From 5384a682f9180ec393713a8af60387554cbd6d8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com> Date: Tue, 30 May 2006 22:19:14 +0000 Subject: [PATCH] escape properties using cgi.escape git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@7546 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5/bin/genbt5list | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/product/ERP5/bin/genbt5list b/product/ERP5/bin/genbt5list index ca87dbe385..1bd2f95ca3 100755 --- a/product/ERP5/bin/genbt5list +++ b/product/ERP5/bin/genbt5list @@ -36,6 +36,7 @@ import os import sys import tempfile import shutil +import cgi property_list = ('title', 'version', 'description', 'license', 'dependency_list', 'copyright_list') @@ -88,10 +89,12 @@ def generateInformation(fd): for property_id in property_id_list: property_value = property_dict[property_id] if type(property_value) == type(''): - os.write(fd, ' <%s>%s</%s>\n' % (property_id, property_value, property_id)) + os.write(fd, ' <%s>%s</%s>\n' % ( + property_id, cgi.escape(property_value), property_id)) else: for value in property_value: - os.write(fd, ' <%s>%s</%s>\n' % (property_id, value, property_id)) + os.write(fd, ' <%s>%s</%s>\n' % ( + property_id, cgi.escape(value), property_id)) os.write(fd, ' </template>\n') info('done\n') finally: -- 2.30.9