hostinfo?hostID=$host.id">$host.name</a></h4>
<h4>Information for host <a href="hostinfo?hostID=$host.id">$util.escapeHTML($host.name)</a></h4>
<table>
<tr>
<th>Name</th><td>$host.name</td>
<th>Name</th><td>$util.escapeHTML($host.name)</td>
</tr>
<tr>
<th>ID</th><td>$host.id</td>
</tr>
<tr>
<th>Arches</th><td>$host.arches</td>
<th>Arches</th><td>$util.escapeHTML($host.arches)</td>
</tr>
<tr>
<th>Capacity</th><td>$host.capacity</td>
@ -51,7 +51,7 @@
<th>Channels</th>
<td>
#for $channel in $channels
<a href="channelinfo?channelID=$channel.id" class="$channel.enabled">$channel.name</a><br/>
<a href="channelinfo?channelID=$channel.id" class="$channel.enabled">$util.escapeHTML($channel.name)</a><br/>
#end for
#if not $channels
No channels
@ -68,7 +68,7 @@
</tr>
#for $buildroot in $buildroots
<tr class="$util.rowToggle($self)">
<td><a href="buildrootinfo?buildrootID=$buildroot.id">$buildroot.tag_name-$buildroot.id-$buildroot.repo_id</a></td>
<td><a href="buildrootinfo?buildrootID=$buildroot.id">$util.escapeHTML($buildroot.tag_name)-$buildroot.id-$buildroot.repo_id</a></td>
<td>$util.formatTime($buildroot.create_event_time)</td>
<td>$util.imageTag($util.brStateName($buildroot.state))</td>
</tr>

6
www/kojiweb/hosts.chtml
View file

@ -58,7 +58,7 @@ in $channel channel
<select name="channel" class="filterlist" onchange="javascript: window.location = 'hosts?channel=' + this.value + '$util.passthrough_except($self, 'channel')';">
<option value="all" #if not $channel then 'selected="selected"' else ''#>all</option>
#for $chan in $channels
<option value="$chan.name" #if $chan.name == $channel then 'selected="selected"' else ''#>$chan.name</option>
<option value="$chan.name" #if $chan.name == $channel then 'selected="selected"' else ''#>$util.escapeHTML($chan.name)</option>
#end for
</select>
</td>
@ -120,11 +120,11 @@ in $channel channel
#for $host in $hosts
<tr class="$util.rowToggle($self)">
<td>$host.id</td>
<td><a href="hostinfo?hostID=$host.id">$host.name</a></td>
<td><a href="hostinfo?hostID=$host.id">$util.escapeHTML($host.name)</a></td>
<td>$host.arches</td>
<td>
#for $channame, $chan_id, $chan_enabled in zip($host.channels, $host.channels_id, $host.channels_enabled)
<a href="channelinfo?channelID=$chan_id" class="$chan_enabled">$channame</a>
<a href="channelinfo?channelID=$chan_id" class="$chan_enabled">$util.escapeHTML($channame)</a>
#end for
</td>
<td class="$str($bool($host.enabled)).lower()">#if $host.enabled then $util.imageTag('yes') else $util.imageTag('no')#</td>

10
www/kojiweb/imageinfo.chtml
View file

@ -5,23 +5,23 @@
#include "includes/header.chtml"
<h4>Information for image <a href="imageinfo?imageID=$image.id">$image.filename</a></h4>
<h4>Information for image <a href="imageinfo?imageID=$image.id">$util.escapeHTML($image.filename)</a></h4>
<table>
<tr>
<th>ID</th><td>$image.id</td>
</tr>
<tr>
<th>File Name</th><td>$image.filename</a></td>
<th>File Name</th><td>$util.escapeHTML($image.filename)</a></td>
</tr>
<tr>
<th>File Size</th><td><span title="$util.formatThousands($image.filesize)">$util.formatNatural($image.filesize)</span></td>
</tr>
<tr>
<th>Arch</th><td>$image.arch</td>
<th>Arch</th><td>$util.escapeHTML($image.arch)</td>
</tr>
<tr>
<th>Media Type</th><td>$image.mediatype</td>
<th>Media Type</th><td>$util.escapeHTML($image.mediatype)</td>
</tr>
<tr>
#if $len($image.hash) == 32
@ -42,7 +42,7 @@
<th>Task</th><td><a href="taskinfo?taskID=$task.id" class="task$util.taskState($task.state)">$koji.taskLabel($task)</a></td>
</tr>
<tr>
<th>Buildroot</th><td><a href="buildrootinfo?buildrootID=$buildroot.id">/var/lib/mock/$buildroot.tag_name-$buildroot.id-$buildroot.repo_id</a></td>
<th>Buildroot</th><td><a href="buildrootinfo?buildrootID=$buildroot.id">$util.escapeHTML(/var/lib/mock/$buildroot.tag_name-$buildroot.id-$buildroot.repo_id)</a></td>
</tr>
<tr>
<th colspan="2"><a href="rpmlist?imageID=$image.id&amp;type=image" title="RPMs that where installed into the LiveCD">Included RPMs</a></th>

16
www/kojiweb/index.chtml
View file

@ -20,9 +20,9 @@
<tr class="$util.rowToggle($self)">
#set $stateName = $util.stateName($build.state)
<td>$build.build_id</td>
<td><a href="buildinfo?buildID=$build.build_id">$build.nvr</a></td>
<td><a href="buildinfo?buildID=$build.build_id">$util.escapeHTML($build.nvr)</a></td>
#if not $user
<td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$build.owner_name</a></td>
<td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$util.escapeHTML($build.owner_name)</a></td>
#end if
<td>$util.formatTime($build.completion_ts)</td>
<td class="$stateName">$util.stateImage($build.state)</td>
@ -58,9 +58,9 @@
#if not $user
<td class="user-$task.owner_name">
#if $task.owner_type == $koji.USERTYPES['HOST']
<a href="hostinfo?userID=$task.owner">$task.owner_name</a>
<a href="hostinfo?userID=$task.owner">$util.escapeHTML($task.owner_name)</a>
#else
<a href="userinfo?userID=$task.owner">$task.owner_name</a>
<a href="userinfo?userID=$task.owner">$util.escapeHTML($task.owner_name)</a>
#end if
</td>
#end if
@ -111,8 +111,8 @@
</tr>
#for $package in $packages
<tr class="$util.rowToggle($self)">
<td><a href="packageinfo?packageID=$package.package_id">$package.package_name</a></td>
<td><a href="taginfo?tagID=$package.tag_id">$package.tag_name</a></td>
<td><a href="packageinfo?packageID=$package.package_id">$util.escapeHTML($package.package_name)</a></td>
<td><a href="taginfo?tagID=$package.tag_id">$util.escapeHTML($package.tag_name)</a></td>
#set $included = $package.blocked and 'no' or 'yes'
<td>$util.imageTag($included)</td>
</tr>
@ -140,8 +140,8 @@
</tr>
#for $notif in $notifs
<tr class="$util.rowToggle($self)">
<td>#if $notif.package then $notif.package.name else 'all'#</td>
<td>#if $notif.tag then $notif.tag.name else 'all'#</td>
<td>#if $notif.package then $util.escapeHTML($notif.package.name) else 'all'#</td>
<td>#if $notif.tag then $util.escapeHTML($notif.tag.name) else 'all'#</td>
<td>#if $notif.success_only then 'success only' else 'all'#</td>
<td><a href="notificationedit?notificationID=$notif.id$util.authToken($self)">edit</a></td>
<td><a href="notificationdelete?notificationID=$notif.id$util.authToken($self)">delete</a></td>

