[Zope-Checkins] SVN: Zope/trunk/ - LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``
Jens Vagelpohl
jens at dataflake.org
Wed May 19 08:59:00 EDT 2010
Log message for revision 112537:
- LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``
methods could not deal with ``TaintedString`` instances. Removed the
entirely redundant ``DTMLDocument.manage_edit`` method at the same time.
Changed:
U Zope/trunk/doc/CHANGES.rst
U Zope/trunk/src/OFS/DTMLDocument.py
U Zope/trunk/src/OFS/DTMLMethod.py
U Zope/trunk/src/OFS/tests/test_DTMLMethod.py
-=-
Modified: Zope/trunk/doc/CHANGES.rst
===================================================================
--- Zope/trunk/doc/CHANGES.rst 2010-05-19 12:58:54 UTC (rev 112536)
+++ Zope/trunk/doc/CHANGES.rst 2010-05-19 12:58:59 UTC (rev 112537)
@@ -162,6 +162,10 @@
Bugs Fixed
++++++++++
+- LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``
+ methods could not deal with ``TaintedString`` instances. Removed the
+ entirely redundant ``DTMLDocument.manage_edit`` method at the same time.
+
- LP #142750 and LP #142481: To prevent confusion when choosing an Id and
to avoid issues when creating two VirtualHostMonsters in the same
container the VirtualHostMoster now has a default Id. It can no longer
Modified: Zope/trunk/src/OFS/DTMLDocument.py
===================================================================
--- Zope/trunk/src/OFS/DTMLDocument.py 2010-05-19 12:58:54 UTC (rev 112536)
+++ Zope/trunk/src/OFS/DTMLDocument.py 2010-05-19 12:58:59 UTC (rev 112537)
@@ -51,37 +51,6 @@
or perms
for perms in DTMLMethod.__ac_permissions__])
- def manage_edit(self, data, title,
- SUBMIT='Change',
- dtpref_cols='100%',
- dtpref_rows='20',
- REQUEST=None
- ):
- """ Replace contents with 'data', title with 'title'.
-
- The SUBMIT parameter is also used to change the size of the editing
- area on the default Document edit screen. If the value is "Smaller",
- the rows and columns decrease by 5. If the value is "Bigger", the
- rows and columns increase by 5. If any other or no value is supplied,
- the data gets checked for DTML errors and is saved.
- """
- self._validateProxy(REQUEST)
- if self._size_changes.has_key(SUBMIT):
- return self._er(data, title,
- SUBMIT, dtpref_cols, dtpref_rows, REQUEST)
- if self.wl_isLocked():
- raise ResourceLockedError(
- 'This document has been locked via WebDAV.')
-
- self.title = str(title)
- if type(data) is not type(''):
- data = data.read()
- self.munge(data)
- self.ZCacheable_invalidate()
- if REQUEST:
- message = "Content changed."
- return self.manage_main(self, REQUEST, manage_tabs_message=message)
-
def manage_upload(self, file='', REQUEST=None):
""" Replace the contents of the document with the text in 'file'.
"""
Modified: Zope/trunk/src/OFS/DTMLMethod.py
===================================================================
--- Zope/trunk/src/OFS/DTMLMethod.py 2010-05-19 12:58:54 UTC (rev 112536)
+++ Zope/trunk/src/OFS/DTMLMethod.py 2010-05-19 12:58:59 UTC (rev 112537)
@@ -34,6 +34,7 @@
from OFS.History import html_diff
from OFS.SimpleItem import Item_w__name__
from OFS.ZDOM import ElementWithTitle
+from Shared.TaintedString import TaintedString
from webdav.Lockable import ResourceLockedError
from zExceptions import Forbidden
from zExceptions.TracebackSupplement import PathTracebackSupplement
@@ -287,10 +288,12 @@
return self._er(data, title,
SUBMIT, dtpref_cols, dtpref_rows, REQUEST)
if self.wl_isLocked():
- raise ResourceLockedError('This DTML Method is locked via WebDAV')
+ raise ResourceLockedError('This item is locked via WebDAV')
self.title = str(title)
- if type(data) is not type(''):
+ if isinstance(data, TaintedString):
+ data = data.quoted()
+ if not isinstance(data, basestring):
data = data.read()
self.munge(data)
self.ZCacheable_invalidate()
Modified: Zope/trunk/src/OFS/tests/test_DTMLMethod.py
===================================================================
--- Zope/trunk/src/OFS/tests/test_DTMLMethod.py 2010-05-19 12:58:54 UTC (rev 112536)
+++ Zope/trunk/src/OFS/tests/test_DTMLMethod.py 2010-05-19 12:58:59 UTC (rev 112537)
@@ -14,7 +14,16 @@
from webdav.interfaces import IWriteLock
verifyClass(IWriteLock, self._getTargetClass())
+ def test_edit_taintedstring(self):
+ from Shared.TaintedString import TaintedString
+ doc = self._makeOne()
+ self.assertEquals(doc.read(), '')
+ data = TaintedString('hello<br/>')
+ doc.manage_edit(data, 'title')
+ self.assertEquals(doc.read(), 'hello<br/>')
+
+
class FactoryTests(unittest.TestCase):
def test_defaults_no_standard_html_header(self):
More information about the Zope-Checkins
mailing list