From 9bb1a52f892703e62c8cf0955f27cddaabf9358e Mon Sep 17 00:00:00 2001 From: Martin Mahner Date: Wed, 5 Jun 2013 18:46:55 +0000 Subject: [PATCH 01/10] Listen on all sort of domains --- server/nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/nginx.conf b/server/nginx.conf index 206f341..31d9789 100644 --- a/server/nginx.conf +++ b/server/nginx.conf @@ -25,7 +25,7 @@ server { # ----------------------------------------------------------------------------- server { listen 443; - server_name dpaste.de; + server_name dpaste.de www.dpaste.de; ssl on; ssl_certificate /srv/dpaste.de/var/ssl/dpaste_de_unified.crt; @@ -44,7 +44,7 @@ server { server { listen 443; - server_name dpaste.org; + server_name dpaste.org www.dpaste.org; ssl on; ssl_certificate /srv/dpaste.de/var/ssl/dpaste_org_unified.crt; From 2b402680f8755f1c56253de62afac07194a97d8b Mon Sep 17 00:00:00 2001 From: Martin Mahner Date: Fri, 19 Jul 2013 09:54:18 +0200 Subject: [PATCH 02/10] Allow anybody to delete a snippet. I got too many requests in the past, most of because people created snippets via the API and can't delete them, or because of legal issues. --- dpaste/static/dpaste/theme.css | 5 +++++ dpaste/templates/dpaste/about.html | 23 +++++++++++++++++++++++ dpaste/urls/dpaste.py | 1 + dpaste/views.py | 12 ++++++++++-- 4 files changed, 39 insertions(+), 2 deletions(-) diff --git a/dpaste/static/dpaste/theme.css b/dpaste/static/dpaste/theme.css index 915ce53..6595072 100644 --- a/dpaste/static/dpaste/theme.css +++ b/dpaste/static/dpaste/theme.css @@ -7,6 +7,11 @@ body { padding: 10px 0 40px 0; } +tt strong { + background-color: #ffe699; + outline: 3px solid #ffe699; +} + /* Custom container */ .container-fluid { margin: 0 auto; diff --git a/dpaste/templates/dpaste/about.html b/dpaste/templates/dpaste/about.html index e5f0fdc..1f328f4 100644 --- a/dpaste/templates/dpaste/about.html +++ b/dpaste/templates/dpaste/about.html @@ -50,6 +50,29 @@
+

Delete a snippet

+ +

+ If you created a snippet with the API you can't delete it on the webpage + since it's not in your history. You can delete a snippet here. Actually + you can delete any snippet of anybody, as long as you know the short code. +

+

+ If you deleted a snippet because auf legal issues, please let me know + that, I want to keep track of such things and try to avoid in future. +

+

+ Type the 5 letter code of your snippet in the field and submit. + Like this yellow one here: http://dpaste.de/SiZrT/ +

+ +
+ +
+ +
+
+

Imprint

Address:

diff --git a/dpaste/urls/dpaste.py b/dpaste/urls/dpaste.py index 13f4dcd..5819c90 100644 --- a/dpaste/urls/dpaste.py +++ b/dpaste/urls/dpaste.py @@ -5,6 +5,7 @@ urlpatterns = patterns('dpaste.views', url(r'^guess/$', 'guess_lexer', name='snippet_guess_lexer'), url(r'^diff/$', 'snippet_diff', name='snippet_diff'), url(r'^history/$', 'snippet_history', name='snippet_history'), + url(r'^delete/$', 'snippet_delete', name='snippet_delete'), url(r'^(?P[a-zA-Z0-9]+)/$', 'snippet_details', name='snippet_details'), url(r'^(?P[a-zA-Z0-9]+)/delete/$', 'snippet_delete', name='snippet_delete'), url(r'^(?P[a-zA-Z0-9]+)/gist/$', 'snippet_gist', name='snippet_gist'), diff --git a/dpaste/views.py b/dpaste/views.py index 3377b5e..9d0818a 100644 --- a/dpaste/views.py +++ b/dpaste/views.py @@ -125,16 +125,24 @@ def snippet_details(request, snippet_id, template_name='dpaste/snippet_details.h else: return response -def snippet_delete(request, snippet_id): +def snippet_delete(request, snippet_id=None): + snippet_id = snippet_id or request.POST.get('snippet_id') + if not snippet_id: + return HttpResponseBadRequest('No snippet given!') + snippet = get_object_or_404(Snippet, secret_id=snippet_id) + """ + Anybody can delete anybodys snippets now. + try: snippet_list = request.session['snippet_list'] except KeyError: return HttpResponseForbidden('You have no recent snippet list, cookie error?') if not snippet.pk in snippet_list: return HttpResponseForbidden('That\'s not your snippet!') + """ snippet.delete() - return HttpResponseRedirect(reverse('snippet_new')) + return HttpResponseRedirect(reverse('snippet_new') + '?delete=1') def snippet_history(request, template_name='dpaste/snippet_list.html'): From 6e641290e2906a7a7053ef78532f71932aceaa4f Mon Sep 17 00:00:00 2001 From: Martin Mahner Date: Fri, 27 Sep 2013 17:50:58 +0200 Subject: [PATCH 03/10] Fixed couple of merge issues --- dpaste/forms.py | 3 +-- dpaste/urls/dpaste.py | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/dpaste/forms.py b/dpaste/forms.py index 2db6d1d..df5ce08 100644 --- a/dpaste/forms.py +++ b/dpaste/forms.py @@ -7,7 +7,6 @@ from django.utils.translation import ugettext_lazy as _ from dpaste.models import Snippet from dpaste.highlight import LEXER_LIST, LEXER_DEFAULT - EXPIRE_CHOICES = ( (3600, _(u'In one hour')), (3600 * 24 * 7, _(u'In one week')), @@ -17,7 +16,7 @@ EXPIRE_DEFAULT = EXPIRE_CHOICES[2][0] MAX_CONTENT_LENGTH = getattr(settings, 'DPASTE_MAX_CONTENT_LENGTH', 250*1024*1024) MAX_SNIPPETS_PER_USER = getattr(settings, 'DPASTE_MAX_SNIPPETS_PER_USER', 15) -\ + class SnippetForm(forms.ModelForm): content = forms.CharField( label=_('Content'), diff --git a/dpaste/urls/dpaste.py b/dpaste/urls/dpaste.py index d414cd2..a059325 100644 --- a/dpaste/urls/dpaste.py +++ b/dpaste/urls/dpaste.py @@ -5,7 +5,6 @@ urlpatterns = patterns('dpaste.views', url(r'^diff/$', 'snippet_diff', name='snippet_diff'), url(r'^history/$', 'snippet_history', name='snippet_history'), url(r'^delete/$', 'snippet_delete', name='snippet_delete'), - url(r'^(?P[a-zA-Z0-9]+)/$', 'snippet_details', name='snippet_details'), url(r'^(?P[a-zA-Z0-9]+)/?$', 'snippet_details', name='snippet_details'), url(r'^(?P[a-zA-Z0-9]+)/delete/$', 'snippet_delete', name='snippet_delete'), url(r'^(?P[a-zA-Z0-9]+)/gist/$', 'snippet_gist', name='snippet_gist'), From e34c46f9aaf2fec6f1525aac4f00043e2a5659a6 Mon Sep 17 00:00:00 2001 From: Martin Mahner Date: Fri, 27 Sep 2013 17:54:05 +0200 Subject: [PATCH 04/10] Fixed snippet delete function. --- dpaste/templates/dpaste/about.html | 2 +- dpaste/views.py | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/dpaste/templates/dpaste/about.html b/dpaste/templates/dpaste/about.html index 1f328f4..f1d6efd 100644 --- a/dpaste/templates/dpaste/about.html +++ b/dpaste/templates/dpaste/about.html @@ -63,7 +63,7 @@

Type the 5 letter code of your snippet in the field and submit. - Like this yellow one here: http://dpaste.de/SiZrT/ + Like this yellow one here: http://dpaste.de/SiZrT

diff --git a/dpaste/views.py b/dpaste/views.py index 0472770..8b9e61a 100644 --- a/dpaste/views.py +++ b/dpaste/views.py @@ -104,13 +104,16 @@ def snippet_details(request, snippet_id, template_name='dpaste/snippet_details.h return response -def snippet_delete(request, snippet_id): +def snippet_delete(request, snippet_id=None): """ Delete a snippet. This is allowed by anybody as long as he knows the snippet id. I got too many manual requests to do this, mostly for legal reasons and the chance to abuse this is not given anyway, since snippets always expire. """ + snippet_id = snippet_id or request.POST.get('snippet_id') + if not snippet_id: + raise Http404('No snippet id given') snippet = get_object_or_404(Snippet, secret_id=snippet_id) snippet.delete() return HttpResponseRedirect(reverse('snippet_new') + '?delete=1') From bf39d704d748fdd26aa4dc217ce17e250a127369 Mon Sep 17 00:00:00 2001 From: Martin Mahner Date: Fri, 27 Sep 2013 19:27:46 +0000 Subject: [PATCH 05/10] Fixed a bug that raised an error if a lexer is unknown --- dpaste/highlight.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dpaste/highlight.py b/dpaste/highlight.py index 84306b5..dc418fa 100644 --- a/dpaste/highlight.py +++ b/dpaste/highlight.py @@ -107,6 +107,9 @@ class NakedHtmlFormatter(HtmlFormatter): yield i, t def pygmentize(code_string, lexer_name=LEXER_DEFAULT): - lexer = lexer_name and get_lexer_by_name(lexer_name) \ - or PythonLexer() + try: + lexer = lexer_name and get_lexer_by_name(lexer_name) \ + or PythonLexer() + except Exception as e: + lexer = PythonLexer() return highlight(code_string, lexer, NakedHtmlFormatter()) From 11f009681677af560b8a7cf142206d549050bbb0 Mon Sep 17 00:00:00 2001 From: Martin Mahner Date: Fri, 27 Sep 2013 19:28:07 +0000 Subject: [PATCH 06/10] More precise url handling --- server/nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/nginx.conf b/server/nginx.conf index 31d9789..9d892e9 100644 --- a/server/nginx.conf +++ b/server/nginx.conf @@ -33,7 +33,7 @@ server { # Rewrite www to non-www - if ($host ~ /^www\./) { + if ($host = www.dpaste.de) { rewrite ^/(.*)$ https://dpaste.de/$1 permanent; } @@ -53,7 +53,7 @@ server { add_header Strict-Transport-Security max-age=25200; # Rewrite www to non-www - if ($host ~ /^www\./) { + if ($host = www.dpaste.org) { rewrite ^/(.*)$ https://dpaste.org/$1 permanent; } From 3db308f7508f0ab2dda297b7bd1a24156d543942 Mon Sep 17 00:00:00 2001 From: Martin Mahner Date: Fri, 27 Sep 2013 19:30:23 +0000 Subject: [PATCH 07/10] Fixed missing import --- dpaste/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dpaste/views.py b/dpaste/views.py index 8b9e61a..d65628d 100644 --- a/dpaste/views.py +++ b/dpaste/views.py @@ -8,7 +8,7 @@ from django.template.context import RequestContext from django.http import (Http404, HttpResponseRedirect, HttpResponseBadRequest, HttpResponse, HttpResponseForbidden) from django.conf import settings -from django.core.exceptions import ObjectDoesNotExist +from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned from django.utils.translation import ugettext_lazy as _ from django.core.urlresolvers import reverse from django.utils import simplejson From c711639bacb6f827ce2a4e301f7178ac757bd946 Mon Sep 17 00:00:00 2001 From: Martin Mahner Date: Fri, 27 Sep 2013 19:40:14 +0000 Subject: [PATCH 08/10] About improvements --- dpaste/templates/dpaste/about.html | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/dpaste/templates/dpaste/about.html b/dpaste/templates/dpaste/about.html index f1d6efd..b2ed280 100644 --- a/dpaste/templates/dpaste/about.html +++ b/dpaste/templates/dpaste/about.html @@ -47,6 +47,10 @@ {% endfor %} +

Snippets in the database

+ + +
@@ -62,7 +66,7 @@ that, I want to keep track of such things and try to avoid in future.

- Type the 5 letter code of your snippet in the field and submit. + Type the 4 letter code of your snippet in the field and submit. Like this yellow one here: http://dpaste.de/SiZrT

From 520332e151fa25c50c192b752efa95fb2946e785 Mon Sep 17 00:00:00 2001 From: Marius Gedminas Date: Tue, 22 Oct 2013 10:52:43 +0300 Subject: [PATCH 09/10] Trailing newline on raw responses Without this you cannot easily share patches: user@machine1 $ git diff | curl -F 'content=<-' https://dpaste.de/api/ user@machine2 $ curl https://dpaste.de/xxxx/raw/ | git apply fatal: corrupt patch at line 67 --- dpaste/templates/dpaste/snippet_details_raw.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dpaste/templates/dpaste/snippet_details_raw.html b/dpaste/templates/dpaste/snippet_details_raw.html index 47e704a..64e47b6 100644 --- a/dpaste/templates/dpaste/snippet_details_raw.html +++ b/dpaste/templates/dpaste/snippet_details_raw.html @@ -1 +1 @@ -{{ snippet.content|safe }} \ No newline at end of file +{{ snippet.content|safe }} From 508d86ba316fd48522d73d4ae3049f96e8e73eae Mon Sep 17 00:00:00 2001 From: Marius Gedminas Date: Tue, 22 Oct 2013 10:57:20 +0300 Subject: [PATCH 10/10] Allow raw snippets without trailing slash Fixes an asymmetry where both of curl https://dpaste.de/xXxx curl https://dpaste.de/xXxx/ work, but curl https://dpaste.de/xXxx/raw/ fails without a trailing slash (because curl doesn't follow redirects by default). --- dpaste/urls/dpaste.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dpaste/urls/dpaste.py b/dpaste/urls/dpaste.py index a059325..2d1aa18 100644 --- a/dpaste/urls/dpaste.py +++ b/dpaste/urls/dpaste.py @@ -8,5 +8,5 @@ urlpatterns = patterns('dpaste.views', url(r'^(?P[a-zA-Z0-9]+)/?$', 'snippet_details', name='snippet_details'), url(r'^(?P[a-zA-Z0-9]+)/delete/$', 'snippet_delete', name='snippet_delete'), url(r'^(?P[a-zA-Z0-9]+)/gist/$', 'snippet_gist', name='snippet_gist'), - url(r'^(?P[a-zA-Z0-9]+)/raw/$', 'snippet_details', {'template_name': 'dpaste/snippet_details_raw.html', 'is_raw': True}, name='snippet_details_raw'), + url(r'^(?P[a-zA-Z0-9]+)/raw/?$', 'snippet_details', {'template_name': 'dpaste/snippet_details_raw.html', 'is_raw': True}, name='snippet_details_raw'), )