[Zope-Checkins] CVS: Zope/lib/python/Products/SiteAccess - AccessRule.py:1.6 SiteRoot.py:1.8

[Tres Seaver]

Update of /cvs-repository/Zope/lib/python/Products/SiteAccess
In directory cvs.zope.org:/tmp/cvs-serv21847/SiteAccess

Modified Files:
	AccessRule.py SiteRoot.py 
Log Message:
 - Merge CGI escapes from 2.6 / 2.7 audit.


=== Zope/lib/python/Products/SiteAccess/AccessRule.py 1.5 => 1.6 ===
--- Zope/lib/python/Products/SiteAccess/AccessRule.py:1.5	Fri Jan 24 11:55:47 2003
+++ Zope/lib/python/Products/SiteAccess/AccessRule.py	Thu Jan 15 17:54:10 2004
@@ -8,6 +8,7 @@
  registerBeforeTraverse, unregisterBeforeTraverse, queryBeforeTraverse, \
  NameCaller
 import os
+from cgi import escape
 
 SUPPRESS_ACCESSRULE = os.environ.has_key('SUPPRESS_ACCESSRULE')
 
@@ -60,12 +61,13 @@
         if REQUEST:
             return MessageDialog(title='Access Rule Set',
               message='"%s" is now the Access Rule for this object'
-                      % method_id,
+                      % escape(method_id),
               action='%s/manage_main' % REQUEST['URL1'])
     else:
         if REQUEST:
             return MessageDialog(title='Invalid Method Id',
-              message='"%s" is not the Id of a method of this object' % method_id,
+              message='"%s" is not the Id of a method of this object'
+                      % escape(method_id),
               action='%s/manage_main' % REQUEST['URL1'])
 
 def getAccessRule(self, REQUEST=None):


=== Zope/lib/python/Products/SiteAccess/SiteRoot.py 1.7 => 1.8 ===
--- Zope/lib/python/Products/SiteAccess/SiteRoot.py:1.7	Tue Sep  9 15:14:47 2003
+++ Zope/lib/python/Products/SiteAccess/SiteRoot.py	Thu Jan 15 17:54:10 2004
@@ -9,6 +9,7 @@
 from ExtensionClass import Base
 from ZPublisher import BeforeTraverse
 import os
+from cgi import escape
 
 from AccessRule import _swallow
 
@@ -38,7 +39,7 @@
         self.addToContainer(container)
         if nextURL:
             return MessageDialog(title='Item Added',
-              message='This object now has a %s' % self.meta_type,
+              message='This object now has a %s' % escape(self.meta_type),
               action=nextURL)
 
     def manage_beforeDelete(self, item, container):
@@ -60,7 +61,7 @@
         if id != self.id:
             raise MessageDialog(
                 title='Invalid Id',
-                message='Cannot change the id of a %s' % self.meta_type,
+                message='Cannot change the id of a %s' % escape(self.meta_type),
                 action ='./manage_main',)
 
 class SiteRoot(Traverser, Implicit):
@@ -99,7 +100,7 @@
             return MessageDialog(title='SiteRoot changed.',
               message='The title is now "%s"<br>'
                       'The base is now "%s"<br>'
-                      'The path is now "%s"<br>' % (title, base, path),
+                      'The path is now "%s"<br>' % map(escape, (title, base, path)),
               action='%s/manage_main' % REQUEST['URL1'])
 
     def __call__(self, client, request, response=None):