Update bbexplorer.cgi

bbexplorer.cgi

@@ -59,15 +59,15 @@ import cgi, cgitb
 import os, sys
 import subprocess
 import re
-import md5
+from hashlib import md5
 import datetime
 import tarfile
 import tempfile
 
 # Globals
-script_path = os.path.realpath(sys.argv[0])
-script_user = os.stat(script_path)[4]
-path_temp = os.path.join(tempfile.gettempdir(), 'boxbackup')
+SCRIPT_PATH = os.path.realpath(sys.argv[0])
+SCRIPT_USER = os.stat(SCRIPT_PATH)[4]
+PATH_TEMP = os.path.join(tempfile.gettempdir(), 'boxbackup')
 
 
 class Templite(object):
@@ -472,7 +472,7 @@ ${:endif}$
     src="http://www.joonis.de/common/images/joonis_button.gif"
     title="joonis new media" /></a>
 <a href="http://www.joonis.de/boxbackup-explorer"
-    target="_blank">Box Backup Explorer 0.2.3</a>
+    target="_blank">Box Backup Explorer 0.2.4</a>
 </div>
 </body>
 </html>
@@ -483,9 +483,9 @@ ${:endif}$
         self.message = {'info': [], 'error': []}
         
     def __sudo(self, *args):
-        '''Execute a method of class SudoAccess via sudo'''
+        """Execute a method of class SudoAccess via sudo"""
         proc = subprocess.Popen(
-                [path_sudo, script_path] + list(args),
+                [PATH_SUDO, SCRIPT_PATH] + list(args),
                 stdout=subprocess.PIPE,
                 stderr=subprocess.PIPE,
                 )
@@ -501,10 +501,10 @@ ${:endif}$
         # Some security checks
         remote_user = os.environ.get('REMOTE_USER')
         remote_addr = os.environ.get('REMOTE_ADDR')
-        if script_user != os.geteuid() \
-            or (auth_hosts and remote_addr not in auth_hosts) \
-            or (auth_users and remote_user not in auth_users) \
-            or not (auth_users or remote_user):
+        if SCRIPT_USER != os.geteuid() \
+            or (AUTH_HOSTS and remote_addr not in AUTH_HOSTS) \
+            or (AUTH_USERS and remote_user not in AUTH_USERS) \
+            or not (AUTH_USERS or remote_user):
             return '''Status: 403 Forbidden\nContent-Type: text/html; charset=utf-8\n
                 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
                 <html>
@@ -522,7 +522,7 @@ ${:endif}$
         info = self.message['info']
         error = self.message['error']
         
-        if None in auth_users:
+        if None in AUTH_USERS:
             info.append('<b>Warning:</b> Anonymous users not blocked!')
         
         # Process extraction
@@ -536,9 +536,9 @@ ${:endif}$
             else:
                 # Prepare target folder
                 if download:
-                    target = path_temp
+                    target = PATH_TEMP
                 else:
-                    target = form.getfirst('target', path_temp)
+                    target = form.getfirst('target', PATH_TEMP)
                 target = os.path.normpath(target)
                 if not target.startswith('/'):
                     error.append('Target directory must be an absolute path')
@@ -566,7 +566,7 @@ ${:endif}$
                                 status = -1
                         if not status:
                             result = self.__sudo('extract', isfile, deleted, dir, object_id, dst_path)
-                            if result.count('fetched sucessfully') or result.count('Restore complete'):
+                            if result in ('', '...') or result.count('fetched sucessfully') or result.count('Restore complete'):
                                 info.append("%s '%s' successfully extracted to '%s'" % (src_type[int(isfile)], name, target))
                                 status = 1
                             else:
@@ -575,7 +575,7 @@ ${:endif}$
                         if restore:
                             extracted[object_id] = status
                             if int(isold):
-                                extracted[md5.md5(name).hexdigest()] = status
+                                extracted[md5(name).hexdigest()] = status
                 # Create tar archive
                 if download and not error:
                     tar_path = self.__sudo('pack', target)
@@ -589,8 +589,8 @@ ${:endif}$
                         retval.append(tar.read())
                         tar.close()
                     if tar_path and os.path.exists(tar_path):
-                        os.remove(tar_path)
-                    self.__sudo('removedir', target)
+                        self.__sudo('remove', tar_path)
+                    self.__sudo('remove', target)
                     if not error:
                         return '\n'.join(retval)
         
@@ -611,14 +611,14 @@ ${:endif}$
                         'id': cols[0],
                         'name': cols[4],
                         'modified': modified,
-                        'size': int(cols[3]) * blocksize,
+                        'size': int(cols[3]) * BLOCKSIZE,
                         'file': ('f' in cols[1]),
                         'directory': ('d' in cols[1]),
                         'deleted': ('X' in cols[1]),
                         'old': ('o' in cols[1]),
                         'remove': ('R' in cols[1]),
                         'attributes': ('a' in cols[1]),
-                        'md5': md5.md5(cols[4]).hexdigest(),
+                        'md5': md5(cols[4]).hexdigest(),
                         'new': (now - modified).days == 0,
                         }
                     # Group objects by name
@@ -660,8 +660,8 @@ ${:endif}$
         return self.template.render({
             'request_uri': os.environ['REQUEST_URI'],
             'script_name': os.environ['SCRIPT_NAME'],
-            'path_images': path_images,
-            'path_temp': path_temp,
+            'path_images': PATH_IMAGES,
+            'path_temp': PATH_TEMP,
             'dir': dir,
             'message': self.message,
             'content': content,
@@ -674,16 +674,16 @@ class SudoAccess(object):
     """These methods are executed with root privileges"""
     
     def __init__(self):
-        if script_user != int(os.environ.get('SUDO_UID', -1)):
+        if SCRIPT_USER != int(os.environ.get('SUDO_UID', -1)):
             raise Exception('Executing user does not match script owner')
     
     def __bbquery(self, *args):
-        '''Send a query to storage server'''
-        return subprocess.call([path_bbquery, '-q'] + list(args) + ['quit'])
+        """Send a query to storage server"""
+        return subprocess.call([PATH_BBQUERY, '-q'] + list(args) + ['quit'])
     
     def _check_dir(self, dir):
-        if not dir.startswith(path_temp):
-            raise Exception('Path (%s) does not match temp path (%s)!' % (dir, path_temp))
+        if not dir.startswith(PATH_TEMP):
+            raise Exception('Path (%s) does not match temp path (%s)!' % (dir, PATH_TEMP))
     
     def list(self, dir):
         return self.__bbquery('list -dots "%s"' % dir)
@@ -704,14 +704,17 @@ class SudoAccess(object):
         os.makedirs(dir)
         return 0
     
-    def removedir(self, dir):
-        self._check_dir(dir)
-        for root, dirs, files in os.walk(dir, topdown=False):
+    def remove(self, path):
+        self._check_dir(path)
+        if os.path.isfile(path):
+            os.remove(path)
+            return 0
+        for root, dirs, files in os.walk(path, topdown=False):
             for name in files:
                 os.remove(os.path.join(root, name))
             for name in dirs:
                 os.rmdir(os.path.join(root, name))
-        os.rmdir(dir)
+        os.rmdir(path)
         return 0
     
     def rename(self, path):
@@ -725,14 +728,14 @@ class SudoAccess(object):
         print dst
         return 0
     
-    def pack(self, dir):
-        self._check_dir(dir)
-        file = dir + '.tar.gz'
+    def pack(self, path):
+        self._check_dir(path)
+        file = path + '.tar.gz'
         tar = tarfile.open(file, 'w:gz')
         print file
-        tar.add(dir, os.path.split(dir)[1])
+        tar.add(path, os.path.split(path)[1])
         tar.close()
-        os.chown(file, script_user, script_user)
+        os.chown(file, SCRIPT_USER, SCRIPT_USER)
         return 0