[Zope-Checkins] CVS: Zope/lib/python/Products/ZCatalog - Catalog.py:1.81.16.1
Martijn Pieters
mj@zope.com
Thu, 1 Aug 2002 12:01:30 -0400
Update of /cvs-repository/Zope/lib/python/Products/ZCatalog
In directory cvs.zope.org:/tmp/cvs-serv9310/lib/python/Products/ZCatalog
Modified Files:
Tag: Zope-2_5-branch
Catalog.py
Log Message:
Big change, merge from trunk.
- Make DTML automatically html quote data indirectly taken from REQUEST
which contain a '<'. Make sure (almost) all string operation preserve the
taint on this data.
- Fix exceptions that use REQUEST data; quote the data.
- Don't let form and cookie values mask the REQUEST computed values such as
URL0 and BASE1.
=== Zope/lib/python/Products/ZCatalog/Catalog.py 1.81 => 1.81.16.1 ===
from Products.PluginIndexes.common.randid import randid
import time
+from cgi import escape
class Catalog(Persistent, Acquisition.Implicit, ExtensionClass.Base):
""" An Object Catalog
@@ -568,7 +569,8 @@
' used as a sort index.'
)
else:
- raise CatalogError, ('Unknown sort_on index %s' % sort_index)
+ raise CatalogError, ('Unknown sort_on index %s' %
+ escape(sort_index))
# Perform searches with indexes and sort_index
r=[]