[Zope-Checkins] SVN: Zope/trunk/lib/python/ZTUtils/ Merged r69795:69796 from 2.9 branch.

[Stefan H. Holek]

Log message for revision 69798:
  Merged r69795:69796 from 2.9 branch.
  
  ZTUtils.make_hidden_input did not escape double-quotes.
  Fixes http://www.zope.org/Collectors/Zope/2175
  

Changed:
  U   Zope/trunk/lib/python/ZTUtils/Zope.py
  U   Zope/trunk/lib/python/ZTUtils/tests/testZope.py

-=-
Modified: Zope/trunk/lib/python/ZTUtils/Zope.py
===================================================================
--- Zope/trunk/lib/python/ZTUtils/Zope.py	2006-08-27 14:17:54 UTC (rev 69797)
+++ Zope/trunk/lib/python/ZTUtils/Zope.py	2006-08-27 14:19:31 UTC (rev 69798)
@@ -200,7 +200,7 @@
         d.update(arg)
     d.update(kwargs)
 
-    hq = cgi.escape
+    hq = lambda x:cgi.escape(x, quote=True)
     qlist = complex_marshal(d.items())
     for i in range(len(qlist)):
         k, m, v = qlist[i]

Modified: Zope/trunk/lib/python/ZTUtils/tests/testZope.py
===================================================================
--- Zope/trunk/lib/python/ZTUtils/tests/testZope.py	2006-08-27 14:17:54 UTC (rev 69797)
+++ Zope/trunk/lib/python/ZTUtils/tests/testZope.py	2006-08-27 14:19:31 UTC (rev 69798)
@@ -5,6 +5,7 @@
 import string
 import urllib
 from ZTUtils.Zope import make_query, complex_marshal
+from ZTUtils.Zope import make_hidden_input
 from DateTime import DateTime
 
 class QueryTests(TestCase):
@@ -50,6 +51,18 @@
                            record=record, string=str_)
         assert query == 'date:date=%s&integer:int=1&listing:int:list=1&listing:date:list=%s&listing:list=str&string=str&record.arg1:int:list:record=1&record.arg1:date:list:record=%s&record.arg1:list:record=str&record.arg2:int:record=1'%(quote_date,quote_date,quote_date)
 
+    def testMakeHiddenInput(self):
+        tag = make_hidden_input(foo='bar')
+        self.assertEqual(tag, '<input type="hidden" name="foo" value="bar">')
+        tag = make_hidden_input(foo=1)
+        self.assertEqual(tag, '<input type="hidden" name="foo:int" value="1">')
+        # Escaping
+        tag = make_hidden_input(foo='bar & baz')
+        self.assertEqual(tag, '<input type="hidden" name="foo" value="bar &amp; baz">')
+        tag = make_hidden_input(foo='<bar>')
+        self.assertEqual(tag, '<input type="hidden" name="foo" value="&lt;bar&gt;">')
+        tag = make_hidden_input(foo='"bar"')
+        self.assertEqual(tag, '<input type="hidden" name="foo" value="&quot;bar&quot;">')
 
 def test_suite():
     return makeSuite(QueryTests)