[CMF-checkins] CVS: CMF/CMFDefault/skins/content - document_edit.py:1.3.34.1 newsitem_edit.py:1.3.8.1

Tres Seaver tseaver@zope.com
Sun, 21 Jul 2002 19:52:14 -0400


Update of /cvs-repository/CMF/CMFDefault/skins/content
In directory cvs.zope.org:/tmp/cvs-serv30054/CMFDefault/skins/content

Modified Files:
      Tag: CMF-1_3-branch
	document_edit.py newsitem_edit.py 
Log Message:


  - DefaultWorkflow.py:

    o Accomodate utility function renaming.

    o Normalize imports.

  - Document.py:

    o Accomodate utility function renaming.

  - __init__.py:

    o Make explicit module security assertions, enabling scripting
      access to 'utils'.

  - utils.py:

    o Rename private functions to start with '_'.

    o Rename public functions not to.

  - skins/content/document_edit.py:

    o Wire in check for unwanted HTML via 'utils.scrubHTML'.

  - skins/content/newsitem_edit.py:

    o Wire in check for unwanted HTML via 'utils.scrubHTML'.


=== CMF/CMFDefault/skins/content/document_edit.py 1.3 => 1.3.34.1 ===
 ##parameters=text_format, text, file='', SafetyBelt='', choice=' Change '
 ##title=Edit a document
 try:
+    from Products.CMFDefault.utils import scrubHTML
+    text = scrubHTML( text ) # Strip Javascript, etc.
     context.edit( text_format
                 , text
                 , file
@@ -20,8 +22,8 @@
                                                 ) )
 except Exception, msg:
     target_action = context.getTypeInfo().getActionById( 'edit' )
-    context.REQUEST.RESPONSE.redirect('%s/%s?portal_status_message=%s' % (
-                                                                       context.absolute_url()
-                                                                     , target_action
-                                                                     , msg
-                                                                     ))
+    context.REQUEST.RESPONSE.redirect(
+        '%s/%s?portal_status_message=%s' % ( context.absolute_url()
+                                           , target_action
+                                           , msg
+                                           ) )


=== CMF/CMFDefault/skins/content/newsitem_edit.py 1.3 => 1.3.8.1 ===
 ## Script (Python) "newsitem_edit"
 ##parameters=text, description, text_format=None, choice=' Change '
 ##title=Edit a news item
+try:
+    from Products.CMFDefault.utils import scrubHTML
+    text = scrubHTML( text ) # Strip Javascript, etc.
+    description = scrubHTML( description )
  
-context.edit(text=text, description=description, text_format=text_format)
+    context.edit(text=text, description=description, text_format=text_format)
 
-qst='portal_status_message=News+Item+changed.'
+    qst='portal_status_message=News+Item+changed.'
 
-if choice == ' Change and View ':
-    target_action = context.getTypeInfo().getActionById( 'view' )
-else:
-    target_action = context.getTypeInfo().getActionById( 'edit' )
+    if choice == ' Change and View ':
+        target_action = context.getTypeInfo().getActionById( 'view' )
+    else:
+        target_action = context.getTypeInfo().getActionById( 'edit' )
 
-context.REQUEST.RESPONSE.redirect( '%s/%s?%s' % ( context.absolute_url()
-                                                , target_action
-                                                , qst
-                                                ) )
+    context.REQUEST.RESPONSE.redirect( '%s/%s?%s' % ( context.absolute_url()
+                                                    , target_action
+                                                    , qst
+                                                    ) )
+except Exception, msg:
+    target_action = context.getTypeInfo().getActionById( 'edit' )
+    context.REQUEST.RESPONSE.redirect(
+        '%s/%s?portal_status_message=%s' % ( context.absolute_url()
+                                           , target_action
+                                           , msg
+                                           ) )