github/plexpy
1
0
Fork 0
mirror of https://github.com/Tautulli/Tautulli.git synced 2025-07-07 05:31:15 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Better sanitization on templates and datatables output.

Browse source
This commit is contained in:
Tim 2015-12-06 14:09:38 +02:00
parent 1157fda96c
commit b0fa0d534e
7 changed files with 206 additions and 196 deletions
Download patch file Download diff file Expand all files Collapse all files

9
plexpy/database.py
View file

@ -58,7 +58,14 @@ class MonitorDatabase(object):
self.connection.execute("PRAGMA journal_mode = %s" % plexpy.CONFIG.JOURNAL_MODE) self.connection.execute("PRAGMA journal_mode = %s" % plexpy.CONFIG.JOURNAL_MODE)
# 64mb of cache memory, probably need to make it user configurable # 64mb of cache memory, probably need to make it user configurable
self.connection.execute("PRAGMA cache_size=-%s" % (get_cache_size() * 1024)) self.connection.execute("PRAGMA cache_size=-%s" % (get_cache_size() * 1024))
self.connection.row_factory = sqlite3.Row self.connection.row_factory = self.dict_factory
def dict_factory(self, cursor, row):
d = {}
for idx, col in enumerate(cursor.description):
d[col[0]] = row[idx]
return d
def action(self, query, args=None, return_last_id=False): def action(self, query, args=None, return_last_id=False):
if query is None: if query is None:

206
plexpy/datafactory.py
View file

@ -186,19 +186,19 @@ class DataFactory(object):
return None return None
for item in result: for item in result:
row = {'title': item[1], row = {'title': item['grandparent_title'],
'total_plays': item[2], 'total_plays': item['total_plays'],
'total_duration': item[3], 'total_duration': item['total_duration'],
'users_watched': '', 'users_watched': '',
'rating_key': item[4], 'rating_key': item['grandparent_rating_key'],
'last_play': item[5], 'last_play': item['last_watch'],
'grandparent_thumb': item[6], 'grandparent_thumb': item['grandparent_thumb'],
'thumb': '', 'thumb': '',
'user': '', 'user': '',
'friendly_name': '', 'friendly_name': '',
'platform_type': '', 'platform_type': '',
'platform': '', 'platform': '',
'row_id': item[0] 'row_id': item['id']
} }
top_tv.append(row) top_tv.append(row)
@ -234,18 +234,18 @@ class DataFactory(object):
return None return None
for item in result: for item in result:
row = {'title': item[1], row = {'title': item['grandparent_title'],
'users_watched': item[2], 'users_watched': item['users_watched'],
'rating_key': item[3], 'rating_key': item['grandparent_rating_key'],
'last_play': item[4], 'last_play': item['last_watch'],
'total_plays': item[5], 'total_plays': item['total_plays'],
'grandparent_thumb': item[7], 'grandparent_thumb': item['grandparent_thumb'],
'thumb': '', 'thumb': '',
'user': '', 'user': '',
'friendly_name': '', 'friendly_name': '',
'platform_type': '', 'platform_type': '',
'platform': '', 'platform': '',
'row_id': item[0] 'row_id': item['id']
} }
popular_tv.append(row) popular_tv.append(row)
@ -278,19 +278,19 @@ class DataFactory(object):
return None return None
for item in result: for item in result:
row = {'title': item[1], row = {'title': item['full_title'],
'total_plays': item[2], 'total_plays': item['total_plays'],
'total_duration': item[3], 'total_duration': item['total_duration'],
'users_watched': '', 'users_watched': '',
'rating_key': item[4], 'rating_key': item['rating_key'],
'last_play': item[5], 'last_play': item['last_watch'],
'grandparent_thumb': '', 'grandparent_thumb': '',
'thumb': item[6], 'thumb': item['thumb'],
'user': '', 'user': '',
'friendly_name': '', 'friendly_name': '',
'platform_type': '', 'platform_type': '',
'platform': '', 'platform': '',
'row_id': item[0] 'row_id': item['id']
} }
top_movies.append(row) top_movies.append(row)
@ -326,18 +326,18 @@ class DataFactory(object):
return None return None
for item in result: for item in result:
row = {'title': item[1], row = {'title': item['full_title'],
'users_watched': item[2], 'users_watched': item['users_watched'],
'rating_key': item[3], 'rating_key': item['rating_key'],
'last_play': item[4], 'last_play': item['last_watch'],
'total_plays': item[5], 'total_plays': item['total_plays'],
'grandparent_thumb': '', 'grandparent_thumb': '',
'thumb': item[7], 'thumb': item['thumb'],
'user': '', 'user': '',
'friendly_name': '', 'friendly_name': '',
'platform_type': '', 'platform_type': '',
'platform': '', 'platform': '',
'row_id': item[0] 'row_id': item['id']
} }
popular_movies.append(row) popular_movies.append(row)
@ -370,19 +370,19 @@ class DataFactory(object):
return None return None
for item in result: for item in result:
row = {'title': item[1], row = {'title': item['grandparent_title'],
'total_plays': item[2], 'total_plays': item['total_plays'],
'total_duration': item[3], 'total_duration': item['total_duration'],
'users_watched': '', 'users_watched': '',
'rating_key': item[4], 'rating_key': item['grandparent_rating_key'],
'last_play': item[5], 'last_play': item['last_watch'],
'grandparent_thumb': item[6], 'grandparent_thumb': item['grandparent_thumb'],
'thumb': '', 'thumb': '',
'user': '', 'user': '',
'friendly_name': '', 'friendly_name': '',
'platform_type': '', 'platform_type': '',
'platform': '', 'platform': '',
'row_id': item[0] 'row_id': item['id']
} }
top_music.append(row) top_music.append(row)
@ -418,18 +418,18 @@ class DataFactory(object):
return None return None
for item in result: for item in result:
row = {'title': item[1], row = {'title': item['grandparent_title'],
'users_watched': item[2], 'users_watched': item['users_watched'],
'rating_key': item[3], 'rating_key': item['grandparent_rating_key'],
'last_play': item[4], 'last_play': item['last_watch'],
'total_plays': item[5], 'total_plays': item['total_plays'],
'grandparent_thumb': item[7], 'grandparent_thumb': item['grandparent_thumb'],
'thumb': '', 'thumb': '',
'user': '', 'user': '',
'friendly_name': '', 'friendly_name': '',
'platform_type': '', 'platform_type': '',
'platform': '', 'platform': '',
'row_id': item[0] 'row_id': item['id']
} }
popular_music.append(row) popular_music.append(row)
@ -463,17 +463,17 @@ class DataFactory(object):
return None return None
for item in result: for item in result:
if not item[5] or item[5] == '': if not item['thumb'] or item['thumb'] == '':
user_thumb = common.DEFAULT_USER_THUMB user_thumb = common.DEFAULT_USER_THUMB
else: else:
user_thumb = item[5] user_thumb = item['thumb']
row = {'user': item[0], row = {'user': item['user'],
'user_id': item[6], 'user_id': item['user_id'],
'friendly_name': item[1], 'friendly_name': item['friendly_name'],
'total_plays': item[2], 'total_plays': item['total_plays'],
'total_duration': item[3], 'total_duration': item['total_duration'],
'last_play': item[4], 'last_play': item['last_watch'],
'user_thumb': user_thumb, 'user_thumb': user_thumb,
'grandparent_thumb': '', 'grandparent_thumb': '',
'users_watched': '', 'users_watched': '',
@ -512,12 +512,12 @@ class DataFactory(object):
for item in result: for item in result:
# Rename Mystery platform names # Rename Mystery platform names
platform_type = common.PLATFORM_NAME_OVERRIDES.get(item[0], item[0]) platform_type = common.PLATFORM_NAME_OVERRIDES.get(item['platform'], item['platform'])
row = {'platform': item[0], row = {'platform': item['platform'],
'total_plays': item[1], 'total_plays': item['total_plays'],
'total_duration': item[2], 'total_duration': item['total_duration'],
'last_play': item[3], 'last_play': item['last_watch'],
'platform_type': platform_type, 'platform_type': platform_type,
'title': '', 'title': '',
'thumb': '', 'thumb': '',
@ -570,24 +570,24 @@ class DataFactory(object):
return None return None
for item in result: for item in result:
if not item[8] or item[8] == '': if not item['grandparent_thumb'] or item['grandparent_thumb'] == '':
thumb = item[7] thumb = item['thumb']
else: else:
thumb = item[8] thumb = item['grandparent_thumb']
# Sanitize player name # Sanitize player name
player = helpers.sanitize(item["player"]) player = helpers.sanitize(item["player"])
row = {'row_id': item[0], row = {'row_id': item['id'],
'user': item[1], 'user': item['user'],
'friendly_name': item[2], 'friendly_name': item['friendly_name'],
'user_id': item[3], 'user_id': item['user_id'],
'user_thumb': item[4], 'user_thumb': item['user_thumb'],
'title': item[5], 'title': item['full_title'],
'rating_key': item[6], 'rating_key': item['rating_key'],
'thumb': thumb, 'thumb': thumb,
'grandparent_thumb': item[8], 'grandparent_thumb': item['grandparent_thumb'],
'last_watch': item[9], 'last_watch': item['last_watch'],
'player': player, 'player': player,
} }
last_watched.append(row) last_watched.append(row)
@ -615,26 +615,26 @@ class DataFactory(object):
stream_output = {} stream_output = {}
for item in result: for item in result:
stream_output = {'container': item[0], stream_output = {'container': item['container'],
'bitrate': item[1], 'bitrate': item['bitrate'],
'video_resolution': item[2], 'video_resolution': item['video_resolution'],
'width': item[3], 'width': item['width'],
'height': item[4], 'height': item['height'],
'aspect_ratio': item[5], 'aspect_ratio': item['aspect_ratio'],
'video_framerate': item[6], 'video_framerate': item['video_framerate'],
'video_codec': item[7], 'video_codec': item['video_codec'],
'audio_codec': item[8], 'audio_codec': item['audio_codec'],
'audio_channels': item[9], 'audio_channels': item['audio_channels'],
'transcode_video_dec': item[10], 'transcode_video_dec': item['video_decision'],
'transcode_video_codec': item[11], 'transcode_video_codec': item['transcode_video_codec'],
'transcode_height': item[12], 'transcode_height': item['transcode_height'],
'transcode_width': item[13], 'transcode_width': item['transcode_width'],
'transcode_audio_dec': item[14], 'transcode_audio_dec': item['audio_decision'],
'transcode_audio_codec': item[15], 'transcode_audio_codec': item['transcode_audio_codec'],
'transcode_audio_channels': item[16], 'transcode_audio_channels': item['transcode_audio_channels'],
'media_type': item[17], 'media_type': item['media_type'],
'title': item[18], 'title': item['title'],
'grandparent_title': item[19] 'grandparent_title': item['grandparent_title']
} }
return stream_output return stream_output
@ -684,25 +684,25 @@ class DataFactory(object):
return None return None
for row in result: for row in result:
if row[1] == 'episode' and row[8]: if row['media_type'] == 'episode' and row['parent_thumb']:
thumb = row[8] thumb = row['parent_thumb']
elif row[1] == 'episode': elif row['media_type'] == 'episode':
thumb = row[9] thumb = row['grandparent_thumb']
else: else:
thumb = row[7] thumb = row['thumb']
recent_output = {'row_id': row[0], recent_output = {'row_id': row['id'],
'type': row[1], 'type': row['media_type'],
'rating_key': row[2], 'rating_key': row['rating_key'],
'title': row[4], 'title': row['title'],
'parent_title': row[5], 'parent_title': row['parent_title'],
'grandparent_title': row[6], 'grandparent_title': row['grandparent_title'],
'thumb': thumb, 'thumb': thumb,
'index': row[10], 'index': row['media_index'],
'parent_index': row[11], 'parent_index': row['parent_media_index'],
'year': row[12], 'year': row['year'],
'time': row[13], 'time': row['started'],
'user': row[14] 'user': row['user']
} }
recently_watched.append(recent_output) recently_watched.append(recent_output)

8
plexpy/datatables.py
View file

@ -178,12 +178,18 @@ class DataTables(object):
filtered = self.ssp_db.select(query, args=args) filtered = self.ssp_db.select(query, args=args)
# Build grand totals # Build grand totals
totalcount = self.ssp_db.select('SELECT COUNT(id) from %s' % table_name)[0][0] totalcount = self.ssp_db.select('SELECT COUNT(id) as total_count from %s' % table_name)[0]['total_count']
# Get draw counter # Get draw counter
draw_counter = int(parameters['draw']) draw_counter = int(parameters['draw'])
# Paginate results
result = filtered[parameters['start']:(parameters['start'] + parameters['length'])] result = filtered[parameters['start']:(parameters['start'] + parameters['length'])]
# Sanitize on the way out
result = [{k: helpers.sanitize(v) if isinstance(v, basestring) else v for k, v in row.iteritems()}
for row in result]
output = {'result': result, output = {'result': result,
'draw': draw_counter, 'draw': draw_counter,
'filteredCount': len(filtered), 'filteredCount': len(filtered),

88
plexpy/graphs.py
View file

@ -76,10 +76,10 @@ class Graphs(object):
series_2_value = 0 series_2_value = 0
series_3_value = 0 series_3_value = 0
for item in result: for item in result:
if date_string == item[0]: if date_string == item['date_played']:
series_1_value = item[1] series_1_value = item['tv_duration']
series_2_value = item[2] series_2_value = item['movie_duration']
series_3_value = item[3] series_3_value = item['music_duration']
break break
else: else:
series_1_value = 0 series_1_value = 0
@ -165,10 +165,10 @@ class Graphs(object):
series_2_value = 0 series_2_value = 0
series_3_value = 0 series_3_value = 0
for item in result: for item in result:
if day_item == item[1]: if day_item == item['dayofweek']:
series_1_value = item[2] series_1_value = item['tv_duration']
series_2_value = item[3] series_2_value = item['movie_duration']
series_3_value = item[4] series_3_value = item['music_duration']
break break
else: else:
series_1_value = 0 series_1_value = 0
@ -240,10 +240,10 @@ class Graphs(object):
series_2_value = 0 series_2_value = 0
series_3_value = 0 series_3_value = 0
for item in result: for item in result:
if hour_item == item[0]: if hour_item == item['hourofday']:
series_1_value = item[1] series_1_value = item['tv_duration']
series_2_value = item[2] series_2_value = item['movie_duration']
series_3_value = item[3] series_3_value = item['music_duration']
break break
else: else:
series_1_value = 0 series_1_value = 0
@ -316,10 +316,10 @@ class Graphs(object):
series_2_value = 0 series_2_value = 0
series_3_value = 0 series_3_value = 0
for item in result: for item in result:
if date_string == item[0]: if date_string == item['datestring']:
series_1_value = item[1] series_1_value = item['tv_duration']
series_2_value = item[2] series_2_value = item['movie_duration']
series_3_value = item[3] series_3_value = item['music_duration']
break break
else: else:
series_1_value = 0 series_1_value = 0
@ -386,10 +386,10 @@ class Graphs(object):
series_3 = [] series_3 = []
for item in result: for item in result:
categories.append(common.PLATFORM_NAME_OVERRIDES.get(item[0], item[0])) categories.append(common.PLATFORM_NAME_OVERRIDES.get(item['platform'], item['platform']))
series_1.append(item[1]) series_1.append(item['tv_duration'])
series_2.append(item[2]) series_2.append(item['movie_duration'])
series_3.append(item[3]) series_3.append(item['music_duration'])
