1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
"""quixote.errors
$HeadURL: svn+ssh://svn.mems-exchange.org/repos/trunk/quixote/errors.py $
$Id: errors.py 26378 2005-03-17 14:04:45Z dbinger $
Exception classes used by Quixote
"""
from quixote.html import htmltext, htmlescape
__revision__ = "$Id: errors.py 26378 2005-03-17 14:04:45Z dbinger $"
class PublishError(Exception):
"""PublishError exceptions are raised due to some problem with the
data provided by the client and are raised during the publishing
process. Quixote will abort the current request and return an error
page to the client.
public_msg should be a user-readable message that reveals no
inner workings of your application; it will always be shown.
private_msg will only be shown if the config option DISPLAY_EXCEPTIONS is
true; Quixote uses this to give you more detail about why the error
occurred. You might want to use it for similar, application-specific
information. (DISPLAY_EXCEPTIONS should always be false in a production
environment, since these details about the inner workings of your
application could conceivably be useful to attackers.)
The formatting done by the Quixote versions of these exceptions is
very simple. Applications will probably wish to raise application
specific subclasses which do more sophisticated formatting or provide
a _q_except handler to format the exception.
"""
status_code = 400 # bad request
title = "Publishing error"
description = "no description"
def __init__(self, public_msg=None, private_msg=None):
self.public_msg = public_msg
self.private_msg = private_msg # cleared if DISPLAY_EXCEPTIONS is false
def __str__(self):
return self.private_msg or self.public_msg or "???"
def format(self):
msg = htmlescape(self.title)
if self.public_msg:
msg = msg + ": " + self.public_msg
if self.private_msg:
msg = msg + ": " + self.private_msg
return msg
class TraversalError(PublishError):
"""
Raised when a client attempts to access a resource that does not
exist or is otherwise unavailable to them (eg. a Python function
not listed in its module's _q_exports list).
path should be the path to the requested resource; if not
supplied, the current request object will be fetched and its
get_path() method called.
"""
status_code = 404 # not found
title = "Page not found"
description = ("The requested link does not exist on this site. If "
"you arrived here by following a link from an external "
"page, please inform that page's maintainer.")
def __init__(self, public_msg=None, private_msg=None, path=None):
PublishError.__init__(self, public_msg, private_msg)
if path is None:
import quixote
path = quixote.get_request().get_path()
self.path = path
def format(self):
msg = htmlescape(self.title) + ": " + self.path
if self.public_msg:
msg = msg + ": " + self.public_msg
if self.private_msg:
msg = msg + ": " + self.private_msg
return msg
class RequestError(PublishError):
"""
Raised when Quixote is unable to parse an HTTP request (or its CGI
representation). This is a lower-level error than QueryError -- it
either means that Quixote is not smart enough to handle the request
being passed to it, or the user-agent is broken and/or malicious.
"""
status_code = 400
title = "Invalid request"
description = "Unable to parse HTTP request."
class QueryError(PublishError):
"""Should be raised if bad data was provided in the query part of a
URL or in the content of a POST request. What constitutes bad data is
solely application dependent (eg: letters in a form field when the
application expects a number).
"""
status_code = 400
title = "Invalid query"
description = ("An error occurred while handling your request. The "
"query data provided as part of the request is invalid.")
class AccessError(PublishError):
"""Should be raised if the client does not have access to the
requested resource. Usually applications will raise this error from
an _q_access method.
"""
status_code = 403
title = "Access denied"
description = ("An error occurred while handling your request. "
"Access to the requested resource was not permitted.")
def format_publish_error(exc):
"""(exc : PublishError) -> string
Format a PublishError exception as a web page.
"""
return htmltext("""\
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"
"http://www.w3.org/TR/REC-html40/strict.dtd">
<html>
<head><title>Error: %s</title></head>
<body>
<p>%s</p>
<p>%s</p>
</body>
</html>
""") % (exc.title, exc.description, exc.format())
|
