[Zope-Checkins] CVS: Zope/lib/python/App - ApplicationManager.py:1.91 Dialogs.py:1.9 Management.py:1.66 PersistentExtra.py:1.10

Tres Seaver tseaver at zope.com
Thu Jan 15 17:44:37 EST 2004 

Update of /cvs-repository/Zope/lib/python/App
In directory cvs.zope.org:/tmp/cvs-serv19785/lib/python/App

Modified Files:
	ApplicationManager.py Dialogs.py Management.py 
	PersistentExtra.py 
Log Message:


  - Merge CGI-escape templating changes from 2.6 / 2.7 audit work.


=== Zope/lib/python/App/ApplicationManager.py 1.90 => 1.91 ===
--- Zope/lib/python/App/ApplicationManager.py:1.90	Tue Nov 18 08:16:58 2003
+++ Zope/lib/python/App/ApplicationManager.py	Thu Jan 15 17:43:58 2004
@@ -30,6 +30,7 @@
 from AccessControl import getSecurityManager
 from zExceptions import Redirect
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
+from cgi import escape
 import zLOG
 import Lifetime
 
@@ -400,7 +401,7 @@
             <head><meta HTTP-EQUIV=REFRESH CONTENT="5; URL=%s/manage_main">
             </head>
             <body>Zope is restarting</body></html>
-            """ % URL1
+            """ % escape(URL1)
 
     def manage_shutdown(self):
         """Shut down the application"""


=== Zope/lib/python/App/Dialogs.py 1.8 => 1.9 ===
--- Zope/lib/python/App/Dialogs.py:1.8	Wed Aug 14 17:31:40 2002
+++ Zope/lib/python/App/Dialogs.py	Thu Jan 15 17:44:04 2004
@@ -39,11 +39,11 @@
 MessageDialog = HTML("""
 <HTML>
 <HEAD>
-<TITLE><dtml-var title></TITLE>
+<TITLE>&dtml-title;</TITLE>
 </HEAD>
 <BODY BGCOLOR="#FFFFFF">
-<FORM ACTION="<dtml-var action>" METHOD="GET" <dtml-if
- target>TARGET="<dtml-var target>"</dtml-if>>
+<FORM ACTION="&dtml-action;" METHOD="GET" <dtml-if
+ target>TARGET="&dtml-target;"</dtml-if>>
 <TABLE BORDER="0" WIDTH="100%" CELLPADDING="10">
 <TR>
   <TD VALIGN="TOP">


=== Zope/lib/python/App/Management.py 1.65 => 1.66 ===
--- Zope/lib/python/App/Management.py:1.65	Fri Nov 28 11:44:25 2003
+++ Zope/lib/python/App/Management.py	Thu Jan 15 17:44:04 2004
@@ -21,6 +21,7 @@
 from Globals import DTMLFile, HTMLFile
 from zExceptions import Redirect
 from AccessControl import getSecurityManager, Unauthorized
+from cgi import escape
 
 class Tabs(ExtensionClass.Base):
     """Mix-in provides management folder tab support."""
@@ -89,16 +90,16 @@
         script = REQUEST['BASEPATH1']
         linkpat = '<a href="%s/manage_workspace">%s</a>'
         out = []
-        url = linkpat % (script, '&nbsp;/')
+        url = linkpat % (escape(script, 1), '&nbsp;/')
         if not steps:
             return url
         last = steps.pop()
         for step in steps:
             script = '%s/%s' % (script, step)
-            out.append(linkpat % (script, unquote(step)))
+            out.append(linkpat % (escape(script, 1), escape(unquote(step))))
         script = '%s/%s' % (script, last)
         out.append('<a class="strong-link" href="%s/manage_workspace">%s</a>'%
-                   (script, unquote(last)))
+                   (escape(script, 1), escape(unquote(last))))
         return '%s%s' % (url, '/'.join(out))
 
     def tabs_path_info(self, script, path,


=== Zope/lib/python/App/PersistentExtra.py 1.9 => 1.10 ===
--- Zope/lib/python/App/PersistentExtra.py:1.9	Fri Nov 28 11:45:21 2003
+++ Zope/lib/python/App/PersistentExtra.py	Thu Jan 15 17:44:04 2004
@@ -11,6 +11,8 @@
 #
 ##############################################################################
 
+import ZODB
+
 from class_init import default__class_init__
 from Persistence import Persistent
 import Globals

More information about the Zope-Checkins mailing list