From 5384a682f9180ec393713a8af60387554cbd6d8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Tue, 30 May 2006 22:19:14 +0000
Subject: [PATCH] escape properties using cgi.escape

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@7546 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5/bin/genbt5list | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/product/ERP5/bin/genbt5list b/product/ERP5/bin/genbt5list
index ca87dbe385..1bd2f95ca3 100755
--- a/product/ERP5/bin/genbt5list
+++ b/product/ERP5/bin/genbt5list
@@ -36,6 +36,7 @@ import os
 import sys
 import tempfile
 import shutil
+import cgi
 
 property_list = ('title', 'version', 'description', 'license', 'dependency_list', 'copyright_list')
 
@@ -88,10 +89,12 @@ def generateInformation(fd):
         for property_id in property_id_list:
           property_value = property_dict[property_id]
           if type(property_value) == type(''):
-            os.write(fd, '    <%s>%s</%s>\n' % (property_id, property_value, property_id))
+            os.write(fd, '    <%s>%s</%s>\n' % (
+                  property_id, cgi.escape(property_value), property_id))
           else:
             for value in property_value:
-              os.write(fd, '    <%s>%s</%s>\n' % (property_id, value, property_id))
+              os.write(fd, '    <%s>%s</%s>\n' % (
+                    property_id, cgi.escape(value), property_id))
         os.write(fd, '  </template>\n')
         info('done\n')
       finally:
-- 
2.30.9