print('
print('
print('%s\n' % (cgi.escape(text) or '?')) # if has </>s
def viewattachmentlinks(partnames):
"""
create hyperlinks to locally saved part/attachment files
when clicked, user's web browser will handle opening
assumes just one user, only valid while viewing 1 msg
"""
print('
| Parts:') for filename in partnames: basename = os.path.basename(filename) filename = filename.replace('\', '/') # Windows hack print(' | %s' % (filename, basename)) print(' |
|---|
')
def viewpage(msgnum, headers, text, form, parts=[]):
"""
on View + select (generated link click)
very subtle thing: at this point, pswd was URL encoded in the
link, and then unencoded by CGI input parser; it's being embedded
in HTML here, so we use cgi.escape; this usually sends nonprintable
chars in the hidden field's HTML, but works on ie and ns anyhow:
in url: ?user=lutz&mnum=3&pswd=%8cg%c2P%1e%f0%5b%c5J%1c%f3&...
in html:
could urllib.parse.quote html field here too, but must urllib.parse.unquote
in next script (which precludes passing the inputs in a URL instead
of the form); can also fall back on numeric string fmt in secret.py
"""
pageheader(kind='View')
user, pswd, site = list(map(cgi.escape, getstandardpopfields(form)))
print('
pagefooter()
def sendattachmentwidgets(maxattach=3):
print('
Attach:
')
for i in range(1, maxattach+1):
print('
' % i)
print('
Utility Modules | 1289