series_1_output = {'name': 'TV', series_1_output = {'name': 'TV',
'data': series_1} 'data': series_1}
@ -453,10 +453,10 @@ class Graphs(object):
series_3 = [] series_3 = []
for item in result: for item in result:
categories.append(item[0]) categories.append(item['friendly_name'])
series_1.append(item[1]) series_1.append(item['tv_duration'])
series_2.append(item[2]) series_2.append(item['movie_duration'])
series_3.append(item[3]) series_3.append(item['music_duration'])
series_1_output = {'name': 'TV', series_1_output = {'name': 'TV',
'data': series_1} 'data': series_1}
@ -540,10 +540,10 @@ class Graphs(object):
series_2_value = 0 series_2_value = 0
series_3_value = 0 series_3_value = 0
for item in result: for item in result:
if date_string == item[0]: if date_string == item['date_played']:
series_1_value = item[1] series_1_value = item['dp_duration']
series_2_value = item[2] series_2_value = item['ds_duration']
series_3_value = item[3] series_3_value = item['tc_duration']
break break
else: else:
series_1_value = 0 series_1_value = 0
@ -626,10 +626,10 @@ class Graphs(object):
series_3 = [] series_3 = []
for item in result: for item in result:
categories.append(item[0]) categories.append(item['resolution'])
series_1.append(item[1]) series_1.append(item['dp_duration'])
series_2.append(item[2]) series_2.append(item['ds_duration'])
series_3.append(item[3]) series_3.append(item['tc_duration'])
series_1_output = {'name': 'Direct Play', series_1_output = {'name': 'Direct Play',
'data': series_1} 'data': series_1}
@ -723,10 +723,10 @@ class Graphs(object):
series_3 = [] series_3 = []
for item in result: for item in result:
categories.append(item[0]) categories.append(item['resolution'])
series_1.append(item[1]) series_1.append(item['dp_duration'])
series_2.append(item[2]) series_2.append(item['ds_duration'])
series_3.append(item[3]) series_3.append(item['tc_duration'])
series_1_output = {'name': 'Direct Play', series_1_output = {'name': 'Direct Play',
'data': series_1} 'data': series_1}
@ -801,10 +801,10 @@ class Graphs(object):
series_3 = [] series_3 = []
for item in result: for item in result:
categories.append(common.PLATFORM_NAME_OVERRIDES.get(item[0], item[0])) categories.append(common.PLATFORM_NAME_OVERRIDES.get(item['platform'], item['platform']))
series_1.append(item[1]) series_1.append(item['dp_duration'])
series_2.append(item[2]) series_2.append(item['ds_duration'])
series_3.append(item[3]) series_3.append(item['tc_duration'])
series_1_output = {'name': 'Direct Play', series_1_output = {'name': 'Direct Play',
'data': series_1} 'data': series_1}
@ -882,10 +882,10 @@ class Graphs(object):
series_3 = [] series_3 = []
for item in result: for item in result:
categories.append(item[0]) categories.append(item['username'])
series_1.append(item[1]) series_1.append(item['dp_duration'])
series_2.append(item[2]) series_2.append(item['ds_duration'])
series_3.append(item[3]) series_3.append(item['tc_duration'])
series_1_output = {'name': 'Direct Play', series_1_output = {'name': 'Direct Play',
'data': series_1} 'data': series_1}

2
plexpy/helpers.py
View file

@ -433,6 +433,6 @@ def process_json_kwargs(json_kwargs):
def sanitize(string): def sanitize(string):
if string: if string:
return str(string).replace('<','&lt;').replace('>','&gt;') return unicode(string).replace('<','&lt;').replace('>','&gt;')
else: else:
return '' return ''

39
plexpy/users.py
View file

@ -271,17 +271,17 @@ class Users(object):
if user_id: if user_id:
monitor_db = database.MonitorDatabase() monitor_db = database.MonitorDatabase()
query = 'select username, ' \ query = 'select username, ' \
'(CASE WHEN friendly_name IS NULL THEN username ELSE friendly_name END),' \ '(CASE WHEN friendly_name IS NULL THEN username ELSE friendly_name END) as friendly_name,' \
'do_notify, keep_history, custom_avatar_url as thumb ' \ 'do_notify, keep_history, custom_avatar_url as thumb ' \
'FROM users WHERE user_id = ?' 'FROM users WHERE user_id = ?'
result = monitor_db.select(query, args=[user_id]) result = monitor_db.select(query, args=[user_id])
if result: if result:
user_detail = {'user_id': user_id, user_detail = {'user_id': user_id,
'user': result[0][0], 'user': result[0]['username'],
'friendly_name': result[0][1], 'friendly_name': result[0]['friendly_name'],
'thumb': result[0][4], 'thumb': result[0]['thumb'],
'do_notify': helpers.checked(result[0][2]), 'do_notify': helpers.checked(result[0]['do_notify']),
'keep_history': helpers.checked(result[0][3]) 'keep_history': helpers.checked(result[0]['keep_history'])
} }
return user_detail return user_detail
else: else:
@ -295,17 +295,17 @@ class Users(object):
elif user: elif user:
monitor_db = database.MonitorDatabase() monitor_db = database.MonitorDatabase()
query = 'select user_id, ' \ query = 'select user_id, ' \
'(CASE WHEN friendly_name IS NULL THEN username ELSE friendly_name END),' \ '(CASE WHEN friendly_name IS NULL THEN username ELSE friendly_name END) as friendly_name,' \
'do_notify, keep_history, custom_avatar_url as thumb ' \ 'do_notify, keep_history, custom_avatar_url as thumb ' \
'FROM users WHERE username = ?' 'FROM users WHERE username = ?'
result = monitor_db.select(query, args=[user]) result = monitor_db.select(query, args=[user])
if result: if result:
user_detail = {'user_id': result[0][0], user_detail = {'user_id': result[0]['user_id'],
'user': user, 'user': user,
'friendly_name': result[0][1], 'friendly_name': result[0]['friendly_name'],
'thumb': result[0][4], 'thumb': result[0]['thumb'],
'do_notify': helpers.checked(result[0][2]), 'do_notify': helpers.checked(result[0]['do_notify']),
'keep_history': helpers.checked(result[0][3])} 'keep_history': helpers.checked(result[0]['keep_history'])}
return user_detail return user_detail
else: else:
user_detail = {'user_id': None, user_detail = {'user_id': None,
@ -492,9 +492,9 @@ class Users(object):
result = monitor_db.select(query, args=[user]) result = monitor_db.select(query, args=[user])
for item in result: for item in result:
if item[0]: if item['total_time']:
total_time = item[0] total_time = item['total_time']
total_plays = item[1] total_plays = item['total_plays']
else: else:
total_time = 0 total_time = 0
total_plays = 0 total_plays = 0
@ -535,14 +535,11 @@ class Users(object):
for item in result: for item in result:
# Rename Mystery platform names # Rename Mystery platform names
platform_type = common.PLATFORM_NAME_OVERRIDES.get(item[2], item[2]) platform_type = common.PLATFORM_NAME_OVERRIDES.get(item['platform'], item['platform'])
# Sanitize player name row = {'player_name': item['player'],
player = helpers.sanitize(item[0])
row = {'player_name': player,
'platform_type': platform_type, 'platform_type': platform_type,
'total_plays': item[1], 'total_plays': item['player_count'],
'result_id': result_id 'result_id': result_id
} }
player_stats.append(row) player_stats.append(row)

2
plexpy/webserve.py
View file

@ -41,7 +41,7 @@ def serve_template(templatename, **kwargs):
interface_dir = os.path.join(str(plexpy.PROG_DIR), 'data/interfaces/') interface_dir = os.path.join(str(plexpy.PROG_DIR), 'data/interfaces/')
template_dir = os.path.join(str(interface_dir), plexpy.CONFIG.INTERFACE) template_dir = os.path.join(str(interface_dir), plexpy.CONFIG.INTERFACE)
_hplookup = TemplateLookup(directories=[template_dir]) _hplookup = TemplateLookup(directories=[template_dir], default_filters=['unicode', 'h'])
server_name = plexpy.CONFIG.PMS_NAME server_name = plexpy.CONFIG.PMS_NAME