60
www/kojiweb/index.py
View file

@ -43,11 +43,6 @@ def _sortbyname(x):
return x['name']
# regexps for input checking
_VALID_SEARCH_CHARS = r"""a-zA-Z0-9"""
_VALID_SEARCH_SYMS = r""" @.,_/\()%+-~*?|[]^$"""
_VALID_SEARCH_RE = re.compile('^[' + _VALID_SEARCH_CHARS + re.escape(_VALID_SEARCH_SYMS) + ']+$')
_VALID_ARCH_RE = re.compile(r'^[\w-]+$', re.ASCII)
@ -61,14 +56,12 @@ def _validate_arch(arch):
raise koji.GenericError("No such arch: %r" % arch)
def _validate_name_or_id(value):
# integer ID or label, it is unicode alnum + search symbols (reasonable expectation?)
def _convert_if_int(value):
# if value is digit, converts value to integer, otherwise it returns raw value
if value.isdigit():
return int(value)
elif _VALID_SEARCH_RE.match(value):
return value
else:
raise koji.GenericError("Invalid int/label value: %r" % value)
return value
# loggers
@ -540,7 +533,7 @@ def tasks(environ, owner=None, state='active', view='tree', method='all', hostID
opts = {'decode': True}
if owner:
owner = _validate_name_or_id(owner)
owner = _convert_if_int(owner)
ownerObj = server.getUser(owner, strict=True)
opts['owner'] = ownerObj['id']
values['owner'] = ownerObj['name']
@ -598,7 +591,7 @@ def tasks(environ, owner=None, state='active', view='tree', method='all', hostID
values['state'] = state
if hostID:
hostID = int(hostID)
hostID = _convert_if_int(hostID)
host = server.getHost(hostID, strict=True)
opts['host_id'] = host['id']
values['host'] = host
@ -608,7 +601,7 @@ def tasks(environ, owner=None, state='active', view='tree', method='all', hostID
values['hostID'] = None
if channelID:
channelID = _validate_name_or_id(channelID)
channelID = _convert_if_int(channelID)
channel = server.getChannel(channelID, strict=True)
opts['channel_id'] = channel['id']
values['channel'] = channel
@ -916,13 +909,13 @@ def packages(environ, tagID=None, userID=None, order='package_name', start=None,
server = _getServer(environ)
tag = None
if tagID is not None:
tagID = _validate_name_or_id(tagID)
tagID = _convert_if_int(tagID)
tag = server.getTag(tagID, strict=True)
values['tagID'] = tagID
values['tag'] = tag
user = None
if userID is not None:
userID = _validate_name_or_id(userID)
userID = _convert_if_int(userID)
user = server.getUser(userID, strict=True)
values['userID'] = userID
values['user'] = user
@ -952,7 +945,7 @@ def packageinfo(environ, packageID, tagOrder='name', tagStart=None, buildOrder='
values = _initValues(environ, 'Package Info', 'packages')
server = _getServer(environ)
packageID = _validate_name_or_id(packageID)
packageID = _convert_if_int(packageID)
package = server.getPackage(packageID)
if package is None:
raise koji.GenericError('No such package ID: %s' % packageID)
@ -976,7 +969,7 @@ def taginfo(environ, tagID, all='0', packageOrder='package_name', packageStart=N
values = _initValues(environ, 'Tag Info', 'tags')
server = _getServer(environ)
tagID = _validate_name_or_id(tagID)
tagID = _convert_if_int(tagID)
tag = server.getTag(tagID, strict=True)
values['title'] = tag['name'] + ' | Tag Info'
@ -1016,7 +1009,8 @@ def taginfo(environ, tagID, all='0', packageOrder='package_name', packageStart=N
child = None
if childID is not None:
child = server.getTag(int(childID), strict=True)
childID = _convert_if_int(childID)
child = server.getTag(childID, strict=True)
values['child'] = child
if environ['koji.currentUser']:
@ -1193,7 +1187,7 @@ def externalrepoinfo(environ, extrepoID):
values = _initValues(environ, 'External Repo Info', 'tags')
server = _getServer(environ)
extrepoID = _validate_name_or_id(extrepoID)
extrepoID = _convert_if_int(extrepoID)
extRepo = server.getExternalRepo(extrepoID, strict=True)
repoTags = server.getTagExternalRepos(repo_info=extRepo['id'])
@ -1349,7 +1343,7 @@ def builds(environ, userID=None, tagID=None, packageID=None, state=None, order='
user = None
if userID:
userID = _validate_name_or_id(userID)
userID = _convert_if_int(userID)
user = server.getUser(userID, strict=True)
values['userID'] = userID
values['user'] = user
@ -1361,14 +1355,14 @@ def builds(environ, userID=None, tagID=None, packageID=None, state=None, order='
tag = None
if tagID:
tagID = _validate_name_or_id(tagID)
tagID = _convert_if_int(tagID)
tag = server.getTag(tagID, strict=True)
values['tagID'] = tagID
values['tag'] = tag
package = None
if packageID:
packageID = _validate_name_or_id(packageID)
packageID = _convert_if_int(packageID)
package = server.getPackage(packageID, strict=True)
values['packageID'] = packageID
values['package'] = package
@ -1454,13 +1448,14 @@ def userinfo(environ, userID, packageOrder='package_name', packageStart=None,
values = _initValues(environ, 'User Info', 'users')
server = _getServer(environ)
userID = _validate_name_or_id(userID)
userID = _convert_if_int(userID)
user = server.getUser(userID, strict=True)
values['title'] = user['name'] + ' | User Info'
values['user'] = user
values['userID'] = userID
values['owner'] = user['name']
values['taskCount'] = server.listTasks(opts={'owner': user['id'], 'parent': None},
queryOpts={'countOnly': True})
@ -1708,12 +1703,12 @@ def hostinfo(environ, hostID=None, userID=None):
server = _getServer(environ)
if hostID:
hostID = _validate_name_or_id(hostID)
hostID = _convert_if_int(hostID)
host = server.getHost(hostID)
if host is None:
raise koji.GenericError('No such host ID: %s' % hostID)
elif userID:
userID = int(userID)
userID = _convert_if_int(userID)
hosts = server.listHosts(userID=userID)
host = None
if hosts:
@ -2426,17 +2421,17 @@ def recentbuilds(environ, user=None, tag=None, package=None):
tagObj = None
if tag is not None:
tag = _validate_name_or_id(tag)
tag = _convert_if_int(tag)
tagObj = server.getTag(tag, strict=True)
userObj = None
if user is not None:
user = _validate_name_or_id(user)
user = _convert_if_int(user)
userObj = server.getUser(user, strict=True)
packageObj = None
if package:
package = _validate_name_or_id(package)
package = _convert_if_int(package)
packageObj = server.getPackage(package, strict=True)
if tagObj is not None:
@ -2532,13 +2527,6 @@ def search(environ, start=None, order=None):
if match not in ('glob', 'regexp', 'exact'):
raise koji.GenericError("No such match type: %r" % match)
if not _VALID_SEARCH_RE.match(terms):
values['error'] = 'Invalid search terms<br/>' + \
'Search terms may contain only these characters: ' + \
_VALID_SEARCH_CHARS + _VALID_SEARCH_SYMS
values['terms'] = ''
return _genHTML(environ, 'search.chtml')
if match == 'regexp':
try:
re.compile(terms)
@ -2617,8 +2605,8 @@ def repoinfo(environ, repoID):
values = _initValues(environ, 'Repo Info', 'tags')
server = _getServer(environ)
repoID = _validate_name_or_id(repoID)
values['repo_id'] = repoID
repoID = _convert_if_int(repoID)
repo_info = server.repoInfo(repoID, strict=False)
values['repo'] = repo_info
if repo_info:

4
www/kojiweb/notificationedit.chtml
View file

@ -20,7 +20,7 @@
<select name="package">
<option value="all"#if $notif and not $notif.package_id then ' selected="selected"' else ''#>all</option>
#for $package in $packages
<option value="$package.package_id"#if $notif and $notif.package_id == $package.package_id then ' selected="selected"' else ''#>$package.package_name</option>
<option value="$package.package_id"#if $notif and $notif.package_id == $package.package_id then ' selected="selected"' else ''#>$util.escapeHTML($package.package_name)</option>
#end for
</select>
</td>
@ -31,7 +31,7 @@
<select name="tag">
<option value="all"#if $notif and not $notif.tag_id then ' selected="selected"' else ''#>all</option>
#for $tag in $tags
<option value="$tag.id"#if $notif and $notif.tag_id == $tag.id then ' selected="selected"' else ''#>$tag.name</option>
<option value="$tag.id"#if $notif and $notif.tag_id == $tag.id then ' selected="selected"' else ''#>$util.escapeHTML($tag.name)</option>
#end for
</select>
</td>

12
www/kojiweb/packageinfo.chtml
View file

@ -2,11 +2,11 @@
#include "includes/header.chtml"
<h4>Information for package <a href="packageinfo?packageID=$package.id">$package.name</a></h4>
<h4>Information for package <a href="packageinfo?packageID=$package.id">$util.escapeHTML($package.name)</a></h4>
<table>
<tr>
<th>Name</th><td>$package.name</td>
<th>Name</th><td>$util.escapeHTML($package.name)</td>
</tr>
<tr>
<th>ID</th><td>$package.id</td>
@ -46,8 +46,8 @@
</tr>
#for $build in $builds
<tr class="$util.rowToggle($self)">
<td><a href="buildinfo?buildID=$build.build_id">$build.nvr</a></td>
<td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$build.owner_name</a></td>
<td><a href="buildinfo?buildID=$build.build_id">$util.escapeHTML($build.nvr)</a></td>
<td class="user-$build.owner_name"><a href="userinfo?userID=$build.owner_id">$util.escapeHTML($build.owner_name)</a></td>
<td>$util.formatTime($build.completion_ts)</td>
#set $stateName = $util.stateName($build.state)
<td class="$stateName">$util.stateImage($build.state)</td>
@ -101,8 +101,8 @@
</tr>
#for $tag in $tags
<tr class="$util.rowToggle($self)">
<td><a href="taginfo?tagID=$tag.id">$tag.name</a></td>
<td><a href="userinfo?userID=$tag.owner_id">$tag.owner_name</a></td>
<td><a href="taginfo?tagID=$tag.id">$util.escapeHTML($tag.name)</a></td>
<td><a href="userinfo?userID=$tag.owner_id">$util.escapeHTML($tag.owner_name)</a></td>
#set $included = $tag.blocked and 'no' or 'yes'
<td>$util.imageTag($included)</td>
<td>$tag.extra_arches</td>

8
www/kojiweb/packages.chtml
View file

@ -4,7 +4,7 @@
#include "includes/header.chtml"
<h4>Packages#if $prefix then ' starting with "%s"' % $prefix else ''##if $tag then ' in tag <a href="taginfo?tagID=%i">%s</a>' % ($tag.id, $tag.name) else ''##if $user then ' owned by <a href="userinfo?userID=%i">%s</a>' % ($user.id, $user.name) else ''#</h4>
<h4>Packages#if $prefix then ' starting with "%s"' % $prefix else ''##if $tag then ' in tag <a href="taginfo?tagID=%i">%s</a>' % ($tag.id, $util.escapeHTML($tag.name)) else ''##if $user then ' owned by <a href="userinfo?userID=%i">%s</a>' % ($user.id, $util.escapeHTML($user.name)) else ''#</h4>
<table class="data-list">
#if $tag
@ -75,10 +75,10 @@
#for $package in $packages
<tr class="$util.rowToggle($self)">
<td>$package.package_id</td>
<td><a href="packageinfo?packageID=$package.package_id">$package.package_name</a></td>
<td><a href="packageinfo?packageID=$package.package_id">$util.escapeHTML($package.package_name)</a></td>
#if $tag or $user
<td><a href="taginfo?tagID=$package.tag_id">$package.tag_name</a></td>
<td class="user-$package.owner_name"><a href="userinfo?userID=$package.owner_id">$package.owner_name</a></td>
<td><a href="taginfo?tagID=$package.tag_id">$util.escapeHTML($package.tag_name)</a></td>
<td class="user-$package.owner_name"><a href="userinfo?userID=$package.owner_id">$util.escapeHTML($package.owner_name)</a></td>
<td class="$str(not $package.blocked).lower()">#if $package.blocked then $util.imageTag('no') else $util.imageTag('yes')#</td>
#end if
</tr>

2
www/kojiweb/packagesbyuser.chtml
View file

@ -35,7 +35,7 @@
#if $len($users) > 0
#for $user in $users
<tr class="$util.rowToggle($self)">
<td><a href="userinfo?userID=$user.id">$user.name</a></td>
<td><a href="userinfo?userID=$user.id">$util.escapeHTML($user.name)</a></td>
<td width="#echo $graphWidth + 5#"><img src="$util.themePath('images/1px.gif')" width="#echo $increment * $user.packages#" height="15" class="graphrow" alt="graph row"/></td>
<td>$user.packages</td>
</tr>

8
www/kojiweb/recentbuilds.chtml
View file

@ -22,18 +22,18 @@
<rss version="2.0">
<channel>
<title>$siteName: recent builds#if $package then ' of package ' + $package.name else ''##if $tag then ' into tag ' + $tag.name else ''##if $user then ' by user ' + $user.name else ''#</title>
<title>$siteName: recent builds#if $package then ' of package ' + $util.escapeHTML($package.name) else ''##if $tag then ' into tag ' + $util.escapeHTML($tag.name) else ''##if $user then ' by user ' + $util.escapeHTML($user.name) else ''#</title>
<link>$linkURL()</link>
<description>
A list of the most recent builds
#if $package
of package $package.name
of package $util.escapeHTML($package.name)
#end if
#if $tag
into tag $tag.name
into tag $util.escapeHTML($tag.name)
#end if
#if $user
by user $user.name
by user $util.escapeHTML($user.name)
#end if
in the $siteName Build System. The list is sorted in reverse chronological order by build completion time.
</description>

4
www/kojiweb/repoinfo.chtml
View file

@ -8,12 +8,12 @@
#if $repo
<table>
<tr><th>ID</th><td>$repo.id</td><th></tr>
<tr><th>Tag</th><td><a href="taginfo?tagID=$repo.tag_id">$repo.tag_name</a></td></tr>
<tr><th>Tag</th><td><a href="taginfo?tagID=$repo.tag_id">$util.escapeHTML($repo.tag_name)</a></td></tr>
#if $repo.task_id
<tr><th>Task ID</th><td><a href="taskinfo?taskID=$repo.task_id">$repo.task_id</a></td></tr>
#end if
#set $state = $util.repoState($repo.state)
<tr><th>State</th><td class="repo$state">$state</td></tr>
<tr><th>State</th><td class="repo$state">$util.escapeHTML($state)</td></tr>
<tr><th>Event</th><td>$repo.create_event ($util.formatTimeLong($repo.create_ts))</td></tr>
#if $repo.state != koji.REPO_STATES['DELETED']
<tr><th>URL</th><td><a href="$url">repodata</a></td></tr>

10
www/kojiweb/rpminfo.chtml
View file

@ -8,7 +8,7 @@
#include "includes/header.chtml"
#set $epoch = ($rpm.epoch != None and $str($rpm.epoch) + ':' or '')
<h4>Information for RPM <a href="rpminfo?rpmID=$rpm.id">$rpm.name-$epoch$rpm.version-$rpm.release.${rpm.arch}.rpm</a></h4>
<h4>Information for RPM <a href="rpminfo?rpmID=$rpm.id">$util.escapeHTML($rpm.name)-$epoch$rpm.version-$rpm.release.${rpm.arch}.rpm</a></h4>
<table>
<tr>
@ -16,9 +16,9 @@
</tr>
<tr>
#if $build
<th>Name</th><td><a href="packageinfo?packageID=$build.package_id">$rpm.name</a></td>
<th>Name</th><td><a href="packageinfo?packageID=$build.package_id">$util.escapeHTML($rpm.name)</a></td>
#else
<th>Name</th><td>$rpm.name</td>
<th>Name</th><td>$util.escapeHTML($rpm.name)</td>
#end if
</tr>
<tr>
@ -35,7 +35,7 @@
<th>Epoch</th><td>$rpm.epoch</td>
</tr>
<tr>
<th>Arch</th><td>$rpm.arch</td>
<th>Arch</th><td>$util.escapeHTML($rpm.arch)</td>
</tr>
#if $rpm.external_repo_id == 0
<tr>
@ -55,7 +55,7 @@
#end if
#if $rpm.external_repo_id
<tr>
<th>External Repository</th><td><a href="externalrepoinfo?extrepoID=$rpm.external_repo_id">$rpm.external_repo_name</a></td>
<th>External Repository</th><td><a href="externalrepoinfo?extrepoID=$rpm.external_repo_id">$util.escapeHTML($rpm.external_repo_name)</a></td>
</tr>
#end if
<tr>

6
www/kojiweb/rpmlist.chtml
View file

@ -23,7 +23,7 @@ colspan="2" #slurp
#if $type == 'component'
<h4>Component RPMs of buildroot <a href="buildrootinfo?buildrootID=$buildroot.id">$util.brLabel($buildroot)</a></h4>
#elif $type == 'image'
<h4>RPMs installed in <a href="archiveinfo?archiveID=$image.id">$image.filename</a></h4>
<h4>RPMs installed in <a href="archiveinfo?archiveID=$image.id">$util.escapeHTML($image.filename)</a></h4>
#else
<h4>RPMs built in buildroot <a href="buildrootinfo?buildrootID=$buildroot.id">$util.brLabel($buildroot)</a></h4>
#end if
@ -65,12 +65,12 @@ colspan="2" #slurp
#for $rpm in $rpms
<tr class="$util.rowToggle($self)">
#set $epoch = ($rpm.epoch != None and $str($rpm.epoch) + ':' or '')
<td><a href="rpminfo?rpmID=$rpm.id">$rpm.name-$epoch$rpm.version-$rpm.release.${rpm.arch}.rpm</a></td>
<td><a href="rpminfo?rpmID=$rpm.id">$util.escapeHTML($rpm.name)-$epoch$rpm.version-$rpm.release.${rpm.arch}.rpm</a></td>
#if $type in ['component', 'image']
#if $rpm.external_repo_id == 0
<td>internal</td>
#else
<td><a href="externalrepoinfo?extrepoID=$rpm.external_repo_id">$rpm.external_repo_name</a></td>
<td><a href="externalrepoinfo?extrepoID=$rpm.external_repo_id">$util.escapeHTML($rpm.external_repo_name)</a></td>
#end if
#end if
#if $type == 'component'

2
www/kojiweb/rpmsbyhost.chtml
View file

@ -67,7 +67,7 @@
#if $len($hosts) > 0
#for $host in $hosts
<tr class="$util.rowToggle($self)">
<td><a href="hostinfo?hostID=$host.id">$host.name</a></td>
<td><a href="hostinfo?hostID=$host.id">$util.escapeHTML($host.name)</a></td>
<td width="#echo $graphWidth + 5#"><img src="$util.themePath('images/1px.gif')" width="#echo $increment * $host.rpms#" height="15" class="graphrow" alt="graph row"/></td>
<td>$host.rpms</td>
</tr>

2
www/kojiweb/search.chtml
View file

@ -86,7 +86,7 @@
#for $result in $results
<tr class="$util.rowToggle($self)">
<td>$result.id</td>
<td><a href="${infoURL % $result}">$result.name</a></td>
<td><a href="${infoURL % $result}">$util.escapeHTML($result.name)</a></td>
</tr>
#end for
#else

6
www/kojiweb/tagedit.chtml
View file

@ -14,7 +14,7 @@
<tr>
<th>Name</th>
<td>
<input type="text" name="name" value="#if $tag then $tag.name else ''#"/>
<input type="text" name="name" value="#if $tag then $util.escapeHTML($tag.name) else ''#"/>
#if $tag
<input type="hidden" name="tagID" value="$tag.id"/>
#end if
@ -22,7 +22,7 @@
</tr>
<tr>
<th>Arches</th>
<td><input type="text" name="arches" value="#if $tag then $tag.arches else ''#"/></td>
<td><input type="text" name="arches" value="#if $tag then $util.escapeHTML($tag.arches) else ''#"/></td>
</tr>
<tr>
<th>Locked</th>
@ -34,7 +34,7 @@
<select name="permission">
<option value="none" #if $tag and not $tag.perm_id then 'selected="selected"' else ''#>none</option>
#for $permission in $permissions
<option value="$permission.id" #if $tag and $tag.perm_id == $permission.id then 'selected="selected"' else ''#>$permission.name</option>
<option value="$permission.id" #if $tag and $tag.perm_id == $permission.id then 'selected="selected"' else ''#>$util.escapeHTML($permission.name)</option>
#end for
</select>
</td>

21
www/kojiweb/taginfo.chtml
View file

@ -1,24 +1,25 @@
#from kojiweb import util
#from urllib.parse import quote
#import pprint
#include "includes/header.chtml"
<h4>Information for tag <a href="taginfo?tagID=$tag.id">$tag.name</a></h4>
<h4>Information for tag <a href="taginfo?tagID=$tag.id">$util.escapeHTML($tag.name)</a></h4>
<table>
#if $child and 'admin' in $perms
<tr>
<th colspan="2"><a href="tagparent?tagID=$child.id&parentID=$tag.id&action=add$util.authToken($self)">Add $tag.name as parent of $child.name</a></th>
<th colspan="2"><a href="tagparent?tagID=$child.id&parentID=$tag.id&action=add$util.authToken($self)">Add $util.escapeHTML($tag.name) as parent of $util.escapeHTML($child.name)</a></th>
</tr>
#end if
<tr>
<th>Name</th><td>$tag.name</td>
<th>Name</th><td>$util.escapeHTML($tag.name)</td>
</tr>
<tr>
<th>ID</th><td>$tag.id</td>
</tr>
<tr>
<th>Arches</th><td>$tag.arches</td>
<th>Arches</th><td>$util.escapeHTML($tag.arches)</td>
</tr>
<tr>
<th>Locked</th><td class="$str(not $tag.locked).lower()">#if $tag.locked then 'yes' else 'no'#</td>
@ -37,7 +38,7 @@
<tr>
<th>Inheritance</th>
<td class="tree">
<span class="root">$tag.name</span>
<span class="root">$util.escapeHTML($tag.name)</span>
#set $numParents = $len($inheritance)
#set $iter = 0
#set $maxDepth = 0
@ -61,7 +62,7 @@
#silent $tagsByChild[$parent.child_id].pop()
<span class="treeBranch">
<span class="treeLabel">
<a href="taginfo?tagID=$parent.parent_id">$parent.name</a>
<a href="taginfo?tagID=$parent.parent_id">$util.escapeHTML($parent.name)</a>
#if $depth == 1 and 'admin' in $perms
<span class="treeLink">(<a href="tagparent?tagID=$tag.id&parentID=$parent.parent_id&action=edit$util.authToken($self)">edit</a>) (<a href="tagparent?tagID=$tag.id&parentID=$parent.parent_id&action=remove$util.authToken($self)">remove</a>)</span>
#end if
@ -102,9 +103,9 @@
<th>External&nbsp;repos</th>
<td>
#for $external_repo in $external_repos
<a href="externalrepoinfo?extrepoID=$external_repo.external_repo_id">$external_repo.external_repo_name</a> [$external_repo.merge_mode]
<a href="externalrepoinfo?extrepoID=$external_repo.external_repo_id">$util.escapeHTML($external_repo.external_repo_name)</a> [$external_repo.merge_mode]
#if $external_repo.tag_id != $tag.id
<span class="smaller">(inherited from <a href="taginfo?tagID=$external_repo.tag_id">$external_repo.tag_name</a>)</span>
<span class="smaller">(inherited from <a href="taginfo?tagID=$external_repo.tag_id">$util.escapeHTML($external_repo.tag_name)</a>)</span>
#end if
<br/>
#end for
@ -136,7 +137,7 @@
<td>
#if $len($srcTargets)
#for $target in $srcTargets
<a href="buildtargetinfo?name=$target.name">$target.name</a><br/>
<a href="buildtargetinfo?name=$quote($target.name)">$util.escapeHTML($target.name)</a><br/>
#end for
#else
No build targets
@ -148,7 +149,7 @@
<td>
#if $len($destTargets)
#for $target in $destTargets
<a href="buildtargetinfo?name=$target.name">$target.name</a><br/>
<a href="buildtargetinfo?name=$quote($target.name)">$util.escapeHTML($target.name)</a><br/>
#end for
#else
No build targets

4
www/kojiweb/tagparent.chtml
View file

@ -15,14 +15,14 @@
<tr>
<th>Tag Name</th>
<td>
$tag.name
$util.escapeHTML($tag.name)
<input type="hidden" name="tagID" value="$tag.id"/>
</td>
</tr>
<tr>
<th>Parent Tag Name</th>
<td>
$parent.name
$util.escapeHTML($parent.name)
<input type="hidden" name="parentID" value="$parent.id"/>
</td>
</tr>

20
www/kojiweb/taskinfo.chtml
View file

@ -20,7 +20,7 @@
<span class="treeBranch">
<span class="treeLabel">
<span class="task$childState">$util.imageTag($childState)</span>
<a href="taskinfo?taskID=$child.id" class="task$childState" title="$childState">$koji.taskLabel($child)</a>
<a href="taskinfo?taskID=$child.id" class="task$childState" title="$childState">$util.escapeHTML($koji.taskLabel($child))</a>
</span>
</span>
$printChildren($child.id, $childMap)
@ -32,7 +32,7 @@
#include "includes/header.chtml"
<h4>Information for task <a href="taskinfo?taskID=$task.id">$koji.taskLabel($task)</a></h4>
<h4>Information for task <a href="taskinfo?taskID=$task.id">$util.escapeHTML($koji.taskLabel($task))</a></h4>
<table>
<tr>
@ -67,13 +67,13 @@
</tr>
#if $taskBuild
<tr>
<th>Build</th><td><a href="buildinfo?buildID=$taskBuild.build_id">$koji.buildLabel($taskBuild)</a></td>
<th>Build</th><td><a href="buildinfo?buildID=$taskBuild.build_id">$util.escapeHTML($koji.buildLabel($taskBuild))</a></td>
</tr>
#end if
#if $taskBuilds
#for $build in $taskBuilds
<tr>
<th>Build</th><td><a href="buildinfo?buildID=$build.build_id">$koji.buildLabel($build)</a></td>
<th>Build</th><td><a href="buildinfo?buildID=$build.build_id">$util.escapeHTML($koji.buildLabel($build))</a></td>
</tr>
#end for
#end if
@ -116,9 +116,9 @@
<td>
#if $owner
#if $owner.usertype == $koji.USERTYPES['HOST']
<a href="hostinfo?userID=$owner.id">$owner.name</a>
<a href="hostinfo?userID=$owner.id">$util.escapeHTML($owner.name)</a>
#else
<a href="userinfo?userID=$owner.id">$owner.name</a>
<a href="userinfo?userID=$owner.id">$util.escapeHTML($owner.name)</a>
#end if
#end if
</td>
@ -127,7 +127,7 @@
<th>Channel</th>
<td>
#if $task.channel_id
<a href="channelinfo?channelID=$task.channel_id">$channelName</a>
<a href="channelinfo?channelID=$task.channel_id">$util.escapeHTML($channelName)</a>
#end if
</td>
</tr>
@ -135,12 +135,12 @@
<th>Host</th>
<td>
#if $task.host_id
<a href="hostinfo?hostID=$task.host_id">$hostName</a>
<a href="hostinfo?hostID=$task.host_id">$util.escapeHTML($hostName)</a>
#end if
</td>
</tr>
<tr>
<th>Arch</th><td>$task.arch</td>
<th>Arch</th><td>$util.escapeHTML($task.arch)</td>
</tr>
#if $buildroots
<tr>
@ -156,7 +156,7 @@
<th>Parent</th>
<td>
#if $parent
<a href="taskinfo?taskID=$parent.id" class="task$util.taskState($parent.state)">$koji.taskLabel($parent)</a>
<a href="taskinfo?taskID=$parent.id" class="task$util.taskState($parent.state)">$util.escapeHTML($koji.taskLabel($parent))</a>
#end if
</td>
</tr>

102
www/kojiweb/taskinfo_params.chtml
View file

@ -40,9 +40,9 @@ $value
#if $len($params) > 1
<strong>Build Tag:</strong>
#if $buildTag.id
<a href="taginfo?tagID=$buildTag.id">$buildTag.name</a>
<a href="taginfo?tagID=$buildTag.id">$util.escapeHTML($buildTag.name)</a>
#else
$buildTag.name
$util.escapeHTML($buildTag.name)
#end if
<br/>
#end if
@ -55,9 +55,9 @@ $printOpts($params[2])
<strong>SRPM:</strong> $params[0]<br/>
<strong>Build Tag:</strong>
#if $buildTag.id
<a href="taginfo?tagID=$buildTag.id">$buildTag.name</a>
<a href="taginfo?tagID=$buildTag.id">$util.escapeHTML($buildTag.name)</a>
#else
$buildTag.name
$util.escapeHTML($buildTag.name)
#end if
<br/>
<strong>Arch:</strong> $params[2]<br/>
@ -66,15 +66,15 @@ $buildTag.name
$printOpts($params[4])
#end if
#elif $task.method == 'tagBuild'
<strong>Destination Tag:</strong> <a href="taginfo?tagID=$destTag.id">$destTag.name</a><br/>
<strong>Build:</strong> <a href="buildinfo?buildID=$build.id">$koji.buildLabel($build)</a>
<strong>Destination Tag:</strong> <a href="taginfo?tagID=$destTag.id">$util.escapeHTML($destTag.name)</a><br/>
<strong>Build:</strong> <a href="buildinfo?buildID=$build.id">$util.escapeHTML($koji.buildLabel($build))</a>
#elif $task.method == 'buildNotification'
#set $build = $params[1]
#set $buildTarget = $params[2]
<strong>Recipients:</strong>&nbsp;$printValue('', $params[0])<br/>
<strong>Build:</strong> <a href="buildinfo?buildID=$build.id">$koji.buildLabel($build)</a><br/>
<strong>Build:</strong> <a href="buildinfo?buildID=$build.id">$util.escapeHTML($koji.buildLabel($build))</a><br/>
#if $buildTarget
<strong>Build Target:</strong> <a href="buildtargetinfo?targetID=$buildTarget.id">$buildTarget.name</a><br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?targetID=$buildTarget.id">$util.escapeHTML($buildTarget.name)</a><br/>
#else
<strong>Build Target:</strong> (no build target)<br/>
#end if
@ -83,32 +83,32 @@ $printOpts($params[4])
<strong>Recipients:</strong>&nbsp;$printValue('', $params[0])<br/>
<strong>Successful?:</strong> #if $params[1] then 'yes' else 'no'#<br/>
#if $destTag
<strong>Tagged Into:</strong> <a href="taginfo?tagID=$destTag.id">$destTag.name</a><br/>
<strong>Tagged Into:</strong> <a href="taginfo?tagID=$destTag.id">$util.escapeHTML($destTag.name)</a><br/>
#end if
#if $srcTag
<strong>#if $destTag then 'Moved From:' else 'Untagged From:'#</strong> <a href="taginfo?tagID=$srcTag.id">$srcTag.name</a><br/>
<strong>#if $destTag then 'Moved From:' else 'Untagged From:'#</strong> <a href="taginfo?tagID=$srcTag.id">$util.escapeHTML($srcTag.name)</a><br/>
#end if
<strong>Build:</strong> <a href="buildinfo?buildID=$build.id">$koji.buildLabel($build)</a><br/>
<strong>#if $destTag then 'Tagged By:' else 'Untagged By:'#</strong> <a href="userinfo?userID=$user.id">$user.name</a><br/>
<strong>Build:</strong> <a href="buildinfo?buildID=$build.id">$util.escapeHTML($koji.buildLabel($build))</a><br/>
<strong>#if $destTag then 'Tagged By:' else 'Untagged By:'#</strong> <a href="userinfo?userID=$user.id">$util.escapeHTML($user.name)</a><br/>
<strong>Ignore Success?:</strong> #if $params[6] then 'yes' else 'no'#<br/>
#if $params[7]
<strong>Failure Message:</strong> $params[7]
#end if
#elif $task.method == 'build'
<strong>Source:</strong> $params[0]<br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[1])">$params[1]</a><br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[1])">$util.escapeHTML($params[1])</a><br/>
$printOpts($params[2])
#elif $task.method == 'maven'
<strong>SCM URL:</strong> $params[0]<br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[1])">$params[1]</a><br/>
<strong>SCM URL:</strong> $util.escapeHTML($params[0])<br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[1])">$util.escapeHTML($params[1])</a><br/>
$printOpts($params[2])
#elif $task.method == 'buildMaven'
<strong>SCM URL:</strong> $params[0]<br/>
<strong>SCM URL:</strong> $util.escapeHTML($params[0])<br/>
<strong>Build Tag:</strong>
#if $buildTag.id
<a href="taginfo?tagID=$buildTag.id">$buildTag.name</a>
<a href="taginfo?tagID=$buildTag.id">$util.escapeHTML($buildTag.name)</a>
#else
$buildTag.name
$util.escapeHTML($buildTag.name)
#end if
<br/>
#if $len($params) > 2
@ -120,13 +120,13 @@ $printOpts($params[2])
#set $buildTag = $buildTarget.name
<strong>Build Tag:</strong>
#if $buildTag.id
<a href="taginfo?tagID=$buildTag.id">$buildTag.name</a>
<a href="taginfo?tagID=$buildTag.id">$util.escapeHTML($buildTag.name)</a>
#else
$buildTag.name
$util.escapeHTML($buildTag.name)
#end if
<br/>
#else
<strong>Build Target:</strong> <a href="buildtargetinfo?targetID=$buildTarget.id">$buildTarget.name</a><br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?targetID=$buildTarget.id">$util.escapeHTML($buildTarget.name)</a><br/>
#end if
#if $params[2]
<strong>Build:</strong> <a href="buildinfo?buildID=$params[2].id">$koji.buildLabel($params[2])</a><br/>
@ -144,53 +144,53 @@ $printOpts($params[4])
<tr><td><strong>$key:</strong></td><td>$printMap($val)</td></tr>
#end for
</table>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[1])">$params[1]</a><br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[1])">$util.escapeHTML($params[1])</a><br/>
#if $len($params) > 2
$printOpts($params[2])
#end if
#elif $task.method == 'livecd' or $task.method == 'appliance' or $task.method == 'livemedia'
<strong>Name:</strong> $params[0]<br/>
<strong>Version:</strong> $params[1]<br/>
<strong>Arch:</strong> $params[2]<br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[3])">$params[3]</a><br/>
<strong>Kickstart File:</strong> $params[4]<br/>
<strong>Name:</strong> $util.escapeHTML($params[0])<br/>
<strong>Version:</strong> $util.escapeHTML($params[1])<br/>
<strong>Arch:</strong> $util.escapeHTML($params[2])<br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[3])">$util.escapeHTML($params[3])</a><br/>
<strong>Kickstart File:</strong> $util.escapeHTML($params[4])<br/>
$printOpts($params[5])
#elif $task.method == 'image'
<strong>Arches:</strong> #echo ', '.join($params[2])#<br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[3])">$params[3]</a><br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[3])">$util.escapeHTML($params[3])</a><br/>
<strong>Installation Tree:</strong> $params[4]<br/>
$printOpts($params[5])
#elif $task.method == 'createLiveCD' or $task.method == 'createAppliance' or $task.method == 'createLiveMedia'
#if $len($params) > 4:
## new method signature
<strong>Arch:</strong> $params[3]<br/>
<strong>Kickstart File:</strong> $params[7]<br/>
<strong>Arch:</strong> $util.escapeHTML($params[3])<br/>
<strong>Kickstart File:</strong> $util.escapeHTML($params[7])<br/>
#if $len($params) > 8
$printOpts($params[8])
#end if
#else
## old method signature
<strong>Arch:</strong> $params[0]<br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[1])">$params[1]</a><br/>
<strong>Kickstart File:</strong> $params[2]<br/>
<strong>Arch:</strong> $util.escapeHTML($params[0])<br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[1])">$util.escapeHTML($params[1])</a><br/>
<strong>Kickstart File:</strong> $util.escapeHTML($params[2])<br/>
#if $len($params) > 3
$printOpts($params[3])
#end if
#end if
#elif $task.method == 'createImage'
#set $target = $params[4]
<strong>Build Target:</strong> <a href="buildtargetinfo?targetID=$target.id">$target.name</a><br/>
<strong>Install Tree:</strong> $params[7]<br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?targetID=$target.id">$util.escapeHTML($target.name)</a><br/>
<strong>Install Tree:</strong> $util.escapeHTML($params[7])<br/>
$printOpts($params[8])
#elif $task.method == 'winbuild'
<strong>VM:</strong> $params[0]<br/>
<strong>SCM URL:</strong> $params[1]<br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[2])">$params[2]</a><br/>
<strong>VM:</strong> $util.escapeHTML($params[0])<br/>
<strong>SCM URL:</strong> $util.escapeHTML($params[1])<br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[2])">$util.escapeHTML($params[2])</a><br/>
#if $len($params) > 3
$printOpts($params[3])
#end if
#elif $task.method == 'vmExec'
<strong>VM:</strong> $params[0]<br/>
<strong>VM:</strong> $util.escapeHTML($params[0])<br/>
<strong>Exec Params:</strong><br/>
#for $info in $params[1]
#if $isinstance($info, dict)
@ -203,20 +203,20 @@ $printMap($info, '&nbsp;&nbsp;&nbsp;&nbsp;')
$printOpts($params[2])
#end if
#elif $task.method == 'newRepo'
<strong>Tag:</strong> <a href="taginfo?tagID=$tag.id">$tag.name</a><br/>
<strong>Tag:</strong> <a href="taginfo?tagID=$tag.id">$util.escapeHTML($tag.name)</a><br/>
#if $len($params) > 1
$printOpts($params[1])
#end if
#elif $task.method == 'distRepo'
<strong>Tag:</strong> <a href="taginfo?tagID=$tag.id">$tag.name</a><br/>
<strong>Tag:</strong> <a href="taginfo?tagID=$tag.id">$util.escapeHTML($tag.name)</a><br/>
<strong>Repo ID:</strong> <a href="repoinfo?repoID=$params[1]">$params[1]</a></br>
<strong>Keys:</strong> $printValue(0, $params[2])<br/>
$printOpts($params[3])
#elif $task.method == 'prepRepo'
<strong>Tag:</strong> <a href="taginfo?tagID=$params[0].id">$params[0].name</a>
<strong>Tag:</strong> <a href="taginfo?tagID=$params[0].id">$util.escapeHTML($params[0].name)</a>
#elif $task.method == 'createrepo'
<strong>Repo ID:</strong> <a href="repoinfo?repoID=$params[0]">$params[0]</a><br/>
<strong>Arch:</strong> $params[1]<br/>
<strong>Arch:</strong> $util.escapeHTML($params[1])<br/>
#set $oldrepo = $params[2]
#if $oldrepo
<strong>Old Repo ID:</strong> <a href="repoinfo?repoID=$oldrepo.id">$oldrepo.id</a><br/>
@ -226,7 +226,7 @@ $printOpts($params[3])
<strong>External Repos:</strong> $printValue(None, [ext['external_repo_name'] for ext in $params[3]])<br/>
#end if
#elif $task.method == 'createdistrepo'
<strong>Tag:</strong> <a href="taginfo?tagID=$tag.id">$tag.name</a><br/>
<strong>Tag:</strong> <a href="taginfo?tagID=$tag.id">$util.escapeHTML($tag.name)</a><br/>
<strong>Repo ID:</strong> <a href="repoinfo?repoID=$params[1]">$params[1]</a></br>
<strong>Arch:</strong> $printValue(0, $params[2])<br/>
<strong>Keys:</strong> $printValue(0, $params[3])<br/>
@ -253,27 +253,27 @@ $printMap($subtask[2], '&nbsp;&nbsp;&nbsp;&nbsp;')
#set $groupNum += 1
&nbsp;&nbsp;<strong>$groupNum</strong>: #echo ', '.join($urls)#<br/>
#end for
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[1])">$params[1]</a><br/>
<strong>Build Target:</strong> <a href="buildtargetinfo?name=$quote($params[1])">$util.escapeHTML($params[1])</a><br/>
$printOpts($params[2])
#elif $task.method == 'waitrepo'
<strong>Build Tag:</strong> $params[0]<br/>
<strong>Build Tag:</strong> $util.escapeHTML($params[0])<br/>
#if $params[1]
<strong>Newer Than:</strong> $params[1]<br/>
<strong>Newer Than:</strong> $util.escapeHTML($params[1])<br/>
#end if
#if $params[2]
<strong>NVRs:</strong> $printValue('', $params[2])
#end if
#elif $task.method == 'restart'
<strong>Host:</strong> <a href="hostinfo?hostID=$params[0].id">$params[0].name</a><br/>
<strong>Host:</strong> <a href="hostinfo?hostID=$params[0].id">$util.escapeHTML($params[0].name)</a><br/>
#elif $task.method == 'restartVerify'
<strong>Host:</strong> <a href="hostinfo?hostID=$params[1].id">$params[1].name</a><br/>
<strong>Host:</strong> <a href="hostinfo?hostID=$params[1].id">$util.escapeHTML($params[1].name)</a><br/>
<strong>Restart Task:</strong>
<a href="taskinfo?taskID=$rtask.id" class="task$util.taskState($rtask.state)">$koji.taskLabel($rtask)</a><br/>
#elif $task.method == 'runroot'
<strong>Build Tag:</strong> <a href="taginfo?tagID=$params[0]">$params[0]</a><br/>
<strong>Arch:</strong> $params[1]<br/>
<strong>Arch:</strong> $util.escapeHTML($params[1])<br/>
$printOpts($params[3])
<strong>Commands:</strong> $params[2]<br/>
<strong>Commands:</strong> $util.escapeHTML($params[2])<br/>
#else
$params
#end if

10
www/kojiweb/tasks.chtml
View file

@ -16,7 +16,7 @@
#set $childState = $util.taskState($child.state)
<span class="treeBranch">
<span class="treeLabel">
<a href="taskinfo?taskID=$child.id" class="task$childState" title="$childState">$koji.taskLabel($child)</a>
<a href="taskinfo?taskID=$child.id" class="task$childState" title="$childState">$util.escapeHTML($koji.taskLabel($child))</a>
</span>
</span>
$printChildren($child.id, $childMap)
@ -40,7 +40,7 @@ All
#include "includes/header.chtml"
<h4>$headerPrefix($state) #if $view == 'toplevel' then 'toplevel' else ''# #if $method != 'all' then $method else ''# Tasks#if $ownerObj then ' owned by <a href="userinfo?userID=%i">%s</a>' % ($ownerObj.id, $ownerObj.name) else ''##if $host then ' on host <a href="hostinfo?hostID=%i">%s</a>' % ($host.id, $host.name) else ''# #if $channel then ' in channel <a href="channelinfo?channelID=%i">%s</a>' % ($channel.id, $channel.name) else ''#</h4>
<h4>$headerPrefix($state) #if $view == 'toplevel' then 'toplevel' else ''# #if $method != 'all' then $method else ''# Tasks#if $ownerObj then ' owned by <a href="userinfo?userID=%i">%s</a>' % ($ownerObj.id, $util.escapeHTML($ownerObj.name)) else ''##if $host then ' on host <a href="hostinfo?hostID=%i">%s</a>' % ($host.id, $util.escapeHTML($host.name)) else ''# #if $channel then ' in channel <a href="channelinfo?channelID=%i">%s</a>' % ($channel.id, $util.escapeHTML($channel.name)) else ''#</h4>
<table class="data-list">
<tr>
@ -69,7 +69,7 @@ All
<option value="$loggedInUser.name">me</option>
#end if
#for $user in $users
<option value="$user.name" #if $user.name == $owner then 'selected="selected"' else ''#>$user.name</option>
<option value="$user.name" #if $user.name == $owner then 'selected="selected"' else ''#>$util.escapeHTML($user.name)</option>
#end for
</select>
</td></tr>
@ -159,9 +159,9 @@ All
</td>
<td class="user-$task.owner_name">
#if $task.owner_type == $koji.USERTYPES['HOST']
<a href="hostinfo?userID=$task.owner">$task.owner_name</a>
<a href="hostinfo?userID=$task.owner">$util.escapeHTML($task.owner_name)</a>
#else
<a href="userinfo?userID=$task.owner">$task.owner_name</a>
<a href="userinfo?userID=$task.owner">$util.escapeHTML($task.owner_name)</a>
#end if
</td>
<td>$task.arch</td>

2
www/kojiweb/tasksbyhost.chtml
View file

@ -51,7 +51,7 @@
#if $len($hosts) > 0
#for $host in $hosts
<tr class="$util.rowToggle($self)">
<td><a href="hostinfo?hostID=$host.id">$host.name</a></td>
<td><a href="hostinfo?hostID=$host.id">$util.escapeHTML($host.name)</a></td>
<td width="#echo $graphWidth + 5#"><img src="$util.themePath('images/1px.gif')" width="#echo $increment * $host.tasks#" height="15" class="graphrow" alt="graph row"/></td>
<td>$host.tasks</td>
</tr>

2
www/kojiweb/tasksbyuser.chtml
View file

@ -35,7 +35,7 @@
#if $len($users) > 0
#for $user in $users
<tr class="$util.rowToggle($self)">
<td><a href="userinfo?userID=$user.id">$user.name</a></td>
<td><a href="userinfo?userID=$user.id">$util.escapeHTML($user.name)</a></td>
<td width="#echo $graphWidth + 5#"><img src="$util.themePath('images/1px.gif')" width="#echo $increment * $user.tasks#" height="15" class="graphrow" alt="graph row"/></td>
<td>$user.tasks</td>
</tr>

12
www/kojiweb/userinfo.chtml
View file

@ -2,17 +2,17 @@
#include "includes/header.chtml"
<h4>Information for user <a href="userinfo?userID=$user.id">$user.name</a></h4>
<h4>Information for user <a href="userinfo?userID=$user.id">$util.escapeHTML($user.name)</a></h4>
<table>
<tr>
<th>Name</th><td>$user.name</td>
<th>Name</th><td>$util.escapeHTML($user.name)</td>
</tr>
<tr>
<th>ID</th><td>$user.id</td>
</tr>
<tr>
<th>Tasks</th><td><a href="tasks?owner=$user.name&state=all">$taskCount</a></td>
<th>Tasks</th><td><a href="tasks?$util.passthrough($self, 'owner')&state=all">$taskCount</a></td>
</tr>
<tr>
<th id="packagelist">Packages</th>
@ -47,8 +47,8 @@
</tr>
#for $package in $packages
<tr class="$util.rowToggle($self)">
<td><a href="packageinfo?packageID=$package.package_id">$package.package_name</a></td>
<td><a href="taginfo?tagID=$package.tag_id">$package.tag_name</a></td>
<td><a href="packageinfo?packageID=$package.package_id">$util.escapeHTML($package.package_name)</a></td>
<td><a href="taginfo?tagID=$package.tag_id">$util.escapeHTML($package.tag_name)</a></td>
<td class="$str(not $package.blocked).lower()">#if $package.blocked then $util.imageTag('no') else $util.imageTag('yes')#</td>
</tr>
#end for
@ -92,7 +92,7 @@
#for $build in $builds
<tr class="$util.rowToggle($self)">
#set $stateName = $util.stateName($build.state)
<td><a href="buildinfo?buildID=$build.build_id">$build.nvr</a></td>
<td><a href="buildinfo?buildID=$build.build_id">$util.escapeHTML($build.nvr)</a></td>
<td>$util.formatTime($build.completion_ts)</td>
<td class="$stateName">$util.stateImage($build.state)</td>
</tr>

9
www/kojiweb/users.chtml
View file

@ -1,4 +1,5 @@
#from kojiweb import util
#from urllib.parse import quote
#include "includes/header.chtml"
@ -55,10 +56,10 @@
#for $user in $users
<tr class="$util.rowToggle($self)">
<td>$user.id</td>
<td><a href="userinfo?userID=$user.name">$user.name</a></td>
<td><a href="packages?userID=$user.name">view</a></td>
<td><a href="builds?userID=$user.name">view</a></td>
<td><a href="tasks?owner=$user.name">view</a></td>
<td><a href="userinfo?userID=$quote($user.name)">$util.escapeHTML($user.name)</a></td>
<td><a href="packages?userID=$quote($user.name)">view</a></td>
<td><a href="builds?userID=$quote($user.name)">view</a></td>
<td><a href="tasks?owner=$quote($user.name)">view</a></td>
</tr>
#end for
#else

6
www/lib/kojiweb/util.py
View file

@ -25,6 +25,7 @@ import os
import re
import ssl
import stat
import urllib
import xmlrpc.client
# a bunch of exception classes that explainError needs
from socket import error as socket_error
@ -232,6 +233,11 @@ def passthrough(template, *vars):
for var in vars:
value = template.getVar(var, default=None)
if value is not None:
if isinstance(value, str):
if value.isdigit():
pass
else:
value = urllib.parse.quote(value)
result.append('%s=%s' % (var, value))
if result:
return '&' + '&'.join(result)