Commit 9708c0bf authored by Jens Vagelpohl's avatar Jens Vagelpohl

- LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``

  methods could not deal with ``TaintedString`` instances. Removed the
  entirely redundant ``DTMLDocument.manage_edit`` method at the same time.
parent ed8d6dd8
...@@ -162,6 +162,10 @@ Features Added ...@@ -162,6 +162,10 @@ Features Added
Bugs Fixed Bugs Fixed
++++++++++ ++++++++++
- LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``
methods could not deal with ``TaintedString`` instances. Removed the
entirely redundant ``DTMLDocument.manage_edit`` method at the same time.
- LP #142750 and LP #142481: To prevent confusion when choosing an Id and - LP #142750 and LP #142481: To prevent confusion when choosing an Id and
to avoid issues when creating two VirtualHostMonsters in the same to avoid issues when creating two VirtualHostMonsters in the same
container the VirtualHostMoster now has a default Id. It can no longer container the VirtualHostMoster now has a default Id. It can no longer
......
...@@ -51,37 +51,6 @@ class DTMLDocument(PropertyManager, DTMLMethod): ...@@ -51,37 +51,6 @@ class DTMLDocument(PropertyManager, DTMLMethod):
or perms or perms
for perms in DTMLMethod.__ac_permissions__]) for perms in DTMLMethod.__ac_permissions__])
def manage_edit(self, data, title,
SUBMIT='Change',
dtpref_cols='100%',
dtpref_rows='20',
REQUEST=None
):
""" Replace contents with 'data', title with 'title'.
The SUBMIT parameter is also used to change the size of the editing
area on the default Document edit screen. If the value is "Smaller",
the rows and columns decrease by 5. If the value is "Bigger", the
rows and columns increase by 5. If any other or no value is supplied,
the data gets checked for DTML errors and is saved.
"""
self._validateProxy(REQUEST)
if self._size_changes.has_key(SUBMIT):
return self._er(data, title,
SUBMIT, dtpref_cols, dtpref_rows, REQUEST)
if self.wl_isLocked():
raise ResourceLockedError(
'This document has been locked via WebDAV.')
self.title = str(title)
if type(data) is not type(''):
data = data.read()
self.munge(data)
self.ZCacheable_invalidate()
if REQUEST:
message = "Content changed."
return self.manage_main(self, REQUEST, manage_tabs_message=message)
def manage_upload(self, file='', REQUEST=None): def manage_upload(self, file='', REQUEST=None):
""" Replace the contents of the document with the text in 'file'. """ Replace the contents of the document with the text in 'file'.
""" """
......
...@@ -34,6 +34,7 @@ from OFS.History import Historical ...@@ -34,6 +34,7 @@ from OFS.History import Historical
from OFS.History import html_diff from OFS.History import html_diff
from OFS.SimpleItem import Item_w__name__ from OFS.SimpleItem import Item_w__name__
from OFS.ZDOM import ElementWithTitle from OFS.ZDOM import ElementWithTitle
from Shared.TaintedString import TaintedString
from webdav.Lockable import ResourceLockedError from webdav.Lockable import ResourceLockedError
from zExceptions import Forbidden from zExceptions import Forbidden
from zExceptions.TracebackSupplement import PathTracebackSupplement from zExceptions.TracebackSupplement import PathTracebackSupplement
...@@ -287,10 +288,12 @@ class DTMLMethod(RestrictedDTML, ...@@ -287,10 +288,12 @@ class DTMLMethod(RestrictedDTML,
return self._er(data, title, return self._er(data, title,
SUBMIT, dtpref_cols, dtpref_rows, REQUEST) SUBMIT, dtpref_cols, dtpref_rows, REQUEST)
if self.wl_isLocked(): if self.wl_isLocked():
raise ResourceLockedError('This DTML Method is locked via WebDAV') raise ResourceLockedError('This item is locked via WebDAV')
self.title = str(title) self.title = str(title)
if type(data) is not type(''): if isinstance(data, TaintedString):
data = data.quoted()
if not isinstance(data, basestring):
data = data.read() data = data.read()
self.munge(data) self.munge(data)
self.ZCacheable_invalidate() self.ZCacheable_invalidate()
......
...@@ -14,6 +14,15 @@ class DTMLMethodTests(unittest.TestCase): ...@@ -14,6 +14,15 @@ class DTMLMethodTests(unittest.TestCase):
from webdav.interfaces import IWriteLock from webdav.interfaces import IWriteLock
verifyClass(IWriteLock, self._getTargetClass()) verifyClass(IWriteLock, self._getTargetClass())
def test_edit_taintedstring(self):
from Shared.TaintedString import TaintedString
doc = self._makeOne()
self.assertEquals(doc.read(), '')
data = TaintedString('hello<br/>')
doc.manage_edit(data, 'title')
self.assertEquals(doc.read(), 'hello&lt;br/&gt;')
class FactoryTests(unittest.TestCase): class FactoryTests(unittest.TestCase):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment