commit missed 813 patches

4f82b0c8 · Brian Lloyd · 3d9f93f6 · 4f82b0c8 · 4f82b0c8 · 4f82b0c8
Commit 4f82b0c8 authored Jan 19, 2004 by Brian Lloyd
8 changed files
--- a/lib/python/App/ApplicationManager.py
+++ b/lib/python/App/ApplicationManager.py
@@ -12,7 +12,7 @@
 ##############################################################################
 __doc__="""System management components"""

-__version__='$Revision: 1.91 $'[11:-2]
+__version__='$Revision: 1.92 $'[11:-2]

 import sys,os,time,Globals, Acquisition, os, Undo
 from Globals import DTMLFile
@@ -401,7 +401,7 @@ class ApplicationManager(Folder,CacheManager):
            <head><meta HTTP-EQUIV=REFRESH CONTENT="5; URL=%s/manage_main">
            </head>
            <body>Zope is restarting</body></html>
-            """ % escape(URL1)
+            """ % escape(URL1, 1)

    def manage_shutdown(self):
        """Shut down the application"""

--- a/lib/python/OFS/CopySupport.py
+++ b/lib/python/OFS/CopySupport.py
@@ -11,7 +11,7 @@
 #
 ##############################################################################
 __doc__="""Copy interface"""
-__version__='$Revision: 1.90 $'[11:-2]
+__version__='$Revision: 1.91 $'[11:-2]

 import sys,  Globals, Moniker, tempfile, ExtensionClass
 from marshal import loads, dumps
@@ -328,7 +328,7 @@ class CopyContainer(ExtensionClass.Base):
            raise CopyError, MessageDialog(
                  title   = 'Not Supported',
                  message = ('The object <EM>%s</EM> does not support this' \
-                             ' operation' % absattr(object.id)),
+                             ' operation' % escape(absattr(object.id))),
                  action  = 'manage_main')

        if not hasattr(self, 'all_meta_types'):
@@ -389,7 +389,7 @@ class CopyContainer(ExtensionClass.Base):
            raise CopyError, MessageDialog(
                  title   = 'Not Supported',
                  message = ('The object <EM>%s</EM> does not support this '
-                             'operation.' % absattr(object.id)),
+                             'operation.' % escape(absattr(object.id))),
                  action  = 'manage_main')

 Globals.default__class_init__(CopyContainer)

--- a/lib/python/OFS/dtml/findAdv.dtml
+++ b/lib/python/OFS/dtml/findAdv.dtml
@@ -65,8 +65,8 @@
  <TD ALIGN="LEFT" VALIGN="TOP">
  <div class="form-element">
  <SELECT NAME="obj_mspec">
-  <OPTION VALUE="<"> before
-  <OPTION VALUE=">"> after
+  <OPTION VALUE="&lt;"> before
+  <OPTION VALUE="&gt;"> after
  </SELECT> 
  </div>
  <INPUT TYPE="TEXT" NAME="obj_mtime" SIZE="22">

--- a/lib/python/OFS/dtml/findForm.dtml
+++ b/lib/python/OFS/dtml/findForm.dtml
@@ -65,8 +65,8 @@ find option.
  <TD ALIGN="LEFT" VALIGN="TOP">
  <div class="form-element">
  <SELECT NAME="obj_mspec">
-  <OPTION VALUE="<"> before
-  <OPTION VALUE=">"> after
+  <OPTION VALUE="&lt;"> before
+  <OPTION VALUE="&gt;"> after
  </SELECT> 
  </div>
  <INPUT TYPE="TEXT" NAME="obj_mtime" SIZE="22">

--- a/lib/python/OFS/dtml/findResult.dtml
+++ b/lib/python/OFS/dtml/findResult.dtml
@@ -55,7 +55,7 @@ your search terms below.
 </dtml-if>

 <TABLE width="100%" CELLSPACING="0" CELLPADDING="2" border="0">
-<dtml-if expr="_.len(results) != 1">
+<dtml-if expr="_.len(results) > batch_size">
 <tr class="list-header">
 <td width="50%">
 <div class="list-item">
@@ -171,11 +171,11 @@ your search terms below.
  <div class="form-element">
  <SELECT NAME="obj_mspec">

-  <OPTION VALUE="<" <dtml-if "REQUEST.obj_mspec == '<'">SELECTED</dtml-if>> before
-  <OPTION VALUE=">" <dtml-if "REQUEST.obj_mspec == '>'">SELECTED</dtml-if>> after
+  <OPTION VALUE="&lt;" <dtml-if "REQUEST.obj_mspec == '<'">SELECTED</dtml-if>> before
+  <OPTION VALUE="&gt;" <dtml-if "REQUEST.obj_mspec == '>'">SELECTED</dtml-if>> after
  </SELECT> 
  </div>
-  <INPUT TYPE="TEXT" NAME="obj_mtime" SIZE="22" VALUE="<dtml-var obj_mtime>">
+  <INPUT TYPE="TEXT" NAME="obj_mtime" SIZE="22" VALUE="&dtml-obj_mtime;">
  </TD>
 </TR>

