Commit e2f04340 authored by Jens Vagelpohl's avatar Jens Vagelpohl

- LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``

  methods could not deal with ``TaintedString`` instances. Removed the
  entirely redundant ``DTMLDocument.manage_edit`` method at the same time.
parent a9de2548
...@@ -11,6 +11,10 @@ http://docs.zope.org/zope2/releases/. ...@@ -11,6 +11,10 @@ http://docs.zope.org/zope2/releases/.
Bugs Fixed Bugs Fixed
++++++++++ ++++++++++
- LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit``
methods could not deal with ``TaintedString`` instances. Removed the
entirely redundant ``DTMLDocument.manage_edit`` method at the same time.
- LP #142451: If non-recursive ownership changes are made using - LP #142451: If non-recursive ownership changes are made using
``changeOwnership``, do not touch any children. ``changeOwnership``, do not touch any children.
......
...@@ -52,37 +52,6 @@ class DTMLDocument(PropertyManager, DTMLMethod): ...@@ -52,37 +52,6 @@ class DTMLDocument(PropertyManager, DTMLMethod):
or perms or perms
for perms in DTMLMethod.__ac_permissions__]) for perms in DTMLMethod.__ac_permissions__])
def manage_edit(self, data, title,
SUBMIT='Change',
dtpref_cols='100%',
dtpref_rows='20',
REQUEST=None
):
""" Replace contents with 'data', title with 'title'.
The SUBMIT parameter is also used to change the size of the editing
area on the default Document edit screen. If the value is "Smaller",
the rows and columns decrease by 5. If the value is "Bigger", the
rows and columns increase by 5. If any other or no value is supplied,
the data gets checked for DTML errors and is saved.
"""
self._validateProxy(REQUEST)
if self._size_changes.has_key(SUBMIT):
return self._er(data, title,
SUBMIT, dtpref_cols, dtpref_rows, REQUEST)
if self.wl_isLocked():
raise ResourceLockedError(
'This document has been locked via WebDAV.')
self.title = str(title)
if type(data) is not type(''):
data = data.read()
self.munge(data)
self.ZCacheable_invalidate()
if REQUEST:
message = "Content changed."
return self.manage_main(self, REQUEST, manage_tabs_message=message)
def manage_upload(self, file='', REQUEST=None): def manage_upload(self, file='', REQUEST=None):
""" Replace the contents of the document with the text in 'file'. """ Replace the contents of the document with the text in 'file'.
""" """
......
...@@ -38,6 +38,7 @@ from webdav.Lockable import ResourceLockedError ...@@ -38,6 +38,7 @@ from webdav.Lockable import ResourceLockedError
from zExceptions import Forbidden from zExceptions import Forbidden
from zExceptions.TracebackSupplement import PathTracebackSupplement from zExceptions.TracebackSupplement import PathTracebackSupplement
from ZPublisher.Iterators import IStreamIterator from ZPublisher.Iterators import IStreamIterator
from ZPublisher.TaintedString import TaintedString
from zope.contenttype import guess_content_type from zope.contenttype import guess_content_type
...@@ -287,10 +288,12 @@ class DTMLMethod(RestrictedDTML, ...@@ -287,10 +288,12 @@ class DTMLMethod(RestrictedDTML,
return self._er(data, title, return self._er(data, title,
SUBMIT, dtpref_cols, dtpref_rows, REQUEST) SUBMIT, dtpref_cols, dtpref_rows, REQUEST)
if self.wl_isLocked(): if self.wl_isLocked():
raise ResourceLockedError('This DTML Method is locked via WebDAV') raise ResourceLockedError('This item is locked via WebDAV')
self.title = str(title) self.title = str(title)
if type(data) is not type(''): if isinstance(data, TaintedString):
data = data.quoted()
if not isinstance(data, basestring):
data = data.read() data = data.read()
self.munge(data) self.munge(data)
self.ZCacheable_invalidate() self.ZCacheable_invalidate()
......
...@@ -14,6 +14,15 @@ class DTMLMethodTests(unittest.TestCase): ...@@ -14,6 +14,15 @@ class DTMLMethodTests(unittest.TestCase):
from webdav.interfaces import IWriteLock from webdav.interfaces import IWriteLock
verifyClass(IWriteLock, self._getTargetClass()) verifyClass(IWriteLock, self._getTargetClass())
def test_edit_taintedstring(self):
from ZPublisher.TaintedString import TaintedString
doc = self._makeOne()
self.assertEquals(doc.read(), '')
data = TaintedString('hello<br/>')
doc.manage_edit(data, 'title')
self.assertEquals(doc.read(), 'hello&lt;br/&gt;')
class FactoryTests(unittest.TestCase): class FactoryTests(unittest.TestCase):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment