From commits-return-17198-apmail-allura-commits-archive=allura.apache.org@allura.apache.org Tue Mar 10 16:11:55 2020 Return-Path: X-Original-To: apmail-allura-commits-archive@www.apache.org Delivered-To: apmail-allura-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by minotaur.apache.org (Postfix) with SMTP id D2FC319FB8 for ; Tue, 10 Mar 2020 16:11:54 +0000 (UTC) Received: (qmail 76310 invoked by uid 500); 10 Mar 2020 16:11:53 -0000 Delivered-To: apmail-allura-commits-archive@allura.apache.org Received: (qmail 76272 invoked by uid 500); 10 Mar 2020 16:11:53 -0000 Mailing-List: contact commits-help@allura.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@allura.apache.org Delivered-To: mailing list commits@allura.apache.org Received: (qmail 76041 invoked by uid 99); 10 Mar 2020 16:11:53 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Mar 2020 16:11:53 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id E15B98DAD7; Tue, 10 Mar 2020 16:11:52 +0000 (UTC) Date: Tue, 10 Mar 2020 16:12:05 +0000 To: "commits@allura.apache.org" Subject: [allura] 13/14: [#8354] antispam fixes for py3 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit From: brondsem@apache.org In-Reply-To: <158385671248.22632.15512783501573495449@gitbox.apache.org> References: <158385671248.22632.15512783501573495449@gitbox.apache.org> X-Git-Host: gitbox.apache.org X-Git-Repo: allura X-Git-Refname: refs/heads/db/8354 X-Git-Reftype: branch X-Git-Rev: d5f5e01a5436ff084103732958eef81876a0e663 X-Git-NotificationType: diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated Message-Id: <20200310161152.E15B98DAD7@gitbox.apache.org> This is an automated email from the ASF dual-hosted git repository. brondsem pushed a commit to branch db/8354 in repository https://gitbox.apache.org/repos/asf/allura.git commit d5f5e01a5436ff084103732958eef81876a0e663 Author: Dave Brondsema AuthorDate: Mon Mar 9 12:23:50 2020 -0400 [#8354] antispam fixes for py3 --- Allura/allura/lib/utils.py | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py index 2494c8b..81d3a26 100644 --- a/Allura/allura/lib/utils.py +++ b/Allura/allura/lib/utils.py @@ -213,14 +213,15 @@ class AntiSpam(object): self.timestamp = timestamp if timestamp else int(time.time()) self.spinner = spinner if spinner else self.make_spinner() self.timestamp_text = str(self.timestamp) - self.spinner_text = self._wrap(self.spinner) + self.spinner_text = six.ensure_text(self._wrap(self.spinner)) else: self.request = request self.timestamp_text = request.params['timestamp'] self.spinner_text = request.params['spinner'] self.timestamp = int(self.timestamp_text) self.spinner = self._unwrap(self.spinner_text) - self.spinner_ord = list(map(ord, self.spinner)) + trans_fn = ord if six.PY2 else int + self.spinner_ord = list(map(trans_fn, self.spinner)) self.random_padding = [random.randint(0, 255) for x in self.spinner] self.honey_class = self.enc(self.spinner_text, css_safe=True) @@ -241,20 +242,21 @@ class AntiSpam(object): encoding doesn't use hyphens, underscores, colons, nor periods, so we'll use these characters to replace its plus, slash, equals, and newline. ''' - s = base64.b64encode(s) - s = s.rstrip('=\n') - s = s.replace('+', '-').replace('/', '_') - s = 'X' + s + s = base64.b64encode(six.ensure_binary(s)) + s = s.rstrip(b'=\n') + s = s.replace(b'+', b'-').replace(b'/', b'_') + s = b'X' + s return s @staticmethod def _unwrap(s): s = s[1:] - s = s.replace('-', '+').replace('_', '/') + s = six.ensure_binary(s) + s = s.replace(b'-', b'+').replace(b'_', b'/') i = len(s) % 4 if i > 0: - s += '=' * (4 - i) - s = base64.b64decode(s + '\n') + s += b'=' * (4 - i) + s = base64.b64decode(s + b'\n') return s def enc(self, plain, css_safe=False): @@ -275,6 +277,7 @@ class AntiSpam(object): enc = ''.join(six.unichr(p ^ s) for p, s in zip(plain, self.spinner_ord)) enc = six.ensure_binary(enc) enc = self._wrap(enc) + enc = six.ensure_text(enc) if css_safe: enc = ''.join(ch for ch in enc if ch.isalpha()) return enc @@ -315,7 +318,7 @@ class AntiSpam(object): ip_chunk = '.'.join(octets[0:3]) plain = '%d:%s:%s' % ( timestamp, ip_chunk, tg.config.get('spinner_secret', 'abcdef')) - return hashlib.sha1(plain).digest() + return hashlib.sha1(six.ensure_binary(plain)).digest() @classmethod def validate_request(cls, request=None, now=None, params=None): @@ -339,11 +342,11 @@ class AntiSpam(object): raise ValueError('Post from the distant past') if obj.spinner != expected_spinner: raise ValueError('Bad spinner value') - for k in new_params.keys(): + for k in list(new_params.keys()): try: new_params[obj.dec(k)] = new_params[k] new_params.pop(k) - except: + except Exception as ex: pass for fldno in range(obj.num_honey): try: