[Zope-Checkins] CVS: Zope/lib/python/Products/PluginIndexes/TextIndex - TextIndex.py:1.33
Martijn Pieters
mj@zope.com
Thu, 1 Aug 2002 12:01:11 -0400
Update of /cvs-repository/Zope/lib/python/Products/PluginIndexes/TextIndex
In directory cvs.zope.org:/tmp/cvs-serv9325/lib/python/Products/PluginIndexes/TextIndex
Modified Files:
TextIndex.py
Log Message:
Big change
- Make DTML automatically html quote data indirectly taken from REQUEST
which contain a '<'. Make sure (almost) all string operation preserve the
taint on this data.
- Fix exceptions that use REQUEST data; quote the data.
- Don't let form and cookie values mask the REQUEST computed values such as
URL0 and BASE1.
=== Zope/lib/python/Products/PluginIndexes/TextIndex/TextIndex.py 1.32 => 1.33 ===
from Lexicon import Lexicon
from types import *
+from cgi import escape
class Op:
def __init__(self, name):
@@ -482,7 +483,7 @@
query_operator = operator_dict.get(qop)
if query_operator is None:
raise exceptions.RuntimeError, ("Invalid operator '%s' "
- "for a TextIndex" % qop)
+ "for a TextIndex" % escape(qop))
r = None
for key in record.keys: