Show More
@@ -31,11 +31,10 b' from webob.exc import HTTPForbidden, HTT' | |||||
31 | from pylons import tmpl_context as c, url, request, response |
|
31 | from pylons import tmpl_context as c, url, request, response | |
32 | from pylons.i18n.translation import _ |
|
32 | from pylons.i18n.translation import _ | |
33 | from pylons.controllers.util import redirect |
|
33 | from pylons.controllers.util import redirect | |
34 |
from |
|
34 | from rhodecode.lib.utils import jsonify | |
35 |
|
35 | |||
36 |
from rhodecode.lib.vcs.exceptions import RepositoryError, |
|
36 | from rhodecode.lib.vcs.exceptions import RepositoryError, \ | |
37 | ChangesetDoesNotExistError |
|
37 | ChangesetDoesNotExistError | |
38 | from rhodecode.lib.vcs.nodes import FileNode |
|
|||
39 |
|
38 | |||
40 | import rhodecode.lib.helpers as h |
|
39 | import rhodecode.lib.helpers as h | |
41 | from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator |
|
40 | from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator | |
@@ -47,8 +46,8 b' from rhodecode.model.db import Changeset' | |||||
47 | from rhodecode.model.comment import ChangesetCommentsModel |
|
46 | from rhodecode.model.comment import ChangesetCommentsModel | |
48 | from rhodecode.model.changeset_status import ChangesetStatusModel |
|
47 | from rhodecode.model.changeset_status import ChangesetStatusModel | |
49 | from rhodecode.model.meta import Session |
|
48 | from rhodecode.model.meta import Session | |
|
49 | from rhodecode.model.repo import RepoModel | |||
50 | from rhodecode.lib.diffs import LimitedDiffContainer |
|
50 | from rhodecode.lib.diffs import LimitedDiffContainer | |
51 | from rhodecode.model.repo import RepoModel |
|
|||
52 | from rhodecode.lib.exceptions import StatusChangeOnClosedPullRequestError |
|
51 | from rhodecode.lib.exceptions import StatusChangeOnClosedPullRequestError | |
53 | from rhodecode.lib.vcs.backends.base import EmptyChangeset |
|
52 | from rhodecode.lib.vcs.backends.base import EmptyChangeset | |
54 | from rhodecode.lib.utils2 import safe_unicode |
|
53 | from rhodecode.lib.utils2 import safe_unicode |
@@ -31,7 +31,7 b' import tempfile' | |||||
31 | from pylons import request, response, tmpl_context as c, url |
|
31 | from pylons import request, response, tmpl_context as c, url | |
32 | from pylons.i18n.translation import _ |
|
32 | from pylons.i18n.translation import _ | |
33 | from pylons.controllers.util import redirect |
|
33 | from pylons.controllers.util import redirect | |
34 |
from |
|
34 | from rhodecode.lib.utils import jsonify | |
35 |
|
35 | |||
36 | from rhodecode.lib import diffs |
|
36 | from rhodecode.lib import diffs | |
37 | from rhodecode.lib import helpers as h |
|
37 | from rhodecode.lib import helpers as h |
@@ -33,7 +33,6 b' from itertools import groupby' | |||||
33 | from pylons import request, response, session, tmpl_context as c, url |
|
33 | from pylons import request, response, session, tmpl_context as c, url | |
34 | from pylons.controllers.util import abort, redirect |
|
34 | from pylons.controllers.util import abort, redirect | |
35 | from pylons.i18n.translation import _ |
|
35 | from pylons.i18n.translation import _ | |
36 | from pylons.decorators import jsonify |
|
|||
37 |
|
36 | |||
38 | from rhodecode.lib.compat import json |
|
37 | from rhodecode.lib.compat import json | |
39 | from rhodecode.lib.base import BaseRepoController, render |
|
38 | from rhodecode.lib.base import BaseRepoController, render | |
@@ -41,7 +40,10 b' from rhodecode.lib.auth import LoginRequ' | |||||
41 | NotAnonymous |
|
40 | NotAnonymous | |
42 | from rhodecode.lib import helpers as h |
|
41 | from rhodecode.lib import helpers as h | |
43 | from rhodecode.lib import diffs |
|
42 | from rhodecode.lib import diffs | |
44 | from rhodecode.lib.utils import action_logger |
|
43 | from rhodecode.lib.utils import action_logger, jsonify | |
|
44 | from rhodecode.lib.vcs.exceptions import EmptyRepositoryError | |||
|
45 | from rhodecode.lib.vcs.backends.base import EmptyChangeset | |||
|
46 | from rhodecode.lib.diffs import LimitedDiffContainer | |||
45 | from rhodecode.model.db import User, PullRequest, ChangesetStatus,\ |
|
47 | from rhodecode.model.db import User, PullRequest, ChangesetStatus,\ | |
46 | ChangesetComment |
|
48 | ChangesetComment | |
47 | from rhodecode.model.pull_request import PullRequestModel |
|
49 | from rhodecode.model.pull_request import PullRequestModel | |
@@ -50,10 +52,6 b' from rhodecode.model.repo import RepoMod' | |||||
50 | from rhodecode.model.comment import ChangesetCommentsModel |
|
52 | from rhodecode.model.comment import ChangesetCommentsModel | |
51 | from rhodecode.model.changeset_status import ChangesetStatusModel |
|
53 | from rhodecode.model.changeset_status import ChangesetStatusModel | |
52 | from rhodecode.model.forms import PullRequestForm |
|
54 | from rhodecode.model.forms import PullRequestForm | |
53 | from rhodecode.lib.vcs.exceptions import EmptyRepositoryError |
|
|||
54 | from rhodecode.lib.vcs.backends.base import EmptyChangeset |
|
|||
55 | from rhodecode.lib.diffs import LimitedDiffContainer |
|
|||
56 | from rhodecode.lib.utils2 import str2bool |
|
|||
57 |
|
55 | |||
58 | log = logging.getLogger(__name__) |
|
56 | log = logging.getLogger(__name__) | |
59 |
|
57 |
@@ -32,6 +32,8 b' import paste' | |||||
32 | import beaker |
|
32 | import beaker | |
33 | import tarfile |
|
33 | import tarfile | |
34 | import shutil |
|
34 | import shutil | |
|
35 | import decorator | |||
|
36 | import warnings | |||
35 | from os.path import abspath |
|
37 | from os.path import abspath | |
36 | from os.path import dirname as dn, join as jn |
|
38 | from os.path import dirname as dn, join as jn | |
37 |
|
39 | |||
@@ -714,3 +716,27 b' def check_git_version():' | |||||
714 | 'for the system to function properly. Make sure ' |
|
716 | 'for the system to function properly. Make sure ' | |
715 | 'its version is at least %s' % (ver, req_ver)) |
|
717 | 'its version is at least %s' % (ver, req_ver)) | |
716 | return _ver |
|
718 | return _ver | |
|
719 | ||||
|
720 | ||||
|
721 | @decorator.decorator | |||
|
722 | def jsonify(func, *args, **kwargs): | |||
|
723 | """Action decorator that formats output for JSON | |||
|
724 | ||||
|
725 | Given a function that will return content, this decorator will turn | |||
|
726 | the result into JSON, with a content-type of 'application/json' and | |||
|
727 | output it. | |||
|
728 | ||||
|
729 | """ | |||
|
730 | from pylons.decorators.util import get_pylons | |||
|
731 | from rhodecode.lib.ext_json import json | |||
|
732 | pylons = get_pylons(args) | |||
|
733 | pylons.response.headers['Content-Type'] = 'application/json; charset=utf-8' | |||
|
734 | data = func(*args, **kwargs) | |||
|
735 | if isinstance(data, (list, tuple)): | |||
|
736 | msg = "JSON responses with Array envelopes are susceptible to " \ | |||
|
737 | "cross-site data leak attacks, see " \ | |||
|
738 | "http://wiki.pylonshq.com/display/pylonsfaq/Warnings" | |||
|
739 | warnings.warn(msg, Warning, 2) | |||
|
740 | log.warning(msg) | |||
|
741 | log.debug("Returning JSON wrapped action output") | |||
|
742 | return json.dumps(data, encoding='utf-8') No newline at end of file |
General Comments 0
You need to be logged in to leave comments.
Login now