From c33f09224c0c2fc9e9eb72f525c261da0b322f20 Mon Sep 17 00:00:00 2001
From: Alain Takoudjou <talino@tiolive.com>
Date: Tue, 31 Jan 2012 15:02:01 +0100
Subject: [PATCH] Solve ACE arbitrary file Modification

---
 slapos/runner/static/scripts/editor.js        | 62 +++++++++++++++++++
 slapos/runner/templates/layout.html           | 23 +------
 .../templates/updateInstanceProfile.html      | 16 +++--
 .../templates/updateSoftwareProfile.html      | 17 +++--
 slapos/runner/views.py                        | 26 +++-----
 5 files changed, 93 insertions(+), 51 deletions(-)
 create mode 100644 slapos/runner/static/scripts/editor.js

diff --git a/slapos/runner/static/scripts/editor.js b/slapos/runner/static/scripts/editor.js
new file mode 100644
index 0000000..5d8dc8a
--- /dev/null
+++ b/slapos/runner/static/scripts/editor.js
@@ -0,0 +1,62 @@
+$(document).ready( function() {
+	var editor = ace.edit("editor");
+	editor.setTheme("ace/theme/crimson_editor");
+
+	var CurentMode = require("ace/mode/buildout").Mode;
+	editor.getSession().setMode(new CurentMode());
+	editor.getSession().setTabSize(2);
+	editor.getSession().setUseSoftTabs(true);
+	editor.renderer.setHScrollBarAlwaysVisible(false);
+	    	
+	var file = $("input#profile").val();
+	var edit = false;
+	selectFile(file);
+	
+	$("#save").click(function(){
+		if(!edit){
+			error("Error: Can not load your file, please make sure that you have selected a Software Release");
+			return false;
+		}
+		send = false;
+		$.ajax({
+			type: "POST",
+			url: $SCRIPT_ROOT + '/saveFileContent',
+			data: {file: file, content: editor.getSession().getValue()},
+			success: function(data){				
+				if(data.code == 1){
+					error("File Saved!");
+				}
+				else{
+					error(data.result);
+				}
+				send = false;
+			}
+		});
+		return false;
+	});
+	
+	function error(msg){
+		$("#flash").fadeOut('normal');
+		$("#flash").empty();
+		$("#flash").fadeIn('normal');
+		$("#flash").append("<ul class='flashes'><li>" + msg + "</li></ul>");
+	}
+	function selectFile(file){
+		edit = false;
+		$.ajax({
+			type: "POST",
+			url: $SCRIPT_ROOT + '/getFileContent',
+			data: "file=" + file,
+			success: function(data){	
+				if(data.code == 1){
+					editor.getSession().setValue(data.result);
+					edit = true;
+				}
+				else{
+					error("Error: Can not load your file, please make sure that you have selected a Software Release");
+				}
+			}
+		});
+		return;
+	}
+});
\ No newline at end of file
diff --git a/slapos/runner/templates/layout.html b/slapos/runner/templates/layout.html
index 22582f9..d5af2c9 100644
--- a/slapos/runner/templates/layout.html
+++ b/slapos/runner/templates/layout.html
@@ -13,28 +13,7 @@
         <meta name="description" content="" />
 
         <link href="{{ url_for('static', filename='css/styles.css', _external=False) }}" rel="stylesheet" type="text/css" media="screen" />
-        <script src="{{ url_for('static', filename='jquery/jquery-1.6.2.min.js') }}" type="text/javascript" charset="utf-8"></script>
-        {% if request.path == '/editSoftwareProfile' or request.path == '/editInstanceProfile' %}
-        <script src="{{ url_for('static', filename='ace/ace-uncompressed.js') }}" type="text/javascript" charset="utf-8"></script>
-        <script src="{{ url_for('static', filename='ace/theme-crimson_editor.js') }}" type="text/javascript" charset="utf-8"></script>
-        <script src="{{ url_for('static', filename='ace/mode-buildout.js') }}" type="text/javascript" charset="utf-8"></script>
-        
-        <script type="text/javascript">
-            $(document).ready(function() {
-                var editor = ace.edit("editor");
-                editor.setTheme("ace/theme/crimson_editor");
-
-                var CurentMode = require("ace/mode/buildout").Mode;
-                editor.getSession().setMode(new CurentMode());
-                editor.getSession().setTabSize(2);
-                editor.getSession().setUseSoftTabs(true);
-                editor.renderer.setHScrollBarAlwaysVisible(false);
-                $('#save').click(function(){
-                    $('#editor_content').val(editor.getSession().getValue());
-                });
-            });
-        </script>
-        {% endif %}
+        <script src="{{ url_for('static', filename='jquery/jquery-1.6.2.min.js') }}" type="text/javascript" charset="utf-8"></script>        
         <script type=text/javascript>
           $SCRIPT_ROOT = {{ request.script_root|tojson|safe }};
         </script>
diff --git a/slapos/runner/templates/updateInstanceProfile.html b/slapos/runner/templates/updateInstanceProfile.html
index 6b44806..861576a 100644
--- a/slapos/runner/templates/updateInstanceProfile.html
+++ b/slapos/runner/templates/updateInstanceProfile.html
@@ -1,14 +1,20 @@
 {% extends "layout.html" %}
 {% block title %}Update instance profile{% endblock %}
+{% block head %}
+  {{ super() }}
+    <script src="{{ url_for('static', filename='ace/ace-uncompressed.js') }}" type="text/javascript" charset="utf-8"></script>
+    <script src="{{ url_for('static', filename='ace/theme-crimson_editor.js') }}" type="text/javascript" charset="utf-8"></script>
+    <script src="{{ url_for('static', filename='ace/mode-buildout.js') }}" type="text/javascript" charset="utf-8"></script>
+  <script src="{{ url_for('static', filename='scripts/editor.js') }}" type="text/javascript" charset="utf-8"></script>
+{% endblock %}
 {% block body %}
-<form action="{{ url_for('updateInstanceProfile') }}" method=post class=add-entry>
+<form method=post class=add-entry>
     <dl>
         <dd><h2>Instance Profile:</h2></dd>
-        <dd> <!--<textarea name=content rows=20 cols=103 id="editor">{{ profile }}</textarea>-->
+        <dd>
             <div class="main_content">
-                <pre id="editor">
-{{ profile }}
-                </pre>
+<pre id="editor"></pre>
+            <input type="hidden" name="profile" id="profile" value="{{ profile|safe }}" />
             </div>
             <input type="hidden" name=content id="editor_content"/>
         </dd>
diff --git a/slapos/runner/templates/updateSoftwareProfile.html b/slapos/runner/templates/updateSoftwareProfile.html
index 7f2be55..635f922 100644
--- a/slapos/runner/templates/updateSoftwareProfile.html
+++ b/slapos/runner/templates/updateSoftwareProfile.html
@@ -1,17 +1,22 @@
 {% extends "layout.html" %}
 {% block title %}Update software profile{% endblock %}
+{% block head %}
+  {{ super() }}
+    <script src="{{ url_for('static', filename='ace/ace-uncompressed.js') }}" type="text/javascript" charset="utf-8"></script>
+    <script src="{{ url_for('static', filename='ace/theme-crimson_editor.js') }}" type="text/javascript" charset="utf-8"></script>
+    <script src="{{ url_for('static', filename='ace/mode-buildout.js') }}" type="text/javascript" charset="utf-8"></script>
+  <script src="{{ url_for('static', filename='scripts/editor.js') }}" type="text/javascript" charset="utf-8"></script>
+{% endblock %}
 {% block body %}
-<form action="{{ url_for('updateSoftwareProfile') }}" method=post class=add-entry>
+<form method=post class=add-entry>
     <dl>
         <dt><strong>Note:</strong> Url of instance.cfg is <tt>{{ instance_url }}</tt></dt>
         <dd><h2>Software Profile:</h2></dd>
-        <dd> <!--<textarea name=content rows=20 cols=103 id="editor">{{ profile }}</textarea>-->
+        <dd>
            <div class="main_content">
-<pre id="editor">
-{{ profile }}
-</pre>
+<pre id="editor"></pre>
             </div>
-            <input type="hidden" value="{{ profile }}" name=content id="editor_content"/>
+            <input type="hidden" name="profile" id="profile" value="{{ profile|safe }}" />
         </dd>
         <dd><input type=submit value=Update id="save" class="button"></dd>
     </dl>
diff --git a/slapos/runner/views.py b/slapos/runner/views.py
index 7255d06..cc8f6a1 100755
--- a/slapos/runner/views.py
+++ b/slapos/runner/views.py
@@ -4,7 +4,7 @@ from utils import *
 import os
 import shutil
 from gittools import cloneRepo, gitStatus, switchBranch, createBranch, getDiff, \
-     gitPush
+     gitPush, gitPull
 
 app = Flask(__name__)
 
@@ -27,7 +27,7 @@ def configRepo():
 # software views
 @app.route('/editSoftwareProfile')
 def editSoftwareProfile():
-  profile = getProfile(app.config['runner_workdir'], app.config['software_profile'])
+  profile = getProfilePath(app.config['runner_workdir'], app.config['software_profile'])
   if profile == "":
     flash('Error: can not open profile, please select your project first')
   return render_template('updateSoftwareProfile.html',
@@ -75,17 +75,10 @@ def viewSoftwareLog():
   return render_template('viewLog.html', type='Software',
       result=result, running=isSoftwareRunning(app.config))
 
-@app.route('/updateSoftwareProfile', methods=['POST'])
-def updateSoftwareProfile():
-  profile = getProfilePath(app.config['runner_workdir'], app.config['software_profile'])
-  if profile != "":
-    open(profile, 'w').write(request.form['content'])
-  return redirect(url_for('editSoftwareProfile'))
-
 # instance views
 @app.route('/editInstanceProfile')
 def editInstanceProfile():
-  profile = getProfile(app.config['runner_workdir'], app.config['instance_profile'])
+  profile = getProfilePath(app.config['runner_workdir'], app.config['instance_profile'])
   if profile == "":
     flash('Error: can not open instance profile for this Software Release') 
   return render_template('updateInstanceProfile.html',
@@ -136,13 +129,6 @@ def viewInstanceLog():
   return render_template('viewLog.html', type='Instance',
       result=result, running=isInstanceRunning(app.config))
 
-@app.route('/updateInstanceProfile', methods=['POST'])
-def updateInstanceProfile():
-  profile = getProfilePath(app.config['runner_workdir'], app.config['instance_profile'])
-  if profile != "":  
-    open(profile, 'w').write(request.form['content'])
-  return redirect(url_for('editInstanceProfile'))
-
 @app.route('/stopAllPartition', methods=['GET'])
 def stopAllPartition():
   svcStopAll(app.config)
@@ -287,4 +273,8 @@ def getProjectDiff(project):
 
 @app.route("/pushProjectFiles", methods=['POST'])
 def pushProjectFiles():
-  return gitPush(request.form['project'], request.form['msg'], False)
\ No newline at end of file
+  return gitPush(request.form['project'], request.form['msg'])
+
+@app.route("/pullProjectFiles", methods=['POST'])
+def pullProjectFiles():
+  return gitPull(request.form['project'])
\ No newline at end of file
-- 
2.30.9