- LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``

  methods could not deal with ``TaintedString`` instances. Removed the
  entirely redundant ``DTMLDocument.manage_edit`` method at the same time.

doc/CHANGES.rst

@@ -11,6 +11,10 @@ http://docs.zope.org/zope2/releases/.
 Bugs Fixed
 ++++++++++
 
+- LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``
+  methods could not deal with ``TaintedString`` instances. Removed the
+  entirely redundant ``DTMLDocument.manage_edit`` method at the same time.
+
 - LP #142451: If non-recursive ownership changes are made using 
   ``changeOwnership``, do not touch any children.
 

src/OFS/DTMLDocument.py

@@ -52,37 +52,6 @@ class DTMLDocument(PropertyManager, DTMLMethod):
             or perms
         for perms in DTMLMethod.__ac_permissions__])
 
-    def manage_edit(self, data, title,
-                    SUBMIT='Change',
-                    dtpref_cols='100%',
-                    dtpref_rows='20',
-                    REQUEST=None
-                   ):
-        """ Replace contents with 'data', title with 'title'.
-
-        The SUBMIT parameter is also used to change the size of the editing
-        area on the default Document edit screen.  If the value is "Smaller",
-        the rows and columns decrease by 5.  If the value is "Bigger", the
-        rows and columns increase by 5.  If any other or no value is supplied,
-        the data gets checked for DTML errors and is saved.
-        """
-        self._validateProxy(REQUEST)
-        if self._size_changes.has_key(SUBMIT):
-            return self._er(data, title,
-                            SUBMIT, dtpref_cols, dtpref_rows, REQUEST)
-        if self.wl_isLocked():
-            raise ResourceLockedError(
-                'This document has been locked via WebDAV.')
-
-        self.title = str(title)
-        if type(data) is not type(''):
-            data = data.read()
-        self.munge(data)
-        self.ZCacheable_invalidate()
-        if REQUEST:
-            message = "Content changed."
-            return self.manage_main(self, REQUEST, manage_tabs_message=message)
-
     def manage_upload(self, file='', REQUEST=None):
         """ Replace the contents of the document with the text in 'file'.
         """

src/OFS/DTMLMethod.py

@@ -38,6 +38,7 @@ from webdav.Lockable import ResourceLockedError
 from zExceptions import Forbidden
 from zExceptions.TracebackSupplement import PathTracebackSupplement
 from ZPublisher.Iterators import IStreamIterator
+from ZPublisher.TaintedString import TaintedString
 from zope.contenttype import guess_content_type
 
 
@@ -287,10 +288,12 @@ class DTMLMethod(RestrictedDTML,
             return self._er(data, title,
                             SUBMIT, dtpref_cols, dtpref_rows, REQUEST)
         if self.wl_isLocked():
-            raise ResourceLockedError('This DTML Method is locked via WebDAV')
+            raise ResourceLockedError('This item is locked via WebDAV')
 
         self.title = str(title)
-        if type(data) is not type(''):
+        if isinstance(data, TaintedString):
+            data = data.quoted()
+        if not isinstance(data, basestring):
             data = data.read()
         self.munge(data)
         self.ZCacheable_invalidate()

src/OFS/tests/test_DTMLMethod.py

@@ -14,6 +14,15 @@ class DTMLMethodTests(unittest.TestCase):
         from webdav.interfaces import IWriteLock
         verifyClass(IWriteLock, self._getTargetClass())
 
+    def test_edit_taintedstring(self):
+        from ZPublisher.TaintedString import TaintedString
+        doc = self._makeOne()
+        self.assertEquals(doc.read(), '')
+        data = TaintedString('hello<br/>')
+
+        doc.manage_edit(data, 'title')
+        self.assertEquals(doc.read(), 'hello&lt;br/&gt;')
+
 
 class FactoryTests(unittest.TestCase):