@@ -193,9 +193,9 @@ your search terms below.
  <SELECT NAME="obj_roles:list" SIZE="3" MULTIPLE>
 <dtml-in valid_roles>
 <dtml-if obj_roles>
-  <OPTION VALUE="<dtml-var sequence-item html_quote>"<dtml-if "_['sequence-item'] in obj_roles">SELECTED</dtml-if>><dtml-var sequence-item>
+  <OPTION VALUE="&dtml-sequence-item;"<dtml-if "_['sequence-item'] in obj_roles">SELECTED</dtml-if>>&dtml-sequence-item;
 <dtml-else>
- <OPTION VALUE="<dtml-var sequence-item html_quote>"><dtml-var sequence-item>
+ <OPTION VALUE="&dtml-sequence-item;">&dtml-sequence-item;
 </dtml-if>
 
 </dtml-in>
@@ -215,7 +215,7 @@ your search terms below.
  <div class="form-element">
  <SELECT NAME="obj_permission">
 <dtml-in permission_settings mapping>
-  <OPTION VALUE="<dtml-var name html_quote>"<dtml-in obj_metatypes><dtml-if "_['sequence-item'] == _['name']">SELECTED</dtml-if></dtml-in>> <dtml-var name>
+  <OPTION VALUE="&dtml-name;"<dtml-in obj_metatypes><dtml-if "_['sequence-item'] == _['name']">SELECTED</dtml-if></dtml-in>> &dtml-name;
 </dtml-in>
  </SELECT>
  </div>
@@ -232,8 +232,8 @@ your search terms below.
  <TD ALIGN="LEFT" VALIGN="TOP">
  <div class="form-element">
  <SELECT NAME="skey">
-  <OPTION VALUE="id">Type
-  <OPTION VALUE="meta_type">Id
+  <OPTION VALUE="id">Id
+  <OPTION VALUE="meta_type">Type
  <OPTION VALUE="bobobase_modification_time">Last Modified
  </SELECT> 
  <span class="form-label">

--- a/lib/python/OFS/dtml/main.dtml
+++ b/lib/python/OFS/dtml/main.dtml
@@ -47,7 +47,7 @@ function toggleSelect() {
  <dtml-else>
    <dtml-in filtered_meta_types mapping sort=name>
    <input type="hidden" name=":method" value="&dtml.url_quote-action;" />
-    <input class="form-element" type="submit" name="submit" value=" Add &dtml-name;" />
+    <input class="form-element" type="submit" name="submit" value="Add &dtml-name;" />
    </dtml-in>
  </dtml-if>
  </form>
@@ -74,7 +74,7 @@ function toggleSelect() {
 <tr class="list-header">
  <td width="5%" align="right" colspan="2"><div 
   class="list-item"><a href="./manage_main?skey=meta_type<dtml-if 
-   "skey == 'meta_type' and not rkey">&rkey=meta_type</dtml-if>"
+   "skey == 'meta_type' and not rkey">&amp;rkey=meta_type</dtml-if>"
   onMouseOver="window.status='Sort objects by type'; return true"
   onMouseOut="window.status=''; return true"><dtml-if 
   "skey == 'meta_type' or rkey == 'meta_type'"
@@ -82,7 +82,7 @@ function toggleSelect() {
  </td>
  <td width="50%" align="left"><div class="list-item"><a 
   href="./manage_main?skey=id<dtml-if 
-   "skey == 'id' and not rkey">&rkey=id</dtml-if>"
+   "skey == 'id' and not rkey">&amp;rkey=id</dtml-if>"
   onMouseOver="window.status='Sort objects by name'; return true"
   onMouseOut="window.status=''; return true"><dtml-if 
   "skey == 'id' or rkey == 'id'"
@@ -90,7 +90,7 @@ function toggleSelect() {
  </td>
  <td width="15%" align="left"><div class="list-item"><a 
   href="./manage_main?skey=get_size<dtml-if 
-   "skey == 'get_size' and not rkey">&rkey=get_size</dtml-if>"
+   "skey == 'get_size' and not rkey">&amp;rkey=get_size</dtml-if>"
   onMouseOver="window.status='Sort objects by size'; return true"
   onMouseOut="window.status=''; return true"><dtml-if 
   "skey == 'get_size' or rkey == 'get_size'"
@@ -99,7 +99,7 @@ function toggleSelect() {
  <td width="19%" align="left"><div class="list-item"><a 
   href="./manage_main?skey=bobobase_modification_time<dtml-if 
   "skey == 'bobobase_modification_time' and not rkey"
-   >&rkey=bobobase_modification_time</dtml-if>"
+   >&amp;rkey=bobobase_modification_time</dtml-if>"
   onMouseOver="window.status='Sort objects by modification time'; return true"
   onMouseOut="window.status=''; return true"><dtml-if 
   "skey == 'bobobase_modification_time' or rkey == 'bobobase_modification_time'"
@@ -269,10 +269,10 @@ if (document.forms[0]) {
  by
  <select name="delta:int">
  <dtml-in "_.range(1,_.min(5,_.len(objectIds())))">
-  <option><dtml-var sequence-item></option>
+  <option>&dtml-sequence-item;</option>
  </dtml-in>
  <dtml-in "_.range(5,_.len(objectIds()),5)">
-  <option><dtml-var sequence-item></option>
+  <option>&dtml-sequence-item;</option>
  </dtml-in>
  </select>
  <input class="form-element" type="submit"
@@ -281,8 +281,8 @@ if (document.forms[0]) {
         name="manage_move_objects_to_bottom:method" value="Bottom" />
  </dtml-if>
  <dtml-unless expr="(skey, rkey and 1 or 0) == getDefaultSorting()">
-  <input type="hidden" name="key" value="<dtml-var skey>">
-  <input type="hidden" name="reverse" value="<dtml-var rkey>">
+  <input type="hidden" name="key" value="&dtml-skey;">
+  <input type="hidden" name="reverse" value="&dtml-rkey;">
  <input class="form-element" type="submit"
         name="manage_set_default_sorting:method"
         value="Set View as Default" />

--- a/lib/python/Products/OFSP/Version.py
+++ b/lib/python/Products/OFSP/Version.py
@@ -12,7 +12,7 @@
 ##############################################################################
 """Version object"""

-__version__='$Revision: 1.54 $'[11:-2]
+__version__='$Revision: 1.55 $'[11:-2]

 import Globals, time
 from AccessControl.Role import RoleManager
@@ -127,7 +127,7 @@ class Version(Persistent,Implicit,RoleManager,Item):
                action=REQUEST['URL1']+'/manage_main',
                message=('If cookies are enabled by your browser, then '
                         'you should have left version %s.'
-                         % self.id)
+                         % escape(self.id))
                )
        return RESPONSE.redirect(REQUEST['URL1']+'/manage_main')


--- a/lib/python/ZPublisher/HTTPResponse.py
+++ b/lib/python/ZPublisher/HTTPResponse.py
@@ -12,8 +12,8 @@
 ##############################################################################
 '''CGI Response Output formatter

-$Id: HTTPResponse.py,v 1.79 2004/01/15 23:02:08 tseaver Exp $'''
-__version__ = '$Revision: 1.79 $'[11:-2]
+$Id: HTTPResponse.py,v 1.80 2004/01/19 19:56:53 Brian Exp $'''
+__version__ = '$Revision: 1.80 $'[11:-2]

 import types, os, sys, re
 import zlib, struct
@@ -22,6 +22,7 @@ from BaseResponse import BaseResponse
 from zExceptions import Unauthorized, Redirect
 from zExceptions.ExceptionFormatter import format_exception
 from ZPublisher import BadRequest, InternalError, NotFound
+from cgi import escape

 nl2sp = maketrans('\n',' ')

@@ -461,7 +462,7 @@ class HTTPResponse(BaseResponse):
                    ibase = base_re_search(body)
                    if ibase is None:
                        self.body = ('%s\n<base href="%s" />\n%s' %
-                                   (body[:index], self.quoteHTML(self.base),
+                                   (body[:index], escape(self.base, 1),
                                    body[index:]))
                        self.setHeader('content-length', len(self.body))

@@ -553,15 +554,9 @@ class HTTPResponse(BaseResponse):
            return 1
        return 0

-    def quoteHTML(self,text,
-                  subs={'&':'&amp;', "<":'&lt;', ">":'&gt;', '\"':'&quot;'}
-                  ):
-        for ent in '&<>\"':
-            if text.find( ent) >= 0:
-                text = subs[ent].join(text.split(ent))
-
-        return text
-
+    # deprecated
+    def quoteHTML(self, text):
+        return escape(text, 1)

    def _traceback(self, t, v, tb, as_html=1):
        tb = format_exception(t, v, tb, as_html=as_html)
@@ -634,7 +629,7 @@ class HTTPResponse(BaseResponse):
            "Resource not found",
            "Sorry, the requested resource does not exist." +
            "<p>Check the URL and try again.</p>" +
-            "<p><b>Resource:</b> %s</p>" % self.quoteHTML(entry))
+            "<p><b>Resource:</b> %s</p>" % escape(entry))

    forbiddenError = notFoundError  # If a resource is forbidden,
                                    # why reveal that it exists?