def index(request):
if request.method == 'POST':
form = PathAnalysisForm(request.POST)
if form.is_valid():
query = form.cleaned_data['search']
print(query)
#here is where the magic happens!
#search in kegg
# data = kegg_rest_request('list/pathway/hsa')
# pathways = kegg_rest_request('find/pathway/%s' % (query))
pathways = Pathway.objects.filter(Q(name__icontains=query))
# print pathways
else:
form = PathAnalysisForm()
# pathways = kegg_rest_request('list/pathway/hsa')
pathways = Pathway.objects.all()
return render_to_response('pathway_analysis/index.html', {'form': form, 'pathways': pathways}, context_instance=RequestContext(request))
python类render_to_response()的实例源码
def _date_filter_response(self, field):
query_dict = self._get_queryset_all().aggregate(Min(field), Max(field))
min_date = query_dict[field + '__min']
max_date = query_dict[field + '__max']
if isinstance(min_date, datetime.datetime):
min_date = min_date.date()
if isinstance(max_date, datetime.datetime):
max_date = max_date.date()
selected_dates = self.json_cfg.get('selected_filter_values', None)
if selected_dates and not self.json_cfg.get('ignore_selected_values', False):
selected_min_date = parse(selected_dates['min_date']).date()
selected_max_date = parse(selected_dates['max_date']).date()
reset_button = True
else:
selected_min_date = min_date
selected_max_date = max_date
reset_button = False
return render_to_response('ajaxviews/_select_date_filter.html', {
'min_date': min_date,
'max_date': max_date,
'selected_min_date': selected_min_date,
'selected_max_date': selected_max_date,
'reset_button': reset_button,
})
def get_index(request):
# response = requests.get('http://127.0.0.1:8000/api/chairmans/')
# chairmans = response.json()
if 'type' in request.GET:
type = request.GET['type']
chairmans = Chairman.objects.filter(type=type).order('-num')
else:
chairmans = Chairman.objects.all().order('-num')
# chairmans_set = SortedSet('chairmans_set')
# chairmans_hash = SortedSet('chairmans_hash')
# chairmans = map(_convert_chairman, chairmans_set.revmembers)
# chairmans = map(_convert_chairman, chairmans_hash.members)
return render_to_response('index.html', locals(),
context_instance=RequestContext(request))
def fetch(request):
fetcher = Fetcher()
fetcher.fetch_cc()
fetcher.fetch_douyu()
fetcher.fetch_longzhu()
fetcher.fetch_quanmin()
fetcher.fetch_xiongmao()
fetcher.fetch_zhanqi()
fetcher.fetch_huya()
# chairmans_set = SortedSet('chairmans_set')
# charimans_hash = Hash('chairmans_hash')
for chairman in fetcher.chairmans:
try:
if chairman.is_valid():
# charimans_hash[chairman.id] = chairman
# chairmans_set.add(chairman, chairman.num)
chairman.save()
else:
print chairman.errors
except Exception, e:
print e
return render_to_response('index.html', locals(),
context_instance=RequestContext(request))
def home_page(request):
try:
coming_event = get_events('upcoming')[0]
except IndexError:
coming_event = {
'event_name': 'No upcoming event',
'event_description': 'Check back in the middle of the month',
'og_event_description': 'Check back in the middle of the month',
}
return render_to_response(
'home.html',
{
'coming_event': coming_event,
},
# context_instance=RequestContext(request)
)
def ajax_meetups_tab(request, event_status):
"""
Queries the meetup.com API to get all the events of the status specified
:param request:
:param event_status: upcoming, past, proposed, suggested, cancelled, draft
:return:
"""
events = get_events(event_status)
return render_to_response(
'ajax/ajax_meetups.html',
{
"group_events": events,
'event_status': event_status,
})
def function_based_view(request, engine):
context = {
'items': [
'Wow',
'This is awesome',
'Don\'t forget to bring some bread honey ;)',
'The requested template is: {}'.format(engine),
],
'value': 1+1,
'engine': engine,
}
if engine == 'mako':
template_name = 'mako.html'
else:
template_name = 'django.html'
return render_to_response(
template_name=template_name,
context=context,
using=engine,
)
def rate_limit_tasks(self, request, queryset):
tasks = set([task.name for task in queryset])
opts = self.model._meta
app_label = opts.app_label
if request.POST.get('post'):
rate = request.POST['rate_limit']
with current_app.default_connection() as connection:
for task_name in tasks:
rate_limit(task_name, rate, connection=connection)
return None
context = {
'title': _('Rate limit selection'),
'queryset': queryset,
'object_name': force_text(opts.verbose_name),
'action_checkbox_name': helpers.ACTION_CHECKBOX_NAME,
'opts': opts,
'app_label': app_label,
}
return render_to_response(
self.rate_limit_confirmation_template, context,
context_instance=RequestContext(request),
)
def login(request):
username = auth.get_user(request).username
if (username):
return redirect('/')
else:
args = {}
args.update(csrf(request))
if request.POST:
username = request.POST.get('username','')
password = request.POST.get('password','')
user = auth.authenticate(username=username, password=password)
if user is not None:
if not request.POST.get('remember-me', ''):
request.session.set_expiry(0)
auth.login(request, user)
return redirect('/')
else:
args['login_error'] = format_html("<div class=\"main-error alert alert-error\">???????????? ??? ???????????? ??? ??????</div>")
return render_to_response('login.html', args)
else:
return render_to_response('login.html', args)
def history(request):
username = auth.get_user(request).username
if (username):
?t = city.objects.all().values()
co = country.objects.all().values()
city_json = json.dumps(list(?t), cls=DjangoJSONEncoder,ensure_ascii=False)
country_json = json.dumps(list(co), cls=DjangoJSONEncoder,ensure_ascii=False)
args={}
args['city']=city_json
args['country'] = country_json
args['max_date'] = []
for i in ?t:
args['max_date'].append((temperature.objects.filter(city_id__exact=i['city_id']).latest('date').date))
return render_to_response("history.html",args)
else:
return redirect("/login")
def register(request):
username = auth.get_user(request).username
if not (username):
args={}
args.update(csrf(request))
args['form']=UserCreationForm()
if request.POST:
newuser_form=UserCreationForm(request.POST)
if newuser_form.is_valid():
newuser_form.save()
newuser = auth.authenticate(username=newuser_form.cleaned_data['username'],password=newuser_form.cleaned_data['password2'])
auth.login(request, newuser)
return redirect('/')
else:
args['errors'] = format_html('<div class="main-error alert alert-error">?????? ??? ???????????</div>')
args['form'] = newuser_form
return render_to_response('register.html',args)
else:
return redirect('/')
def addVmServer(request):
if request.method == "GET":
return render_to_response('vmServer/add_server.html',
{"user":request.user,"localtion":[{"name":"??","url":'/'},{"name":"??????","url":'#'},{"name":"????","url":"/addServer"}]},
context_instance=RequestContext(request))
elif request.method == "POST":
try:
VmServer.objects.create(hostname=request.POST.get('hostname'),
username=request.POST.get('username',None),
vm_type=request.POST.get('vm_type'),
server_ip=request.POST.get('server_ip'),
passwd=request.POST.get('passwd',None),
status=0,)
return render_to_response('vmServer/add_server.html',
{"user":request.user,"localtion":[{"name":"??","url":'/'},{"name":"??????","url":'#'},{"name":"????","url":"/addServer"}]},
context_instance=RequestContext(request))
except Exception,e:
return render_to_response('vmServer/add_server.html',
{"user":request.user,"localtion":[{"name":"??","url":'/'},{"name":"??????","url":'#'},{"name":"????","url":"/addServer"}],
"errorInfo":e},
context_instance=RequestContext(request))
def login(request):
if request.session.get('username') is not None:
return HttpResponseRedirect('/profile',{"user":request.user})
else:
username = request.POST.get('username')
password = request.POST.get('password')
user = auth.authenticate(username=username,password=password)
if user and user.is_active:
auth.login(request,user)
request.session['username'] = username
return HttpResponseRedirect('/profile',{"user":request.user})
else:
if request.method == "POST":
return render_to_response('login.html',{"login_error_info":"???????????????"},
context_instance=RequestContext(request))
else:
return render_to_response('login.html',context_instance=RequestContext(request))
def listStorage(request,id):
if request.method == "GET":
try:
vServer = VmServer.objects.get(id=id)
except Exception,e:
return render_to_response('404.html',context_instance=RequestContext(request))
try:
VMS = LibvirtManage(vServer.server_ip,vServer.username, vServer.passwd, vServer.vm_type)
SERVER = VMS.genre(model='server')
if SERVER:
storageList = SERVER.getVmStorageInfo()
VMS.close()
else:return render_to_response('404.html',context_instance=RequestContext(request))
except Exception,e:
return render_to_response('404.html',context_instance=RequestContext(request))
return render_to_response('vmStorage/list_storage.html',
{"user":request.user,"localtion":[{"name":"??","url":'/'},{"name":"?????","url":'#'},
{"name":"?????","url":"/listStorage/%d/" % vServer.id}],
"vmServer":vServer,"storageList":storageList}, context_instance=RequestContext(request))
def viewStorage(request,id,name):
if request.method == "GET":
try:
vServer = VmServer.objects.get(id=id)
except:
return render_to_response('404.html',context_instance=RequestContext(request))
try:
VMS = LibvirtManage(vServer.server_ip,vServer.username, vServer.passwd, vServer.vm_type)
STORAGE = VMS.genre(model='storage')
if STORAGE:
storage = STORAGE.getStorageInfo(name)
VMS.close()
else:return render_to_response('404.html',context_instance=RequestContext(request))
except Exception,e:
return render_to_response('404.html',context_instance=RequestContext(request))
return render_to_response('vmStorage/view_storage.html',
{"user":request.user,"localtion":[{"name":"??","url":'/'},{"name":"?????","url":'#'},
{"name":"?????","url":"/listStorage/%d/" % vServer.id},
{"name":"?????","url":"/viewStorage/%d/%s/" % (vServer.id,name)}],
"vmServer":vServer,"storage":storage}, context_instance=RequestContext(request))
def tempInstance(request):
if request.method == "GET":
tempList = VmInstance_Template.objects.all()
return render_to_response('vmInstance/temp_instance.html',
{"user":request.user,"localtion":[{"name":"??","url":'/'},{"name":"????","url":'/tempInstance'}],
"tempList":tempList},
context_instance=RequestContext(request))
elif request.method == "POST":
op = request.POST.get('op')
if op in ['add','modf','del'] and request.user.has_perm('VManagePlatform.add_vminstance_template'):
if op == 'add':
result = VmInstance_Template.objects.create(name=request.POST.get('name'),cpu=request.POST.get('cpu'),
mem=request.POST.get('mem'),disk=request.POST.get('disk'))
if isinstance(result, str):return JsonResponse({"code":500,"data":result,"msg":"?????"})
else:return JsonResponse({"code":200,"data":None,"msg":"?????"})
else:return JsonResponse({"code":500,"data":None,"msg":"????????????????????"})
redirect_maybe_should_trigger_vuln.py 文件源码
项目:pyt
作者: python-security
项目源码
文件源码
阅读 23
收藏 0
点赞 0
评论 0
def task_edit(request, project_id, task_id):
proj = Project.objects.get(pk=project_id)
task = Task.objects.get(pk=task_id)
if request.method == 'POST':
if task.project == proj:
text = request.POST.get('text', False)
task_title = request.POST.get('task_title', False)
task_completed = request.POST.get('task_completed', False)
task.title = task_title
task.text = text
task.completed = True if task_completed == "1" else False
task.save()
return redirect('/taskManager/' + project_id + '/' + task_id)
else:
return render_to_response(
'taskManager/task_edit.html', {'task': task}, RequestContext(request))
def task_edit(request, project_id, task_id):
proj = Project.objects.get(pk=project_id)
task = Task.objects.get(pk=task_id)
if request.method == 'POST':
if task.project == proj:
text = request.POST.get('text', False)
task_title = request.POST.get('task_title', False)
task_completed = request.POST.get('task_completed', False)
task.title = task_title
task.text = text
task.completed = True if task_completed == "1" else False
task.save()
return redirect('/taskManager/' + project_id + '/' + task_id)
else:
return render_to_response(
'taskManager/task_edit.html', {'task': task}, RequestContext(request))
# A4: Insecure Direct Object Reference (IDOR)
def project_edit(request, project_id):
proj = Project.objects.get(pk=project_id)
if request.method == 'POST':
title = request.POST.get('title', False)
text = request.POST.get('text', False)
project_priority = int(request.POST.get('project_priority', False))
project_duedate = datetime.datetime.fromtimestamp(
int(request.POST.get('project_duedate', False)))
proj.title = title
proj.text = text
proj.priority = project_priority
proj.due_date = project_duedate
proj.save()
return redirect('/taskManager/' + project_id + '/')
else:
return render_to_response(
'taskManager/project_edit.html', {'proj': proj}, RequestContext(request))
# A4: Insecure Direct Object Reference (IDOR)
def note_edit(request, project_id, task_id, note_id):
proj = Project.objects.get(pk=project_id)
task = Task.objects.get(pk=task_id)
note = Notes.objects.get(pk=note_id)
if request.method == 'POST':
if task.project == proj:
if note.task == task:
text = request.POST.get('text', False)
note_title = request.POST.get('note_title', False)
note.title = note_title
note.text = text
note.save()
return redirect('/taskManager/' + project_id + '/' + task_id)
else:
return render_to_response(
'taskManager/note_edit.html', {'note': note}, RequestContext(request))
# A4: Insecure Direct Object Reference (IDOR)
def register_page(request):
if request.method == 'POST':
form = RegistrationForm(request.POST)
if form.is_valid():
user = User.objects.create_user(
username=form.cleaned_data['username'],
password=form.cleaned_data['password1'],
email=form.cleaned_data['email']
)
return HttpResponseRedirect('/')
else:
form = RegistrationForm()
variables = RequestContext(request, {
'form': form
})
return render_to_response(
'registration/register.html', variables
)
def work_timer(
request,
process_id,
commitment_id=None):
process = get_object_or_404(Process, id=process_id)
agent = get_agent(request)
ct = None
if commitment_id:
ct = get_object_or_404(Commitment, id=commitment_id)
#if not request.user.is_superuser:
# if agent != ct.from_agent:
# return render_to_response('valueaccounting/no_permission.html')
template_params = create_worktimer_context(
request,
process,
agent,
ct,
)
return render_to_response("work/work_timer.html",
template_params,
context_instance=RequestContext(request))
def faircoin_history(request, resource_id):
resource = get_object_or_404(EconomicResource, id=resource_id)
event_list = resource.events.all()
agent = get_agent(request)
init = {"quantity": resource.quantity,}
unit = resource.resource_type.unit
paginator = Paginator(event_list, 25)
page = request.GET.get('page')
try:
events = paginator.page(page)
except PageNotAnInteger:
# If page is not an integer, deliver first page.
events = paginator.page(1)
except EmptyPage:
# If page is out of range (e.g. 9999), deliver last page of results.
events = paginator.page(paginator.num_pages)
return render_to_response("work/faircoin_history.html", {
"resource": resource,
"agent": agent,
"unit": unit,
"events": events,
}, context_instance=RequestContext(request))
def create_user(request, agent_id):
if not request.user.is_staff:
return render_to_response('valueaccounting/no_permission.html')
agent = get_object_or_404(EconomicAgent, id=agent_id)
if request.method == "POST":
user_form = UserCreationForm(data=request.POST)
#import pdb; pdb.set_trace()
if user_form.is_valid():
user = user_form.save(commit=False)
user.email = agent.email
is_staff = request.POST.get("is_staff")
if is_staff == 'on':
user.is_staff = True
#user.last_login = datetime.datetime.now()
user.save()
au = AgentUser(
agent = agent,
user = user)
au.save()
if use_faircoins:
agent.request_faircoin_address()
return HttpResponseRedirect('/%s/%s/'
% ('accounting/agent', agent.id))
def locations(request):
agent = get_agent(request)
locations = Location.objects.all()
nolocs = Location.objects.filter(latitude=0.0)
latitude = settings.MAP_LATITUDE
longitude = settings.MAP_LONGITUDE
zoom = settings.MAP_ZOOM
return render_to_response("valueaccounting/locations.html", {
"agent": agent,
"locations": locations,
"nolocs": nolocs,
"latitude": latitude,
"longitude": longitude,
"zoom": zoom,
"help": get_help("locations"),
}, context_instance=RequestContext(request))
def radial_graph(request, agent_id):
agent = get_object_or_404(EconomicAgent, id=agent_id)
agents = agent.with_all_associations()
connections = {}
for agnt in agents:
if agnt not in connections:
connections[agnt] = 0
cxs = [assn.is_associate for assn in agnt.all_has_associates()]
for cx in cxs:
if cx not in connections:
connections[cx] = 0
connections[cx] += 1
return render_to_response("valueaccounting/radial_graph.html", {
"agents": agents,
"root": agent,
}, context_instance=RequestContext(request))
def exchange_types(request):
#import pdb; pdb.set_trace()
if request.method == "POST":
new_form = NewExchangeTypeForm(data=request.POST)
if new_form.is_valid():
ext = new_form.save(commit=False)
ext.created_by = request.user
ext.save()
supply_exchange_types = ExchangeType.objects.supply_exchange_types()
demand_exchange_types = ExchangeType.objects.demand_exchange_types()
internal_exchange_types = ExchangeType.objects.internal_exchange_types()
new_form = NewExchangeTypeForm()
return render_to_response("valueaccounting/exchange_types.html", {
"supply_exchange_types": supply_exchange_types,
"demand_exchange_types": demand_exchange_types,
"internal_exchange_types": internal_exchange_types,
"new_form": new_form,
}, context_instance=RequestContext(request))
def all_contributions(request):
event_list = EconomicEvent.objects.filter(is_contribution=True)
paginator = Paginator(event_list, 25)
page = request.GET.get('page')
try:
events = paginator.page(page)
except PageNotAnInteger:
# If page is not an integer, deliver first page.
events = paginator.page(1)
except EmptyPage:
# If page is out of range (e.g. 9999), deliver last page of results.
events = paginator.page(paginator.num_pages)
return render_to_response("valueaccounting/all_contributions.html", {
"events": events,
}, context_instance=RequestContext(request))
def project_wip(request, project_id):
#import pdb; pdb.set_trace()
project = get_object_or_404(EconomicAgent, pk=project_id)
process_list = project.wip()
paginator = Paginator(process_list, 25)
page = request.GET.get('page')
try:
processes = paginator.page(page)
except PageNotAnInteger:
# If page is not an integer, deliver first page.
processes = paginator.page(1)
except EmptyPage:
# If page is out of range (e.g. 9999), deliver last page of results.
processes = paginator.page(paginator.num_pages)
return render_to_response("valueaccounting/project_wip.html", {
"project": project,
"processes": processes,
}, context_instance=RequestContext(request))
def delete_process_type_confirmation(request,
process_type_id, resource_type_id):
pt = get_object_or_404(ProcessType, pk=process_type_id)
side_effects = False
next = request.POST.get("next")
if next == None:
next = '/%s/%s/' % ('accounting/edit-xbomfg', resource_type_id)
if pt.resource_types.all():
side_effects = True
return render_to_response('valueaccounting/process_type_delete_confirmation.html', {
"process_type": pt,
"resource_type_id": resource_type_id,
"side_effects": side_effects,
"next": next,
}, context_instance=RequestContext(request))
else:
pt.delete()
return HttpResponseRedirect(next)
