m ,Ec@s(ddd!ZdkZdkZdkZdkZdkZdkZdkZdkl Z l Z dk l Z dk l Z dk lZlZdklZlZlZlZd klZd klZd klZd klZead klZdZ hdd<dd<dd<dd<dd<dd<dd<dd<dd<dd<dd<dd<dd<dd<dd<dd<d d<d!dYZ:dZ;d?Z<d@Z=dAZ>e=e>BZ?dBZ@dCZAdDZBgZCdS(Es$Revision: 1.96 $i iN(s StringTypes UnicodeType(s BaseRequest(s HTTPResponse(s FieldStoragesescape(squotesunquotes splittypes splitport(sdeepcopy(s get_converter(s TaintedString(s allocate_lock(s DebugFlagss iso-8859-15tSERVER_SOFTWAREit SERVER_NAMEtGATEWAY_INTERFACEtSERVER_PROTOCOLt SERVER_PORTtREQUEST_METHODt PATH_INFOtPATH_TRANSLATEDt SCRIPT_NAMEt QUERY_STRINGt REMOTE_HOSTt REMOTE_ADDRt AUTH_TYPEt REMOTE_USERt REMOTE_IDENTt CONTENT_TYPEtCONTENT_LENGTHt SERVER_URLtHTTP_AUTHORIZATIONtHTTP_CGI_AUTHORIZATIONthttpt80thttpst443tZOPE_DTML_REQUEST_AUTOQUOTEttdisabledt0tnotNestedLoopExitcBstZRS(N(t__name__t __module__(((t5/data/zmath/zope/lib/python/ZPublisher/HTTPRequest.pyRAst HTTPRequestc BstZdZeZfZeZfZdZdZ dZ dZ eeedZ ddZ dZdd Zd Zd Zd Zdd Zdddddddeeeeidid ZdZdZedZedeidieididZe ddZ!e ddZ"dZ#dd Z$dd!Z%d"Z&d#Z'd$Z(d%Z)e*d&Z+d'Z,d(Z-RS()s Model HTTP request data. This object provides access to request data. This includes, the input headers, form data, server data, and cookies. Request objects are created by the object publisher and will be passed to published objects through the argument name, REQUEST. The request object is a mapping object that represents a collection of variable to value mappings. In addition, variables are divided into five categories: - Environment variables These variables include input headers, server data, and other request-related data. The variable names are as specified in the CGI specification - Form data These are data extracted from either a URL-encoded query string or body, if present. - Cookies These are the cookie data, if present. - Lazy Data These are callables which are deferred until explicitly referenced, at which point they are resolved and stored as application data. - Other Data that may be set by an application object. The form attribute of a request is actually a Field Storage object. When file uploads are used, this provides a richer and more complex interface than is provided by accessing form data as items of the request. See the FieldStorage class documentation for more details. The request object may be used as a mapping object, in which case values will be looked up in the order: environment variables, other variables, form data, and then cookies. icCs?|i|ijo(titidd|idSndS(Niii(tselft retry_counttretry_max_countttimetsleeptrandomtuniform(R"((R tsupports_retry~s cCs]|id|_|iid|id|id|id|ii}|i|_|S(Niitstdintenvirontresponse( R"R#R*tseekt __class__t _orig_envR,tretrytr(R"R1((R R0s  cCs9d|_d|_|iih|_ti|dS(N( tNoneR"R*t_filetformtcleart_laziest BaseRequesttclose(R"((R R8s     c Cs|i} | idd}|djo"|djo|djo|Snt|\}}t |d\}}|djo |}n|djo |}n|djo |}n|djpt||jo |} n|d|} d|| f}| d<|i|S(s" Set the parts of generated URLs. RRit:s%s://%sN(R"tothertgett server_urltprotocolR2thostnametportt splittypet oldprotocoltoldhostt splitportt oldhostnametoldportt default_portthostt _resetURLS( R"R=R>R?RERAR<RBRDRGR:((R t setServerURLs& '     icCs|i}t|tpt|to|id}nttt d||i (|i 2|d}|o |d4n|di|d<|idS(s6 Treat the current publishing object as a VirtualRoot t/tPARENTSitVirtualRootPhysicalPathN(R"R:t isinstancetpatht StringTypet UnicodeTypetsplittmaptquotetfilterR2t_scriptt_stepstparentsthardtgetPhysicalPathRH(R"RNRXR:RW((R tsetVirtualRoots    cCst|tdjo|id}n|iidd}d}x8|t| D]&}|||jo|d}qXPqXW||S(s9 Remove the path to the VirtualRoot from a physical path RRJRLiiN(R( ttypeRNRQR"R:R;trpptitlentname(R"RNR\R_R]((R tphysicalPathToVirtualPathscCs[|itt|i|}|o|iddn|id|ddi|S(s; Convert a physical path into a URL in the current context iRRRJN( R"RURRRSR`RNtrelativetinserttjoin(R"RNRa((R tphysicalPathToURLs cCs|i}td|id}|iddjo|d}n|i}t |}|| |jo||}n t d|i dd }t|tt|S( s Convert a URL into a physical path in the current context. If the URL makes no sense in light of the current virtual hosting context, a ValueError is raised.RJs://iis*Url does not match virtual hosting contextRLRN(R(R"R:RTR2tURLRQRNtfindRUtvhbaseR^tvhblt ValueErrorR;tvrpptlistRRtunquote(R"ReRgR:RjRNRh((R tphysicalPathFromURLs    cCs\|i}di|dg|i|i|dR?s%s/%sRet HTTP_COOKIEt<(1R+R"R/tcleantsane_environmentthas_keyt_authR,R*thave_envR;tget_envR:R4t taintedformtstepsRVR6t DebugFlagst_debugRpttrusted_proxiesRQtstriptbtscriptRRRSRTR2RUtrfindtpR<R=RGRCR>R?RItbasetcookiesttaintedcookiestkt parse_cookietitemstvt istaintedt TaintedString(R"R*R+R,R}RR=RR?RRR>R:RR<RGRRRRR((R t__init__s                 ( $  /               iiiii ii s!(:[a-zA-Z][-a-zA-Z0-9_]+|\.[xy])$c GCs|i}A|i}=|=idd}|djo |i}>nd }>|i}/|i }<|i }d }t d|>d|=dd}?||?d p|?id jo|?iidod |?idjoo|d jobtd jo d kanti|?i\}|_ti|A}A|A|<d <|_d |_q|?i|_nY|?i} h}!tg}t}h}"h}@d }x| D]}d }.|i$}%||do]||doM||do=|io&|i&d j ot'|}d}.q|i}nd }Dd}:d }d }F|%i,d}|d jo)| |%|}4|4o|4i0d }nd}x|d jo|%|d}+|%| }%t2|+d })|)d j o|)}|+}F|D|B}DnD|+djo|D|B}Dn)|+djod|!|%<|D|B}Dn|+djp |+djo|o |%}q|}n|+djp |+djo&|p|o |%}qu|}qn|+djo|D|B}Dnt|+djo|D|B}DnY|+djo|D|B}Dn>|+djo|p|D|B}Dqnt:|+o |+}:n|%i,d}|d joPn| |%|}4|4o|4i0d }qid}qiWn||%p|%d djoqn|%};d|%jot<|%};n|DoJ |D|@oqn|D|@o{|%i>d }%d i?|%d |%d}%}3|%};d|%jot<|%};nd|3jotAd!tB|3qGn|D|@oy|:oKtC||:}||d"o|iD|}q||iEtF}n ||}|Fd/jo)|. od|jot<|}qdn||Fd0jond }|}xItHtI|D]5}Cd||Cjod}t<||C||CqBqkXn&|. od|jot<|}nd|;jo|d jo |}n|D|@o|"}0|@}n |/}0|}|0i|%o|D|@o8|0|%}$|$d}&|o|i|;ptP|$||;d }*d i?|*d |*d}*}3|3}Bd}x?|Bdjp1|Bi>d}Bdi?|Bd |Bd}B}qJW|}3|/i|*oo|*}9d|*jot<|*}9n|/|*}t^|tUo=|||3o)tn| ||3}5| ||3|5qcnKxG|D]?}&||&|3o)tn| |&|3}5| |&|3|5q q W|i|9o||9}t^|tUo)tn| ||3}| ||3|q xQ|D]E}|||3o/| ||3}tn|}| ||3|qqWqq|%};d|%jot<|%};n|/i|%o(|/|%}tn|/|%}||/|%          cCsh|ii}d|d<|io|i|d,        cCs}d}d}xIt|iiD]2\}}||t|tt |f}q"W|d}xIt|i iD]2\}}||t|tt |f}qxW|d}xIt|i iD]2\}}||t|tt |f}qW|d}x]t|i iD]F\}}|d joq$n||t|tt |f}q$WxPdD]H}d |}y"|||t||f}Wqutj oquXquWxPdD]H}d |}y"|||t||f}Wqtj oqXqW|d }xT|iiD]C\}}t|p*||t|tt |f}q.q.W|d S(Ns

form

s9s
%s%s

cookies

s"

lazy items

s

other

RKRrt 0123456789sURL%ssBASE%ss

environ

s
(sPARENTSsRESPONSE(tresulttrowt_filterPasswordFieldsR"R4RRRRtreprRR6R:RRR R+R!(R"RRR6RRR7((R t__str__sN *  *  *   * "  "    .cCsd|ii|idfS(Ns <%s, URL=%s>Re(R"R.RR;(R"((R t__repr__scCsd}d}x7|iiD]&\}}|||t|f}qW|d}x7|iiD]&\}}|||t|f}q`W|d}x7|i iD]&\}}|||t|f}qW|d}xK|i iD]:\}}|d joqn|||t|f}qWxJdD]B}d |}y|||||f}Wq-t j oq-Xq-WxJdD]B}d |}y|||||f}Wqzt j oqzXqzW|d }xB|iiD]1\}}t|p||||f}qqW|S( NsFORM s %-20s %s s COOKIES s LAZY ITEMS s OTHER RKRrR5sURL%ssBASE%ss ENVIRON (sPARENTSsRESPONSE(R6R7R"R4RRRR9RR6R:RRR R+R!(R"RRR6RRR7((R R sN               cCs|i}|on|d idjoStdjo dkanti|ididd\}}||fSq~ndS(Nisbasic iR9i( R"Rtauthtlowertbase64R2t decodestringRQR_tpassword(R"R_R<R@((R t _authUserPW?s  +cCs|o t|p|S(N(tenabledtTaintRequestWrapperR"(R"RB((R t taintWrapperIscCsdS(s6see zope.publisher.interfaces.http.IVirtualHostRequestN((R"((R tshiftNameToApplicationLscCs|iS(N(R"Re(R"((R tgetURLPs(.RRt__doc__R2RRR3RnR$R)R0R8RIRZR`RdRmRHRqRRRRtretcompiletsearchRR RRRR;R&R(R1R2RRR:R;RRAtTAINTING_ENABLEDRDRERF(((R R!DsH 3      r6 2 -y    "     RCcBstZdZdZRS(NcCs ||_dS(N(RR"t_req(R"R((R RTscCs|djott|i|Sn||iijo.t|i|t}|tj o|Sqkn|ii|ddS( NR;R(R1RRR'i(sgets __getitem__s __getattr__shas_keyskeys( RtTaintMethodWrapperRR"RLRR&RR1(R"RR((R R1Ws   (RRRR1(((R RCSs RMcBstZdZdZRS(NcCs ||_dS(N(RR"t_method(R"R((R RbscOsd|d<|i||S(NiR'(tkwR"RNR(R"RRO((R t__call__es (RRRRP(((R RMas cCs9yti|Wnttfj o dSnXdSdS(Nii(tcodecstlookupRot LookupErrort SystemError(Ro((R Rjs  cCsh}xG|iD]9\}}x |d djo|d}q"W|||s(R"RRtL1R4RcRR(R"Rw((R R:s cCs6|ii}|idditd|S(Ns{%s}s, cCsd|dt|dfS(Ns'%s': %sii(RR9(R((R Rvs(R"RRRwR4RcRR(R"Rw((R R;s cCsQtt|t|p5t|i|ipt|ii|iiS(N(tcmpR[R"R:R.RR(R"R:((R t__cmp__s( RRRgt_guarded_writesR2R1R(R:R;Ry(((R Rs    iiiii cCsQg}xD|D]<\}}d|ijo d}n|i||fq W|S(Ntpassws(R6RRRR=R(RRR6R((R R8s  (Dt __version__RHR R R%R'RQR*ttypesRORPR7RtcgiRRturllibRSRlR@RCRRt ConvertersRRt maybe_lockt allocate_lockR2Rtzope.publisher.baseRRRRR!RFtstrR+R;R=t tainting_envRKR&t ExceptionRR!RCRMRR>R~Rtparse_cookie_lockRIRkRsRRRRRRRRRR8R(1RlRRRR'RRR8RRRRCRORRRRRMRHRKRCRRR|RR!R@RR!RR&RSR*RR RRRQRR7RRRRPR%R~RFR R((R t?sX ?       !  / <8!