[Zope-Checkins] CVS: Zope/lib/python/Products/Transience - Transience.py:1.24.4.1
Martijn Pieters
mj@zope.com
Thu, 1 Aug 2002 12:01:30 -0400
Update of /cvs-repository/Zope/lib/python/Products/Transience
In directory cvs.zope.org:/tmp/cvs-serv9310/lib/python/Products/Transience
Modified Files:
Tag: Zope-2_5-branch
Transience.py
Log Message:
Big change, merge from trunk.
- Make DTML automatically html quote data indirectly taken from REQUEST
which contain a '<'. Make sure (almost) all string operation preserve the
taint on this data.
- Fix exceptions that use REQUEST data; quote the data.
- Don't let form and cookie values mask the REQUEST computed values such as
URL0 and BASE1.
=== Zope/lib/python/Products/Transience/Transience.py 1.24 => 1.24.4.1 ===
from BTrees.Length import Length
from zLOG import LOG, WARNING, BLATHER
import os, math, time, sys, random
+from cgi import escape
DEBUG = os.environ.get('Z_TOC_DEBUG', '')
@@ -302,12 +303,12 @@
def _setTimeout(self, timeout_mins):
if type(timeout_mins) is not type(1):
- raise TypeError, (timeout_mins, "Must be integer")
+ raise TypeError, (escape(`timeout_mins`), "Must be integer")
self._timeout_secs = timeout_mins * 60
def _setLimit(self, limit):
if type(limit) is not type(1):
- raise TypeError, (limit, "Must be integer")
+ raise TypeError, (escape(`limit`), "Must be integer")
self._limit = limit
def _setLastAccessed(self, transientObject):