Commit 6d252bc7 authored by Jérome Perrin's avatar Jérome Perrin

ERP5Form/EditorField: don't initialize with user input

parent b394c454
...@@ -42,6 +42,7 @@ from Products.Formulator.StandardFields import FloatField, StringField,\ ...@@ -42,6 +42,7 @@ from Products.Formulator.StandardFields import FloatField, StringField,\
DateTimeField, TextAreaField, CheckBoxField, ListField, LinesField, \ DateTimeField, TextAreaField, CheckBoxField, ListField, LinesField, \
MultiListField, IntegerField MultiListField, IntegerField
from Products.ERP5Form.CaptchaField import CaptchaField from Products.ERP5Form.CaptchaField import CaptchaField
from Products.ERP5Form.EditorField import EditorField
from Products.Formulator.MethodField import Method from Products.Formulator.MethodField import Method
from Products.Formulator.TALESField import TALESMethod from Products.Formulator.TALESField import TALESMethod
...@@ -1260,6 +1261,45 @@ class TestCaptchaField(ERP5TypeTestCase): ...@@ -1260,6 +1261,45 @@ class TestCaptchaField(ERP5TypeTestCase):
}) })
class TestEditorField(ERP5TypeTestCase):
def afterSetUp(self):
self.field = EditorField('test_field').__of__(self.portal)
self.portal.REQUEST['here'] = self.portal
def test_render_editable_textarea(self):
self.field.values['default'] = 'value'
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<textarea rows="5" cols="40" name="field_test_field" >\nvalue</textarea>')
def test_render_editable_textarea_REQUEST(self):
self.field.values['default'] = 'default value'
self.field.values['editable'] = 1
self.portal.REQUEST.form[
self.field.generate_field_key(key=self.field.id)
] = 'user <value>'
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<textarea rows="5" cols="40" name="field_test_field" >\nuser &lt;value&gt;</textarea>')
def test_render_non_editable_textarea(self):
self.field.values['default'] = '<not &scaped'
self.field.values['editable'] = 0
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<div ><not &scaped</div>')
def test_render_non_editable_textarea_REQUEST(self):
self.field.values['default'] = 'trusted value'
self.field.values['editable'] = 0
self.portal.REQUEST.form[
self.field.generate_field_key(key=self.field.id)
] = 'untrusted user value'
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<div >trusted value</div>')
def makeDummyOid(): def makeDummyOid():
import time, random import time, random
return '%s%s' % (time.time(), random.random()) return '%s%s' % (time.time(), random.random())
...@@ -1280,4 +1320,5 @@ def test_suite(): ...@@ -1280,4 +1320,5 @@ def test_suite():
suite.addTest(unittest.makeSuite(TestProxyField)) suite.addTest(unittest.makeSuite(TestProxyField))
suite.addTest(unittest.makeSuite(TestFieldValueCache)) suite.addTest(unittest.makeSuite(TestFieldValueCache))
suite.addTest(unittest.makeSuite(TestCaptchaField)) suite.addTest(unittest.makeSuite(TestCaptchaField))
suite.addTest(unittest.makeSuite(TestEditorField))
return suite return suite
...@@ -155,3 +155,13 @@ class EditorField(ZMIField): ...@@ -155,3 +155,13 @@ class EditorField(ZMIField):
widget = EditorWidgetInstance widget = EditorWidgetInstance
validator = Validator.TextValidatorInstance validator = Validator.TextValidatorInstance
def _get_user_input_value(self, key, REQUEST):
"""
Try to get a value of the field from the REQUEST
"""
# because non-editable editor fields are used to render raw HTML, we don't
# initialize them with user input.
if self.get_value('editable'):
return REQUEST.form[key]
raise KeyError(key)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment