@ -106,7 +106,7 @@ def drilldown_search(request, return_context=False, template=None):
query_params . update ( tmp_get )
if " index " in query_params :
if not request . user . is_superuser :
if not request . user . is_superuser and not query_params [ " index " ] == " main " :
message = " You can ' t use the index parameter "
message_class = " danger "
context = { " message " : message , " class " : message_class }
@ -253,7 +253,7 @@ class DrilldownContextModal(APIView):
self . template_name = " modals/context_table.html "
size = 20
nicks = None
nicks _sensitive = None
query = False
# Create the query params from the POST arguments
mandatory = [ " net " , " channel " , " num " , " src " , " index " , " nick " , " type " , " mtype " ]
@ -272,51 +272,57 @@ class DrilldownContextModal(APIView):
if settings . HASHING :
SAFE_PARAMS = deepcopy ( query_params )
hash_lookup ( SAFE_PARAMS )
else :
SAFE_PARAMS = query_params
type = None
# SUPERUSER BLOCK #
if request . user . is_superuser :
if " type " in SAFE_PARAMS :
type = SAFE_PARAMS [ " type " ]
if " type " in query_params :
type = query_params [ " type " ]
if type == " znc " :
query_params [ " channel " ] = " *status "
SAFE_PARAMS [ " channel " ] = " *status "
if type in [ " query " , " notice " ] :
nicks = [ SAFE_PARAMS [ " channel " ] , SAFE_PARAMS [ " nick " ] ]
nicks_sensitive = [
SAFE_PARAMS [ " channel " ] ,
SAFE_PARAMS [ " nick " ] ,
] # UNSAFE
# nicks = [query_params["channel"], query_params["nick"]]
query = True
if (
SAFE_PARAMS [ " index " ] == " int "
and SAFE_PARAMS [ " mtype " ] == " msg "
query_params [ " index " ] == " int "
and query_params [ " mtype " ] == " msg "
and not type == " query "
) :
query_params [ " index " ] = " main "
SAFE_PARAMS [ " index " ] = " main "
if SAFE_PARAMS [ " type " ] in [ " znc " , " auth " ] :
if query_params [ " type " ] in [ " znc " , " auth " ] :
query = True
# SUPERUSER BLOCK #
if not request . user . is_superuser :
if " index " in SAFE_PARAMS :
SAFE_PARAMS [ " index " ] = " main "
query_params [ " index " ] = " main "
SAFE_PARAMS [ " index " ] = " main "
SAFE_PARAMS [ " sorting " ] = " desc "
query_params [ " sorting " ] = " desc "
SAFE_PARAMS [ " index " ] = " main "
annotate = False
if SAFE_PARAMS [ " src " ] == " irc " :
if SAFE_PARAMS[ " type " ] in [ " query " , " notice " , " msg " , " highlight " ] :
if query_params [ " src " ] == " irc " :
if query_params[ " type " ] not in [ " znc " , " auth " ] :
annotate = True
# Create the query with the context helper
search_query = construct_query (
SAFE_PARAMS [ " index " ] ,
query_params [ " index " ] ,
SAFE_PARAMS [ " net " ] ,
SAFE_PARAMS [ " channel " ] ,
SAFE_PARAMS [ " src " ] ,
query_params [ " src " ] ,
SAFE_PARAMS [ " num " ] ,
size ,
type = type ,
nicks = nicks ,
nicks = nicks _sensitive ,
)
results = query_results (
@ -331,10 +337,18 @@ class DrilldownContextModal(APIView):
if " message " in results :
return render ( request , self . template_name , results )
if settings . HASHING : # we probably want to see the tokens
if not request . user . has_perm ( " bypass_hashing " ) :
for index , item in enumerate ( results [ " object_list " ] ) :
if " tokens " in item :
results [ " object_list " ] [ index ] [ " msg " ] = results [ " object_list " ] [
index
] . pop ( " tokens " )
# item["msg"] = item.pop("tokens")
# Make the time nicer
# for index, item in enumerate(results["object_list"]):
# results["object_list"][index]["time"] = item["time"]+"SSS"
context = {
" net " : query_params [ " net " ] ,
" channel " : query_params [ " channel " ] ,
@ -396,18 +410,17 @@ class ThresholdInfoModal(APIView):
inter_chans = get_chans ( safe_net , users )
else :
inter_chans = [ ]
hash_list ( inter_chans)
hash_list ( inter_users)
hash_list ( request. user , inter_chans)
hash_list ( request. user , inter_users)
hash_list ( num_chans, hash_keys = True )
hash_list ( num_users, hash_keys = True )
hash_list ( request. user , num_chans, hash_keys = True )
hash_list ( request. user , num_users, hash_keys = True )
hash_list ( channels)
hash_list ( users)
hash_list ( request. user , channels)
hash_list ( request. user , users)
# SAFE BLOCK END #
nick = nick . replace ( " | " , " " )
channel = channel . replace ( " | " , " " )
context = {
" net " : net ,
" nick " : nick ,