From 9b8064b0cdb2d485f223a750709c8ecb100cd652 Mon Sep 17 00:00:00 2001
From: Gaetan Delannay <gaetan.delannay@gmail.com>
Date: Wed, 25 Apr 2012 16:21:23 +0200
Subject: [PATCH] appy.gen: bugfix while searching the catalog based on object
 state; added XHTML cleanup code; added String.generatePassword; bugfix:
 mising HTTP header while sending some responses back to Apache (caused a bug
 in ckeditor image upload); bugfix while importing images via an image
 resolver (Zope behind a reverse proxy).

---
 gen/__init__.py        | 11 ++++++++++-
 gen/installer.py       |  1 +
 gen/mixins/__init__.py |  4 +++-
 pod/doc_importers.py   |  8 ++++++--
 shared/utils.py        | 10 ++++++----
 5 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/gen/__init__.py b/gen/__init__.py
index 70b74f8..401a43a 100644
--- a/gen/__init__.py
+++ b/gen/__init__.py
@@ -316,6 +316,7 @@ class Search:
             # Indeed, for field 'title', Appy has a specific index
             # 'SortableTitle', because index 'Title' is a ZCTextIndex
             # (for searchability) and can't be used for sorting.
+        elif fieldName == 'state': return 'State'
         else:
             return 'get%s%s'% (fieldName[0].upper(),fieldName[1:])
     @staticmethod
@@ -1207,7 +1208,10 @@ class String(Type):
     def store(self, obj, value):
         '''When the value is XHTML, we perform some cleanup.'''
         if (self.format == String.XHTML) and value:
-            value = cleanXhtml(value)
+            # When image upload is allowed, ckeditor inserts some "style" attrs
+            # (ie for image size when images are resized). So in this case we
+            # can't remove style-related information.
+            value = cleanXhtml(value, keepStyles=self.allowImageUpload)
         Type.store(self, obj, value)
 
     def getFormattedValue(self, obj, value):
@@ -1398,6 +1402,11 @@ class String(Type):
         session['captcha'] = res
         return res
 
+    def generatePassword(self):
+        '''Generates a password (we recycle here the captcha challenge
+           generator).'''
+        return self.getCaptchaChallenge({})['text']
+
 class Boolean(Type):
     def __init__(self, validator=None, multiplicity=(0,1), index=None,
                  default=None, optional=False, editDefault=False, show=True,
diff --git a/gen/installer.py b/gen/installer.py
index 3e14f06..9c1965e 100644
--- a/gen/installer.py
+++ b/gen/installer.py
@@ -59,6 +59,7 @@ def onDelSession(sessionObject, container):
         # The request comes from a guy whose session has expired.
         resp = rq.RESPONSE
         resp.expireCookie('__ac', path='/')
+        resp.setHeader('Content-Type', 'text/html')
         resp.write('<center>For security reasons, your session has ' \
                    'expired.</center>')
 
diff --git a/gen/mixins/__init__.py b/gen/mixins/__init__.py
index 27a40c7..05e9b2d 100644
--- a/gen/mixins/__init__.py
+++ b/gen/mixins/__init__.py
@@ -1473,9 +1473,11 @@ class BaseMixin:
         fakeFile.store(self, self.REQUEST['upload'])
         # Return the URL of the image.
         url = '%s/download?name=%s' % (self.absolute_url(), attrName)
+        response = self.REQUEST.RESPONSE
+        response.setHeader('Content-Type', 'text/html')
         resp = "<script type='text/javascript'>window.parent.CKEDITOR.tools" \
                ".callFunction(%s, '%s');</script>" % (ckNum, url)
-        self.REQUEST.RESPONSE.write(resp)
+        response.write(resp)
 
     def allows(self, permission, raiseError=False):
         '''Has the logged user p_permission on p_self ?'''
diff --git a/pod/doc_importers.py b/pod/doc_importers.py
index 9a337e8..05a28c2 100644
--- a/pod/doc_importers.py
+++ b/pod/doc_importers.py
@@ -249,8 +249,12 @@ class ImageImporter(DocImporter):
             # retrieve the object on which the image is stored and get
             # the file to download.
             urlParts = urlparse.urlsplit(at)
-            path = urlParts[2][1:]
-            obj = imageResolver.unrestrictedTraverse(path.split('/')[:-1])
+            path = urlParts[2][1:].split('/')[:-1]
+            try:
+                obj = imageResolver.unrestrictedTraverse(path)
+            except KeyError:
+                # Maybe a rewrite rule as added some prefix to all URLs?
+                obj = imageResolver.unrestrictedTraverse(path[1:])
             zopeFile = getattr(obj, urlParts[3].split('=')[1])
             appyFile = FileWrapper(zopeFile)
             self.format = mimeTypesExts[appyFile.mimeType]
diff --git a/shared/utils.py b/shared/utils.py
index d810ce9..44160e6 100644
--- a/shared/utils.py
+++ b/shared/utils.py
@@ -268,13 +268,15 @@ xhtmlClassAttr = re.compile('class\s*=\s*".*?"')
 xhtmlStyleAttr = re.compile('style\s*=\s*".*?"')
 xhtmlComment = re.compile('<!--.*?-->', re.S)
 
-def cleanXhtml(s):
+def cleanXhtml(s, keepStyles=False):
     '''Returns a version of XHTML string p_s where:
-       * attributes "class" and "style" have been removed;
+       * attributes "class" and "style" have been removed (only if p_keepStyles
+         is False);
        * XHTML comments have been removed.
     '''
-    s = xhtmlClassAttr.sub('', s)
-    s = xhtmlStyleAttr.sub('', s)
+    if not keepStyles:
+        s = xhtmlClassAttr.sub('', s)
+        s = xhtmlStyleAttr.sub('', s)
     s = xhtmlComment.sub('', s)
     return s