[Owasp-o2-platform] O2 Saved The Day Again!

Joe Dawson jdawson.nf at gmail.com
Sun Jan 2 16:29:41 EST 2011


Like most of you I am an IT security Consultant was introduced to O2 via
OWASP and have had the pleasure to know Dinis Cruz.

The funny thing is that the use I had today for O2 had nothing to do with
security so I was not thinking of using O2 to solve this problem.

Over the Christmas and New Years I migrated one of my Wife's photography
blogs to a hosting provider known as Squarespace.  The problem was that the
web site has 3,000+ images and while moving the images was easy moving the
titles or descriptions a huge manual effort.

The hosting provider has a great service and if your adding one image at a
time you can enter the title and description for each image. But no options
to do bulk description or title changes.   So when I went looking for a
solution on Twitter Dinis replied back and said "You could use O2 for
that!"

I know Denis well enough not to discount anything he says, but I also know
that if asked he was asked he would likely suggest that O2 could make bread.

But sure enough O2 was the perfect solution for my problem.  With a simple
scripts to pull the database sequence numbers for each image hidden within
the the "javascript:doModifyPicture(####)".  And then another simple script
to post back the of each image with updated title, or description
information.

A job that would have taken days was done in very short order.  Now the
point of the post is not to say this is a very complex or amazing use of
O2.  It is likely quite a trivial use of the tool to be honest. The point
was that before I looked at using O2 I looked at a number of commercial web
scripting data entry automation tool on the market.  Many of the tools cost
tens of thousands of dollars and none of them could provided a better faster
method of getting this done then O2 did.

The opportunity for data mining and migration with O2 have ever bit as much
potential as the IT security ones we think of every day.

Have a great new years to all.  And once again thanks to Dinis and O2 for
saving the day.

All the best,

Joe Dawson

---------------- Pulling out he Sequence # --------------------------
panel.clear();

var ie = panel.add_IE().silent(true);
var baseUrl = "http://xxxxxx.squarespace.com";

Action logout =
    ()=>{
            if (ie.hasLink("Logout"))
            {
                ie.link("Logout").click();
                ie.open(baseUrl);
            }
        };


Func<string, string,bool> login =
    (username, password) => {
                                if (ie.hasLink("Logout"))    // check if we
are already logged in
                                    return true;
                                else
                                {
                                    "Logging in".info();
                                    ie.link("Login").click();
                                    ie.field("username",username);
                                    ie.field("password",password);
                                    ie.button("Login").click();
                                    if (ie.hasLink("Logout"))
                                    {
                                        "Login ok".info();
                                        return true;
                                    }
                                    else
                                        "Login
Failed".error();
                                }
                                return false;
                            };

ie.open(baseUrl);
login("XXXXXX","XXXXX");

//return ie.link("modify");

ie.open("http://xxxxx.squarespace.com/gallery/");
var modifyLinks = new List<string>();
foreach(var url in ie.links().urls())
    if (url.valid() && url.contains("doModifyPicture"))
        modifyLinks.add(url);
return modifyLinks.save();


  ie.open("http://xxxxx.squarespace.com/gallery/");

 ie.link("modify").click();

ie.IE.Frames[0].TextField(Find.ByName("title")).value("test1234");
return ie.link("inlineSaveTarget").click();

return "ok";

//O2File:WatiN_IE_ExtensionMethods.cs
//using O2.XRules.Database.Utils.O2
//using WatiN.Core
//O2Ref:WatiN.Core.1x.dll


---------------------------------------- Post updates------------------

var localFile = @"file with sequence #";

var links = localFile.load<List<string>>();
for(int i=0; i < links.size(); i ++)
    links[i] =
links[i].remove("javascript:doModifyPicture(").removeLastChar().removeLastChar();

var cookie = "ss_lastvisit=1293812188153; SS_FIELD_username=dinis;
JSESSIONID=4DE321BDA9D8BFA9902A81C0A31B9186.web114;
LB=1912711360.20480.0000";
var authKey = "H%2BnDvlZbJ0DtP5GByRpTag%3D%3D";

Action<string, string,string> changePicture =
    (imageId,  title, filename)=>{

                                            var urlTemplate = "
http://xxxx.squarespace.com/process/admin/ModifyPicture?moduleId=8985990&pictureId={0}&directReturn=false<https://bitstop.squarespace.com/process/admin/ModifyPicture?moduleId=8985990&pictureId=%7B0%7D&directReturn=false>";

                                            var url =
urlTemplate.format(imageId);
                                            var postData =
"SS_AUTHKEY={0}&SSScrollPosition=0&reload=false&keepOpen=false&title={1}&filename={2}&syntacticEducationType=0&editingMode=1&body="

 .format(authKey, title, filename);

 Web.Https.ignoreServerSslErrors();
                                            var response = new
Web().getUrlContents_POST(url, cookie, postData);
                                        };

var myTitle = "This is a new title..";
var myFilename = myTitle;
var myImageId= links[1];


var dataFile =  @"file with image titles";

var lines = dataFile.fileContents().lines();
for(int i=0; i < lines.size(); i++)
{
    "[{0}/{1}] Setting image id '{2}' the title '{3}'".info(i, lines.size(),
links[i],lines[i]);
     changePicture(links[i], lines[i], lines[i]);
 "all done".debug();

return "ok";


------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20110102/48f8bcc9/attachment.html 


More information about the Owasp-o2-platform mailing list