[Zope-Checkins] SVN: Zope/branches/2.12/ - LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``

Jens Vagelpohl jens at dataflake.org
Wed May 19 08:58:55 EDT 2010


Log message for revision 112536:
  - LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``
    methods could not deal with ``TaintedString`` instances. Removed the
    entirely redundant ``DTMLDocument.manage_edit`` method at the same time.
  

Changed:
  U   Zope/branches/2.12/doc/CHANGES.rst
  U   Zope/branches/2.12/src/OFS/DTMLDocument.py
  U   Zope/branches/2.12/src/OFS/DTMLMethod.py
  U   Zope/branches/2.12/src/OFS/tests/test_DTMLMethod.py

-=-
Modified: Zope/branches/2.12/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.12/doc/CHANGES.rst	2010-05-19 12:44:11 UTC (rev 112535)
+++ Zope/branches/2.12/doc/CHANGES.rst	2010-05-19 12:58:54 UTC (rev 112536)
@@ -11,6 +11,10 @@
 Bugs Fixed
 ++++++++++
 
+- LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``
+  methods could not deal with ``TaintedString`` instances. Removed the
+  entirely redundant ``DTMLDocument.manage_edit`` method at the same time.
+
 - LP #142451: If non-recursive ownership changes are made using 
   ``changeOwnership``, do not touch any children.
 

Modified: Zope/branches/2.12/src/OFS/DTMLDocument.py
===================================================================
--- Zope/branches/2.12/src/OFS/DTMLDocument.py	2010-05-19 12:44:11 UTC (rev 112535)
+++ Zope/branches/2.12/src/OFS/DTMLDocument.py	2010-05-19 12:58:54 UTC (rev 112536)
@@ -52,37 +52,6 @@
             or perms
         for perms in DTMLMethod.__ac_permissions__])
 
-    def manage_edit(self, data, title,
-                    SUBMIT='Change',
-                    dtpref_cols='100%',
-                    dtpref_rows='20',
-                    REQUEST=None
-                   ):
-        """ Replace contents with 'data', title with 'title'.
-
-        The SUBMIT parameter is also used to change the size of the editing
-        area on the default Document edit screen.  If the value is "Smaller",
-        the rows and columns decrease by 5.  If the value is "Bigger", the
-        rows and columns increase by 5.  If any other or no value is supplied,
-        the data gets checked for DTML errors and is saved.
-        """
-        self._validateProxy(REQUEST)
-        if self._size_changes.has_key(SUBMIT):
-            return self._er(data, title,
-                            SUBMIT, dtpref_cols, dtpref_rows, REQUEST)
-        if self.wl_isLocked():
-            raise ResourceLockedError(
-                'This document has been locked via WebDAV.')
-
-        self.title = str(title)
-        if type(data) is not type(''):
-            data = data.read()
-        self.munge(data)
-        self.ZCacheable_invalidate()
-        if REQUEST:
-            message = "Content changed."
-            return self.manage_main(self, REQUEST, manage_tabs_message=message)
-
     def manage_upload(self, file='', REQUEST=None):
         """ Replace the contents of the document with the text in 'file'.
         """

Modified: Zope/branches/2.12/src/OFS/DTMLMethod.py
===================================================================
--- Zope/branches/2.12/src/OFS/DTMLMethod.py	2010-05-19 12:44:11 UTC (rev 112535)
+++ Zope/branches/2.12/src/OFS/DTMLMethod.py	2010-05-19 12:58:54 UTC (rev 112536)
@@ -38,6 +38,7 @@
 from zExceptions import Forbidden
 from zExceptions.TracebackSupplement import PathTracebackSupplement
 from ZPublisher.Iterators import IStreamIterator
+from ZPublisher.TaintedString import TaintedString
 from zope.contenttype import guess_content_type
 
 
@@ -287,10 +288,12 @@
             return self._er(data, title,
                             SUBMIT, dtpref_cols, dtpref_rows, REQUEST)
         if self.wl_isLocked():
-            raise ResourceLockedError('This DTML Method is locked via WebDAV')
+            raise ResourceLockedError('This item is locked via WebDAV')
 
         self.title = str(title)
-        if type(data) is not type(''):
+        if isinstance(data, TaintedString):
+            data = data.quoted()
+        if not isinstance(data, basestring):
             data = data.read()
         self.munge(data)
         self.ZCacheable_invalidate()

Modified: Zope/branches/2.12/src/OFS/tests/test_DTMLMethod.py
===================================================================
--- Zope/branches/2.12/src/OFS/tests/test_DTMLMethod.py	2010-05-19 12:44:11 UTC (rev 112535)
+++ Zope/branches/2.12/src/OFS/tests/test_DTMLMethod.py	2010-05-19 12:58:54 UTC (rev 112536)
@@ -14,7 +14,16 @@
         from webdav.interfaces import IWriteLock
         verifyClass(IWriteLock, self._getTargetClass())
 
+    def test_edit_taintedstring(self):
+        from ZPublisher.TaintedString import TaintedString
+        doc = self._makeOne()
+        self.assertEquals(doc.read(), '')
+        data = TaintedString('hello<br/>')
 
+        doc.manage_edit(data, 'title')
+        self.assertEquals(doc.read(), 'hello&lt;br/&gt;')
+
+
 class FactoryTests(unittest.TestCase):
 
     def test_defaults_no_standard_html_header(self):



More information about the Zope-Checkins mailing list