Mercurial Mercurial > pub > hg > cubicweb / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
misc/scripts/drop_external_entities.py
author Julien Cristau <julien.cristau@logilab.fr>
Wed, 05 Feb 2014 16:34:21 +0100
branchstable
changeset 9523 cd5738fc440f
parent 8900 010a59e12d89
permissions -rw-r--r--
[ajax] use a custom tag to handle dynamically loaded js Using <pre class="script"> makes it trivial for a malicious user to inject arbitrary javascript into a html or rest text element (because it looks innocent to the html sanitizer). Using a custom tag we can be sure that it actually comes from our code and not from untrusted user data. IE ignores custom tags, though, so we put it in its own namespace. https://extranet.logilab.fr/1530578

from cubicweb import UnknownEid
source, = __args__

sql("DELETE FROM entities WHERE type='Int'")

ecnx = session.cnxset.connection(source)
for e in rql('Any X WHERE X cw_source S, S name %(name)s', {'name': source}).entities():
    meta = e.cw_metainformation()
    assert meta['source']['uri'] == source
    try:
        suri = ecnx.describe(meta['extid'])[1]
    except UnknownEid:
        print 'cant describe', e.cw_etype, e.eid, meta
        continue
    if suri != 'system':
        try:
            print 'deleting', e.cw_etype, e.eid, suri, e.dc_title().encode('utf8')
            repo.delete_info(session, e, suri, scleanup=e.eid)
        except UnknownEid:
            print '  cant delete', e.cw_etype, e.eid, meta


commit()
cubicweb