Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
1
Issues
1
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Roque
erp5
Commits
b3039664
Commit
b3039664
authored
Sep 15, 2022
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
cgi.escape is deprecated in Python 3.2 and removed in Python 3.8.
parent
ce63a24d
Changes
13
Show whitespace changes
Inline
Side-by-side
Showing
13 changed files
with
62 additions
and
70 deletions
+62
-70
bt5/erp5_corporate_identity/SkinTemplateItem/portal_skins/erp5_corporate_identity_web/WebPage_substituteDocumentationList.py
...orate_identity_web/WebPage_substituteDocumentationList.py
+4
-7
bt5/erp5_forge/SkinTemplateItem/portal_skins/erp5_toolbox/Base_checkSkinFolderForms.py
...em/portal_skins/erp5_toolbox/Base_checkSkinFolderForms.py
+2
-2
bt5/erp5_web_js_style/SkinTemplateItem/portal_skins/erp5_web_js_style_ui/WebSection_generateNavigationHTML.py
...erp5_web_js_style_ui/WebSection_generateNavigationHTML.py
+7
-11
product/ERP5/Extensions/Grep.py
product/ERP5/Extensions/Grep.py
+3
-3
product/ERP5/bin/genbt5list
product/ERP5/bin/genbt5list
+2
-2
product/ERP5/bootstrap/erp5_core/ToolComponentTemplateItem/portal_components/tool.erp5.IntrospectionTool.py
...lateItem/portal_components/tool.erp5.IntrospectionTool.py
+3
-3
product/ERP5Form/ListBox.py
product/ERP5Form/ListBox.py
+3
-3
product/ERP5Form/MultiRelationField.py
product/ERP5Form/MultiRelationField.py
+19
-19
product/ERP5Type/CopySupport.py
product/ERP5Type/CopySupport.py
+0
-1
product/ERP5Type/patches/make_hidden_input.py
product/ERP5Type/patches/make_hidden_input.py
+2
-2
product/Formulator/Widget.py
product/Formulator/Widget.py
+11
-11
product/HBTreeFolder2/HBTreeFolder2.py
product/HBTreeFolder2/HBTreeFolder2.py
+3
-3
product/PortalTransforms/transforms/safe_html.py
product/PortalTransforms/transforms/safe_html.py
+3
-3
No files found.
bt5/erp5_corporate_identity/SkinTemplateItem/portal_skins/erp5_corporate_identity_web/WebPage_substituteDocumentationList.py
View file @
b3039664
import
cgi
from
Products.PythonScripts.standard
import
html_quote
def
escapeInnerHTML
(
string_to_escape
):
def
escape
(
string_to_escape
):
return
cgi
.
escape
(
"%s"
%
string_to_escape
,
quote
=
False
)
return
html_quote
(
"%s"
%
string_to_escape
)
def
escapeAttributeProperty
(
string_to_escape
):
return
cgi
.
escape
(
"%s"
%
string_to_escape
,
quote
=
True
)
web_site_value
=
context
.
getWebSiteValue
()
web_site_value
=
context
.
getWebSiteValue
()
...
@@ -15,7 +12,7 @@ if (web_site_value is not None):
...
@@ -15,7 +12,7 @@ if (web_site_value is not None):
for
category_relative_url
in
category_relative_url_list
:
for
category_relative_url
in
category_relative_url_list
:
base_category
,
_
=
category_relative_url
.
split
(
'/'
,
1
)
base_category
,
_
=
category_relative_url
.
split
(
'/'
,
1
)
result
[
category_relative_url
.
replace
(
'/'
,
'__'
)]
=
'<ul>%s</ul>'
%
''
.
join
([
'<li><a href="%s">%s</a></li>'
%
(
escape
AttributeProperty
(
x
.
getReference
()),
escapeInnerHTML
(
x
.
getTitle
()))
for
x
in
web_site_value
.
getDocumentValueList
(
result
[
category_relative_url
.
replace
(
'/'
,
'__'
)]
=
'<ul>%s</ul>'
%
''
.
join
([
'<li><a href="%s">%s</a></li>'
%
(
escape
(
x
.
getReference
()),
escape
(
x
.
getTitle
()))
for
x
in
web_site_value
.
getDocumentValueList
(
sort_on
=
[[
'title'
,
'ASC'
]],
sort_on
=
[[
'title'
,
'ASC'
]],
**
{
'%s__relative_url'
%
base_category
:
category_relative_url
}
**
{
'%s__relative_url'
%
base_category
:
category_relative_url
}
)])
)])
...
...
bt5/erp5_forge/SkinTemplateItem/portal_skins/erp5_toolbox/Base_checkSkinFolderForms.py
View file @
b3039664
from
cgi
import
escap
e
from
Products.PythonScripts.standard
import
html_quot
e
portal
=
context
.
getPortalObject
()
portal
=
context
.
getPortalObject
()
skin_folder
=
portal
.
portal_skins
[
original_skin_name
]
skin_folder
=
portal
.
portal_skins
[
original_skin_name
]
new_skin_folder
=
portal
.
portal_skins
[
new_skin_name
]
new_skin_folder
=
portal
.
portal_skins
[
new_skin_name
]
...
@@ -38,7 +38,7 @@ for original_form in skin_folder.objectValues():
...
@@ -38,7 +38,7 @@ for original_form in skin_folder.objectValues():
original_field
.
absolute_url
(),
new_field
.
absolute_url
()))
original_field
.
absolute_url
(),
new_field
.
absolute_url
()))
output_list
+=
(
"<tr><td>%s</td></tr>"
%
"</td><td>"
.
join
(
output_list
+=
(
"<tr><td>%s</td></tr>"
%
"</td><td>"
.
join
(
map
(
escap
e
,
(
'[%s]'
%
key
if
T
else
key
,
str
(
old
),
str
(
new
[
key
]))))
map
(
html_quot
e
,
(
'[%s]'
%
key
if
T
else
key
,
str
(
old
),
str
(
new
[
key
]))))
for
T
,
old
,
new
in
((
0
,
original_value_dict
,
new_value_dict
),
for
T
,
old
,
new
in
((
0
,
original_value_dict
,
new_value_dict
),
(
1
,
original_value_tales
,
new_value_tales
))
(
1
,
original_value_tales
,
new_value_tales
))
for
key
,
old
in
old
.
iteritems
()
for
key
,
old
in
old
.
iteritems
()
...
...
bt5/erp5_web_js_style/SkinTemplateItem/portal_skins/erp5_web_js_style_ui/WebSection_generateNavigationHTML.py
View file @
b3039664
import
cgi
from
Products.PythonScripts.standard
import
html_quote
import
re
import
re
web_section
=
context
web_section
=
context
web_site
=
web_section
.
getWebSiteValue
()
web_site
=
web_section
.
getWebSiteValue
()
def
_
(
string_to_escape
):
def
_
(
string_to_escape
):
return
cgi
.
escape
(
"%s"
%
string_to_escape
,
quote
=
False
)
return
html_quote
(
"%s"
%
string_to_escape
)
def
__
(
string_to_escape
):
return
cgi
.
escape
(
"%s"
%
string_to_escape
,
quote
=
True
)
def
generateSectionListHTML
(
result_list
,
section_list
):
def
generateSectionListHTML
(
result_list
,
section_list
):
...
@@ -18,7 +14,7 @@ def generateSectionListHTML(result_list, section_list):
...
@@ -18,7 +14,7 @@ def generateSectionListHTML(result_list, section_list):
for
section
in
section_list
:
for
section
in
section_list
:
# Add missing / suffix to get correct relative url generation
# Add missing / suffix to get correct relative url generation
# XXX Fix WebSection_getSiteMapTree instead, but no idea what would be the site effects
# XXX Fix WebSection_getSiteMapTree instead, but no idea what would be the site effects
result_list
.
append
(
'<li><a href="%s">%s</a>'
%
(
_
_
(
section
[
'url'
]
+
'/'
),
_
(
section
[
'translated_title'
])))
result_list
.
append
(
'<li><a href="%s">%s</a>'
%
(
_
(
section
[
'url'
]
+
'/'
),
_
(
section
[
'translated_title'
])))
generateSectionListHTML
(
result_list
,
section
[
'subsection'
])
generateSectionListHTML
(
result_list
,
section
[
'subsection'
])
result_list
.
append
(
'</li>'
)
result_list
.
append
(
'</li>'
)
result_list
.
append
(
'</ul>'
)
result_list
.
append
(
'</ul>'
)
...
@@ -41,8 +37,8 @@ def generateDocumentListHTML(result_list, document_list):
...
@@ -41,8 +37,8 @@ def generateDocumentListHTML(result_list, document_list):
_
(
section
[
'translated_title'
]),
_
(
section
[
'translated_title'
]),
(
'<p class="p-summary">%s</p>'
%
_
(
section
[
'description'
]))
if
section
.
get
(
'description'
)
else
''
,
(
'<p class="p-summary">%s</p>'
%
_
(
section
[
'description'
]))
if
section
.
get
(
'description'
)
else
''
,
(
'<p class="p-author h-card">%s</p>'
%
_
(
section
[
'document'
].
Document_getContributorTitleList
()[
0
])),
(
'<p class="p-author h-card">%s</p>'
%
_
(
section
[
'document'
].
Document_getContributorTitleList
()[
0
])),
_
_
(
section
[
'url'
]),
_
(
section
[
'url'
]),
_
_
(
publication_date
.
HTML4
()),
_
(
publication_date
.
HTML4
()),
_
(
publication_date
.
rfc822
())
_
(
publication_date
.
rfc822
())
))
))
result_list
.
append
(
'</ul></aside>'
)
result_list
.
append
(
'</ul></aside>'
)
...
@@ -65,12 +61,12 @@ for language in available_language_set:
...
@@ -65,12 +61,12 @@ for language in available_language_set:
website_url_set
[
language
]
=
re
.
sub
(
website_url_pattern
,
r'%s/%s/\1'
%
(
root_website_url
,
language
),
web_site
.
absolute_url
())
website_url_set
[
language
]
=
re
.
sub
(
website_url_pattern
,
r'%s/%s/\1'
%
(
root_website_url
,
language
),
web_site
.
absolute_url
())
for
language
,
url
in
website_url_set
.
items
():
for
language
,
url
in
website_url_set
.
items
():
result_list
+=
'<li><a href="%s" hreflang="%s"><abbr lang="%s">%s</abbr></a></li>'
%
(
_
_
(
url
),
__
(
language
),
_
_
(
language
),
_
(
language
))
result_list
+=
'<li><a href="%s" hreflang="%s"><abbr lang="%s">%s</abbr></a></li>'
%
(
_
(
url
),
_
(
language
),
_
(
language
),
_
(
language
))
result_list
.
append
(
'</ul></nav>'
)
result_list
.
append
(
'</ul></nav>'
)
# Sitemap
# Sitemap
result_list
.
append
(
'<nav id="sitemap">'
)
result_list
.
append
(
'<nav id="sitemap">'
)
result_list
.
append
(
'<a href="%s">%s</a>'
%
(
_
_
(
web_site
.
absolute_url
()),
_
(
web_site
.
getTranslatedTitle
())))
result_list
.
append
(
'<a href="%s">%s</a>'
%
(
_
(
web_site
.
absolute_url
()),
_
(
web_site
.
getTranslatedTitle
())))
generateSectionListHTML
(
result_list
,
web_site
.
WebSection_getSiteMapTree
(
include_document
=
False
,
depth
=
99
))
generateSectionListHTML
(
result_list
,
web_site
.
WebSection_getSiteMapTree
(
include_document
=
False
,
depth
=
99
))
result_list
.
append
(
'</nav>'
)
result_list
.
append
(
'</nav>'
)
...
...
product/ERP5/Extensions/Grep.py
View file @
b3039664
import
re
import
re
import
cgi
from
Products.PythonScripts.standard
import
html_quote
from
Acquisition
import
aq_base
from
Acquisition
import
aq_base
from
AccessControl
import
Unauthorized
from
AccessControl
import
Unauthorized
from
Products.CMFCore.utils
import
_checkPermission
from
Products.CMFCore.utils
import
_checkPermission
...
@@ -73,8 +73,8 @@ def grep(self, pattern, A=0, B=0, r=1, i=0, highlight=1, first_occurence=0):
...
@@ -73,8 +73,8 @@ def grep(self, pattern, A=0, B=0, r=1, i=0, highlight=1, first_occurence=0):
html_element_list
=
[
doctype
,
html
,
head
,
'<body>'
'<p>'
]
html_element_list
=
[
doctype
,
html
,
head
,
'<body>'
'<p>'
]
result_list
=
[]
result_list
=
[]
for
url
,
path
,
line
in
result
:
for
url
,
path
,
line
in
result
:
path
=
cgi
.
escap
e
(
path
)
path
=
html_quot
e
(
path
)
line
=
cgi
.
escap
e
(
line
)
line
=
html_quot
e
(
line
)
if
highlight
:
if
highlight
:
line
=
rx
.
sub
(
'<span class="highlight">
\
g<
0
></span>'
,
line
)
line
=
rx
.
sub
(
'<span class="highlight">
\
g<
0
></span>'
,
line
)
if
ExternalEditor
is
None
:
if
ExternalEditor
is
None
:
...
...
product/ERP5/bin/genbt5list
View file @
b3039664
...
@@ -220,8 +220,8 @@ def generateInformation(dir, info=id, err=None):
...
@@ -220,8 +220,8 @@ def generateInformation(dir, info=id, err=None):
if
str
is
not
bytes
:
if
str
is
not
bytes
:
k
=
k
.
encode
()
k
=
k
.
encode
()
for
v
in
(
v
,)
if
type
(
v
)
is
bytes
else
v
:
for
v
in
(
v
,)
if
type
(
v
)
is
bytes
else
v
:
xml
.
write
(
b' <%s>%s</%s>
\
n
'
%
(
k
,
escape
(
v
)
if
str
is
bytes
else
xml
.
write
(
b' <%s>%s</%s>
\
n
'
%
(
k
,
escape
(
v
,
quote
=
False
)
if
str
is
bytes
else
escape
(
v
.
decode
()).
encode
(),
k
))
escape
(
v
.
decode
()
,
quote
=
False
).
encode
(),
k
))
xml
.
write
(
b' </template>
\
n
'
)
xml
.
write
(
b' </template>
\
n
'
)
info
(
'done
\
n
'
)
info
(
'done
\
n
'
)
xml
.
write
(
b'</repository>
\
n
'
)
xml
.
write
(
b'</repository>
\
n
'
)
...
...
product/ERP5/bootstrap/erp5_core/ToolComponentTemplateItem/portal_components/tool.erp5.IntrospectionTool.py
View file @
b3039664
...
@@ -40,7 +40,7 @@ from AccessControl.SecurityManagement import setSecurityManager
...
@@ -40,7 +40,7 @@ from AccessControl.SecurityManagement import setSecurityManager
from
Products.ERP5Type.Utils
import
_setSuperSecurityManager
from
Products.ERP5Type.Utils
import
_setSuperSecurityManager
from
App.config
import
getConfiguration
from
App.config
import
getConfiguration
from
Products.ERP5Type.Cache
import
CachingMethod
from
Products.ERP5Type.Cache
import
CachingMethod
from
cgi
import
escap
e
from
Products.PythonScripts.standard
import
html_quot
e
import
logging
import
logging
...
@@ -257,14 +257,14 @@ class IntrospectionTool(LogMixin, BaseTool):
...
@@ -257,14 +257,14 @@ class IntrospectionTool(LogMixin, BaseTool):
"""
"""
Tail the Event Log.
Tail the Event Log.
"""
"""
return
escap
e
(
self
.
_tailFile
(
self
.
__getEventLogPath
(),
500
))
return
html_quot
e
(
self
.
_tailFile
(
self
.
__getEventLogPath
(),
500
))
security
.
declareProtected
(
Permissions
.
ManagePortal
,
'tailAccessLog'
)
security
.
declareProtected
(
Permissions
.
ManagePortal
,
'tailAccessLog'
)
def
tailAccessLog
(
self
):
def
tailAccessLog
(
self
):
"""
"""
Tail the Event Log.
Tail the Event Log.
"""
"""
return
escap
e
(
self
.
_tailFile
(
self
.
__getAccessLogPath
(),
50
))
return
html_quot
e
(
self
.
_tailFile
(
self
.
__getAccessLogPath
(),
50
))
security
.
declareProtected
(
Permissions
.
ManagePortal
,
'getAccessLog'
)
security
.
declareProtected
(
Permissions
.
ManagePortal
,
'getAccessLog'
)
def
getAccessLog
(
self
,
compressed
=
1
,
REQUEST
=
None
):
def
getAccessLog
(
self
,
compressed
=
1
,
REQUEST
=
None
):
...
...
product/ERP5Form/ListBox.py
View file @
b3039664
...
@@ -53,9 +53,9 @@ from ZTUtils import make_query
...
@@ -53,9 +53,9 @@ from ZTUtils import make_query
from
Products.ERP5Type.Globals
import
InitializeClass
,
get_request
from
Products.ERP5Type.Globals
import
InitializeClass
,
get_request
from
Products.PythonScripts.Utility
import
allow_class
from
Products.PythonScripts.Utility
import
allow_class
from
Products.PythonScripts.standard
import
html_quote
from
Products.PageTemplates.PageTemplateFile
import
PageTemplateFile
from
Products.PageTemplates.PageTemplateFile
import
PageTemplateFile
from
warnings
import
warn
from
warnings
import
warn
import
cgi
import
six
import
six
DEFAULT_LISTBOX_DISPLAY_STYLE
=
'table'
DEFAULT_LISTBOX_DISPLAY_STYLE
=
'table'
...
@@ -2475,7 +2475,7 @@ class ListBoxHTMLRendererLine(ListBoxRendererLine):
...
@@ -2475,7 +2475,7 @@ class ListBoxHTMLRendererLine(ListBoxRendererLine):
# If error on current field, we should display message
# If error on current field, we should display message
if
key
in
error_dict
:
if
key
in
error_dict
:
error_text
=
error_dict
[
key
].
error_text
error_text
=
error_dict
[
key
].
error_text
error_text
=
cgi
.
escap
e
(
error_text
)
error_text
=
html_quot
e
(
error_text
)
if
isinstance
(
error_text
,
str
):
if
isinstance
(
error_text
,
str
):
error_mapping
=
getattr
(
error_dict
[
key
],
'error_mapping'
,
None
)
error_mapping
=
getattr
(
error_dict
[
key
],
'error_mapping'
,
None
)
if
error_mapping
is
not
None
:
if
error_mapping
is
not
None
:
...
@@ -2521,7 +2521,7 @@ class ListBoxHTMLRendererLine(ListBoxRendererLine):
...
@@ -2521,7 +2521,7 @@ class ListBoxHTMLRendererLine(ListBoxRendererLine):
html
+=
u' <span class="error">%s</span>'
%
error_message
html
+=
u' <span class="error">%s</span>'
%
error_message
else
:
else
:
# If not editable, show a static text with a link, if enabled.
# If not editable, show a static text with a link, if enabled.
html
=
cgi
.
escap
e
(
processed_value
)
html
=
html_quot
e
(
processed_value
)
if
url
is
not
None
:
if
url
is
not
None
:
# JPS-XXX - I think we should not display a URL for objects
# JPS-XXX - I think we should not display a URL for objects
# which do not have the View permission
# which do not have the View permission
...
...
product/ERP5Form/MultiRelationField.py
View file @
b3039664
...
@@ -37,7 +37,7 @@ from Products.ERP5Type.Message import translateString
...
@@ -37,7 +37,7 @@ from Products.ERP5Type.Message import translateString
from
AccessControl
import
ClassSecurityInfo
from
AccessControl
import
ClassSecurityInfo
from
Products.Formulator.DummyField
import
fields
from
Products.Formulator.DummyField
import
fields
from
Products.ERP5Type.Globals
import
get_request
from
Products.ERP5Type.Globals
import
get_request
from
cgi
import
escap
e
from
Products.PythonScripts.standard
import
html_quot
e
import
json
import
json
# Max. number of catalog result
# Max. number of catalog result
...
@@ -311,8 +311,8 @@ class MultiRelationStringFieldWidget(Widget.LinesTextAreaWidget,
...
@@ -311,8 +311,8 @@ class MultiRelationStringFieldWidget(Widget.LinesTextAreaWidget,
value
=
value
,
value
=
value
,
html_string
=
'<br />'
.
join
(
html_string
=
'<br />'
.
join
(
'<a class="relationfieldlink" href="%s">%s</a>'
%
(
'<a class="relationfieldlink" href="%s">%s</a>'
%
(
escap
e
(
jump_reference
.
absolute_url
()),
html_quot
e
(
jump_reference
.
absolute_url
()),
escap
e
(
display_value
),
html_quot
e
(
display_value
),
)
)
for
jump_reference
,
display_value
in
zip
(
for
jump_reference
,
display_value
in
zip
(
getattr
(
getattr
(
...
@@ -345,7 +345,7 @@ class MultiRelationStringFieldWidget(Widget.LinesTextAreaWidget,
...
@@ -345,7 +345,7 @@ class MultiRelationStringFieldWidget(Widget.LinesTextAreaWidget,
css_class
=
field
.
get_value
(
'css_class'
)
css_class
=
field
.
get_value
(
'css_class'
)
if
css_class
not
in
(
''
,
None
):
if
css_class
not
in
(
''
,
None
):
html_string
=
'<span class="%s">%s</span>'
%
(
html_string
=
'<span class="%s">%s</span>'
%
(
escap
e
(
css_class
),
html_quot
e
(
css_class
),
html_string
,
html_string
,
)
)
return
html_string
return
html_string
...
@@ -363,9 +363,9 @@ $(document).ready(function() {
...
@@ -363,9 +363,9 @@ $(document).ready(function() {
search_catalog_key: "%s"});
search_catalog_key: "%s"});
});
});
</script>"""
%
(
</script>"""
%
(
escap
e
(
key
),
html_quot
e
(
key
),
escap
e
(
json
.
dumps
([
x
[
0
]
for
x
in
field
.
get_value
(
'portal_type'
)])),
html_quot
e
(
json
.
dumps
([
x
[
0
]
for
x
in
field
.
get_value
(
'portal_type'
)])),
escap
e
(
field
.
get_value
(
'catalog_index'
)),
html_quot
e
(
field
.
get_value
(
'catalog_index'
)),
)
)
def
render_wheel
(
self
,
field
,
value
,
REQUEST
,
relation_index
=
0
,
def
render_wheel
(
self
,
field
,
value
,
REQUEST
,
relation_index
=
0
,
...
@@ -383,10 +383,10 @@ $(document).ready(function() {
...
@@ -383,10 +383,10 @@ $(document).ready(function() {
'src="%s/images/exec16.png" alt="update..." '
\
'src="%s/images/exec16.png" alt="update..." '
\
'name="%s/viewSearchRelatedDocumentDialog%s%s'
\
'name="%s/viewSearchRelatedDocumentDialog%s%s'
\
':method"/>'
%
(
':method"/>'
%
(
escap
e
(
portal_url
()),
html_quot
e
(
portal_url
()),
escap
e
(
portal_url
.
getRelativeContentURL
(
here
.
portal_selections
)),
html_quot
e
(
portal_url
.
getRelativeContentURL
(
here
.
portal_selections
)),
escap
e
(
str
(
relation_index
)),
html_quot
e
(
str
(
relation_index
)),
escap
e
(
sub_index_string
),
html_quot
e
(
sub_index_string
),
)
)
def
render_relation_link
(
self
,
field
,
value
,
REQUEST
,
render_prefix
=
None
):
def
render_relation_link
(
self
,
field
,
value
,
REQUEST
,
render_prefix
=
None
):
...
@@ -408,8 +408,8 @@ $(document).ready(function() {
...
@@ -408,8 +408,8 @@ $(document).ready(function() {
selection_name
=
REQUEST
.
get
(
'selection_name'
)
selection_name
=
REQUEST
.
get
(
'selection_name'
)
if
selection_name
is
not
None
:
if
selection_name
is
not
None
:
selection_name_html
=
'&selection_name=%s&selection_index=%s'
%
(
selection_name_html
=
'&selection_name=%s&selection_index=%s'
%
(
escap
e
(
selection_name
),
html_quot
e
(
selection_name
),
escap
e
(
str
(
REQUEST
.
get
(
'selection_index'
,
0
))),
html_quot
e
(
str
(
REQUEST
.
get
(
'selection_index'
,
0
))),
)
)
else
:
else
:
selection_name_html
=
''
selection_name_html
=
''
...
@@ -420,12 +420,12 @@ $(document).ready(function() {
...
@@ -420,12 +420,12 @@ $(document).ready(function() {
return
'<a href="%s/%s?field_id=%s&form_id=%s%s">'
\
return
'<a href="%s/%s?field_id=%s&form_id=%s%s">'
\
'<img src="%s/images/jump.png" alt="jump" />'
\
'<img src="%s/images/jump.png" alt="jump" />'
\
'</a>'
%
(
'</a>'
%
(
escap
e
(
here
.
absolute_url
()),
html_quot
e
(
here
.
absolute_url
()),
escap
e
(
field
.
get_value
(
'jump_method'
)),
html_quot
e
(
field
.
get_value
(
'jump_method'
)),
escap
e
(
field
.
id
),
html_quot
e
(
field
.
id
),
escap
e
(
field
.
aq_parent
.
id
),
html_quot
e
(
field
.
aq_parent
.
id
),
escap
e
(
selection_name_html
),
html_quot
e
(
selection_name_html
),
escap
e
(
here
.
getPortalObject
().
portal_url
()),
html_quot
e
(
here
.
getPortalObject
().
portal_url
()),
)
)
return
''
return
''
...
...
product/ERP5Type/CopySupport.py
View file @
b3039664
...
@@ -36,7 +36,6 @@ from Products.CMFCore.WorkflowCore import WorkflowException
...
@@ -36,7 +36,6 @@ from Products.CMFCore.WorkflowCore import WorkflowException
from
Products.CMFCore.CatalogTool
import
CatalogTool
as
CMFCoreCatalogTool
from
Products.CMFCore.CatalogTool
import
CatalogTool
as
CMFCoreCatalogTool
from
Products.CMFActivity.Errors
import
ActivityPendingError
from
Products.CMFActivity.Errors
import
ActivityPendingError
from
cgi
import
escape
import
sys
import
sys
_marker
=
object
()
_marker
=
object
()
...
...
product/ERP5Type/patches/make_hidden_input.py
View file @
b3039664
...
@@ -18,7 +18,7 @@ Close properly the <input /> tag
...
@@ -18,7 +18,7 @@ Close properly the <input /> tag
import
ZTUtils.Zope
import
ZTUtils.Zope
from
ZTUtils.Zope
import
complex_marshal
from
ZTUtils.Zope
import
complex_marshal
import
cgi
from
Products.PythonScripts.standard
import
html_quote
from
Products.ERP5Type.Utils
import
ensure_list
from
Products.ERP5Type.Utils
import
ensure_list
def
make_hidden_input
(
*
args
,
**
kwargs
):
def
make_hidden_input
(
*
args
,
**
kwargs
):
...
@@ -39,7 +39,7 @@ def make_hidden_input(*args, **kwargs):
...
@@ -39,7 +39,7 @@ def make_hidden_input(*args, **kwargs):
d
.
update
(
arg
)
d
.
update
(
arg
)
d
.
update
(
kwargs
)
d
.
update
(
kwargs
)
hq
=
lambda
x
:
cgi
.
escape
(
x
,
quote
=
True
)
hq
=
lambda
x
:
html_quote
(
x
)
qlist
=
complex_marshal
(
ensure_list
(
d
.
items
()))
qlist
=
complex_marshal
(
ensure_list
(
d
.
items
()))
for
i
in
range
(
len
(
qlist
)):
for
i
in
range
(
len
(
qlist
)):
k
,
m
,
v
=
qlist
[
i
]
k
,
m
,
v
=
qlist
[
i
]
...
...
product/Formulator/Widget.py
View file @
b3039664
...
@@ -6,7 +6,7 @@ import string
...
@@ -6,7 +6,7 @@ import string
from
.DummyField
import
fields
from
.DummyField
import
fields
from
DocumentTemplate.DT_Util
import
html_quote
from
DocumentTemplate.DT_Util
import
html_quote
from
DateTime
import
DateTime
,
Timezones
from
DateTime
import
DateTime
,
Timezones
from
cgi
import
escap
e
from
Products.PythonScripts.standard
import
html_quot
e
import
types
import
types
from
DocumentTemplate.ustr
import
ustr
from
DocumentTemplate.ustr
import
ustr
from
six.moves.urllib.parse
import
urljoin
from
six.moves.urllib.parse
import
urljoin
...
@@ -441,7 +441,7 @@ class TextWidget(Widget):
...
@@ -441,7 +441,7 @@ class TextWidget(Widget):
old_value
=
[
str
(
value
)]
old_value
=
[
str
(
value
)]
value
=
[]
value
=
[]
for
line
in
old_value
:
for
line
in
old_value
:
value
.
append
(
escap
e
(
line
))
value
.
append
(
html_quot
e
(
line
))
value
=
'<br/>'
.
join
(
value
)
value
=
'<br/>'
.
join
(
value
)
extra
=
field
.
get_value
(
'extra'
)
extra
=
field
.
get_value
(
'extra'
)
...
@@ -686,7 +686,7 @@ class TextAreaWidget(Widget):
...
@@ -686,7 +686,7 @@ class TextAreaWidget(Widget):
value
=
str
(
value
)
value
=
str
(
value
)
value
=
value
.
split
(
'
\
n
'
)
value
=
value
.
split
(
'
\
n
'
)
line_separator
=
'<br/>'
line_separator
=
'<br/>'
value_list
=
[
escap
e
(
part
).
replace
(
'
\
n
'
,
line_separator
)
for
part
in
value
]
value_list
=
[
html_quot
e
(
part
).
replace
(
'
\
n
'
,
line_separator
)
for
part
in
value
]
value
=
line_separator
.
join
(
value_list
)
value
=
line_separator
.
join
(
value_list
)
return
render_element
(
"div"
,
return
render_element
(
"div"
,
css_class
=
field
.
get_value
(
'css_class'
),
css_class
=
field
.
get_value
(
'css_class'
),
...
@@ -751,7 +751,7 @@ class LinesTextAreaWidget(TextAreaWidget):
...
@@ -751,7 +751,7 @@ class LinesTextAreaWidget(TextAreaWidget):
value
=
value
.
split
(
'
\
n
'
)
value
=
value
.
split
(
'
\
n
'
)
line_separator
=
field
.
get_value
(
'view_separator'
)
line_separator
=
field
.
get_value
(
'view_separator'
)
value_list
=
[
escap
e
(
convertToString
(
part
)).
replace
(
'
\
n
'
,
line_separator
)
for
part
in
value
]
value_list
=
[
html_quot
e
(
convertToString
(
part
)).
replace
(
'
\
n
'
,
line_separator
)
for
part
in
value
]
value
=
line_separator
.
join
(
value_list
)
value
=
line_separator
.
join
(
value_list
)
return
render_element
(
"div"
,
return
render_element
(
"div"
,
css_class
=
field
.
get_value
(
'css_class'
),
css_class
=
field
.
get_value
(
'css_class'
),
...
@@ -898,14 +898,14 @@ class SingleItemsWidget(ItemsWidget):
...
@@ -898,14 +898,14 @@ class SingleItemsWidget(ItemsWidget):
item_value
=
item
item_value
=
item
if
item_value
==
value
and
not
selected_found
:
if
item_value
==
value
and
not
selected_found
:
rendered_item
=
self
.
render_selected_item
(
escap
e
(
ustr
(
item_text
)),
rendered_item
=
self
.
render_selected_item
(
html_quot
e
(
ustr
(
item_text
)),
item_value
,
item_value
,
key
,
key
,
css_class
,
css_class
,
extra_item
)
extra_item
)
selected_found
=
1
selected_found
=
1
else
:
else
:
rendered_item
=
self
.
render_item
(
escap
e
(
ustr
(
item_text
)),
rendered_item
=
self
.
render_item
(
html_quot
e
(
ustr
(
item_text
)),
item_value
,
item_value
,
key
,
key
,
css_class
,
css_class
,
...
@@ -915,7 +915,7 @@ class SingleItemsWidget(ItemsWidget):
...
@@ -915,7 +915,7 @@ class SingleItemsWidget(ItemsWidget):
# XXX We want to make sure that we always have the current value in items. -yo
# XXX We want to make sure that we always have the current value in items. -yo
if
not
selected_found
and
value
:
if
not
selected_found
and
value
:
value
=
escap
e
(
ustr
(
value
))
value
=
html_quot
e
(
ustr
(
value
))
rendered_item
=
self
.
render_selected_item
(
'??? (%s)'
%
value
,
rendered_item
=
self
.
render_selected_item
(
'??? (%s)'
%
value
,
value
,
value
,
key
,
key
,
...
@@ -934,7 +934,7 @@ class SingleItemsWidget(ItemsWidget):
...
@@ -934,7 +934,7 @@ class SingleItemsWidget(ItemsWidget):
return
''
return
''
title_list
=
[
x
[
0
]
for
x
in
field
.
get_value
(
"items"
,
REQUEST
=
REQUEST
)
if
x
[
1
]
==
value
]
title_list
=
[
x
[
0
]
for
x
in
field
.
get_value
(
"items"
,
REQUEST
=
REQUEST
)
if
x
[
1
]
==
value
]
if
len
(
title_list
)
==
0
:
if
len
(
title_list
)
==
0
:
return
"??? (%s)"
%
escap
e
(
value
)
return
"??? (%s)"
%
html_quot
e
(
value
)
else
:
else
:
return
title_list
[
0
]
return
title_list
[
0
]
return
value
return
value
...
@@ -1029,7 +1029,7 @@ class MultiItemsWidget(ItemsWidget):
...
@@ -1029,7 +1029,7 @@ class MultiItemsWidget(ItemsWidget):
if
item_value
in
value
:
if
item_value
in
value
:
rendered_item
=
self
.
render_selected_item
(
rendered_item
=
self
.
render_selected_item
(
escap
e
(
ustr
(
item_text
)),
html_quot
e
(
ustr
(
item_text
)),
item_value
,
item_value
,
key
,
key
,
css_class
,
css_class
,
...
@@ -1039,7 +1039,7 @@ class MultiItemsWidget(ItemsWidget):
...
@@ -1039,7 +1039,7 @@ class MultiItemsWidget(ItemsWidget):
selected_found
[
index
]
=
1
selected_found
[
index
]
=
1
else
:
else
:
rendered_item
=
self
.
render_item
(
rendered_item
=
self
.
render_item
(
escap
e
(
ustr
(
item_text
)),
html_quot
e
(
ustr
(
item_text
)),
item_value
,
item_value
,
key
,
key
,
css_class
,
css_class
,
...
@@ -1050,7 +1050,7 @@ class MultiItemsWidget(ItemsWidget):
...
@@ -1050,7 +1050,7 @@ class MultiItemsWidget(ItemsWidget):
for
index
in
range
(
len
(
value
)):
for
index
in
range
(
len
(
value
)):
v
=
value
[
index
]
v
=
value
[
index
]
if
index
not
in
selected_found
and
v
:
if
index
not
in
selected_found
and
v
:
v
=
escap
e
(
v
)
v
=
html_quot
e
(
v
)
rendered_item
=
self
.
render_selected_item
(
'??? (%s)'
%
v
,
rendered_item
=
self
.
render_selected_item
(
'??? (%s)'
%
v
,
v
,
v
,
key
,
key
,
...
...
product/HBTreeFolder2/HBTreeFolder2.py
View file @
b3039664
...
@@ -13,7 +13,7 @@
...
@@ -13,7 +13,7 @@
##############################################################################
##############################################################################
import
operator
import
operator
from
cgi
import
escap
e
from
Products.PythonScripts.standard
import
html_quot
e
from
itertools
import
chain
,
islice
from
itertools
import
chain
,
islice
import
six
import
six
try
:
try
:
...
@@ -309,8 +309,8 @@ class HBTreeFolder2Base (Persistent):
...
@@ -309,8 +309,8 @@ class HBTreeFolder2Base (Persistent):
formatted
=
[
listtext0
%
pref_rows
]
formatted
=
[
listtext0
%
pref_rows
]
for
optID
in
islice
(
self
.
objectIds
(),
b_start
-
1
,
b_end
):
for
optID
in
islice
(
self
.
objectIds
(),
b_start
-
1
,
b_end
):
optID
=
escap
e
(
optID
)
optID
=
html_quot
e
(
optID
)
formatted
.
append
(
listtext1
%
(
escape
(
optID
,
quote
=
1
),
optID
))
formatted
.
append
(
listtext1
%
(
html_quote
(
optID
),
optID
))
formatted
.
append
(
listtext2
)
formatted
.
append
(
listtext2
)
return
{
'b_start'
:
b_start
,
'b_end'
:
b_end
,
return
{
'b_start'
:
b_start
,
'b_end'
:
b_end
,
'prev_batch_url'
:
prev_url
,
'prev_batch_url'
:
prev_url
,
...
...
product/PortalTransforms/transforms/safe_html.py
View file @
b3039664
...
@@ -3,7 +3,7 @@ from six import unichr
...
@@ -3,7 +3,7 @@ from six import unichr
from
zLOG
import
ERROR
from
zLOG
import
ERROR
from
six.moves.html_parser
import
HTMLParser
from
six.moves.html_parser
import
HTMLParser
import
re
import
re
from
cgi
import
escap
e
from
Products.PythonScripts.standard
import
html_quot
e
import
codecs
import
codecs
from
Products.PortalTransforms.interfaces
import
ITransform
from
Products.PortalTransforms.interfaces
import
ITransform
...
@@ -220,7 +220,7 @@ class StrippingParser(HTMLParser):
...
@@ -220,7 +220,7 @@ class StrippingParser(HTMLParser):
def handle_data(self, data):
def handle_data(self, data):
if self.suppress: return
if self.suppress: return
data =
escap
e(data)
data =
html_quot
e(data)
if self.original_charset and isinstance(data, str):
if self.original_charset and isinstance(data, str):
data = data.decode(self.original_charset)
data = data.decode(self.original_charset)
self.result.append(data)
self.result.append(data)
...
@@ -294,7 +294,7 @@ class StrippingParser(HTMLParser):
...
@@ -294,7 +294,7 @@ class StrippingParser(HTMLParser):
self
.
original_charset
=
charset
self
.
original_charset
=
charset
v
=
charset_parser
.
sub
(
v
=
charset_parser
.
sub
(
CharsetReplacer
(
self
.
default_encoding
),
v
)
CharsetReplacer
(
self
.
default_encoding
),
v
)
self
.
result
.
append
(
' %s="%s"'
%
(
k
,
escap
e
(
v
,
True
)))
self
.
result
.
append
(
' %s="%s"'
%
(
k
,
html_quot
e
(
v
,
True
)))
#UNUSED endTag = '</%s>' % tag
#UNUSED endTag = '</%s>' % tag
if
safeToInt
(
self
.
valid
.
get
(
tag
)):
if
safeToInt
(
self
.
valid
.
get
(
tag
)):
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment