From 490a1f79fb735b7d5dac204acd23d48870ddab7d Mon Sep 17 00:00:00 2001
From: Vincent Pelletier <vincent@nexedi.com>
Date: Fri, 22 Sep 2006 14:02:22 +0000
Subject: [PATCH] Change filtering policy : only keep trusted values instead of
 removing blacklisted ones. This makes the system more robust, though a tiny
 bit less flexible.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10251 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 .../ERP5XhtmlStyle_filterParameterList.xml    | 56 ++++++-------------
 1 file changed, 18 insertions(+), 38 deletions(-)

diff --git a/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/ERP5XhtmlStyle_filterParameterList.xml b/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/ERP5XhtmlStyle_filterParameterList.xml
index 90dd5133d1..43161a943e 100644
--- a/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/ERP5XhtmlStyle_filterParameterList.xml
+++ b/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/ERP5XhtmlStyle_filterParameterList.xml
@@ -68,50 +68,24 @@
         </item>
         <item>
             <key> <string>_body</string> </key>
-            <value> <string># XXX: This file contains many duplicated loops when filtering, this is done on purpose :\n
-# Each loop contains variable names which concern a certain hidden field generator (listbox, xhtml style,...).\n
-# Above each loop is said wether it is normal or shoul dbe fixed.\n
+            <value> <string>kept_names = (\'editable_mode\', \'ignore_layout\',                                 # erp5_web\n
+              \'selection_name\', \'selection_index\',                              # list mode\n
+              \'form_id\',                                                        # list mode and view mode\n
+              \'dialog_id\', \'dialog_method\', \'update_method\', \'dialog_category\', # dialog mode\n
+              \'object_uid\', \'object_path\',                                      # view mode\n
+              \'field_id\', \'form_pickle\', \'form_signature\',                      # related string field\n
+              \'cancel_url\',                                                     # xhtml_style\n
+             )\n
+kept_names = dict([(key, None) for key in kept_names])\n
 \n
 def isValid(value_name):\n
   """\n
     Return true when the given field name can be propagated, false otherwise.\n
-\n
-    FIXME: _select should be a prefix, not a sufix, to avoid potential collisions with property names.\n
   """\n
-  prefix = value_name.split(\'_\')[0]\n
-  if value_name == \'field_id\' \\\n
-     or prefix not in (\'field\', \'subfield\', \'default\', \'select\', \'search\'):\n
+  if kept_names.has_key(value_name):\n
     return True\n
   return False\n
 \n
-# Remove a strange value. No idea on its meaning nor what it does here.\n
-if parameter_list.has_key(\'-C\'):\n
-  del parameter_list[\'-C\']\n
-\n
-# erp5_xhtml_style special fields.\n
-# This is normal.\n
-for k in (\'came_from\', \'SearchableText\', \'workflow_action\', \'portal_status_message\', \'reset\', \'dialog_id\', \'update_method\', \'dialog_method\', \'cancel_method\'):\n
-  if parameter_list.has_key(k):\n
-    del parameter_list[k]\n
-\n
-# Listbox search fields special values\n
-# XXX: This should not be needed.\n
-# for k in (\'id\', \'title\', \'description\', \'reporter\'):\n
-#   if parameter_list.has_key(k):\n
-#     del parameter_list[k]\n
-\n
-# Listbox special fields.\n
-# XXX: This should not be needed.\n
-for k in (\'listbox\', \'list_start\', \'uids\', \'listbox_uid\', \'list_selection_name\', \'md5_object_uid_list\'):\n
-  if parameter_list.has_key(k):\n
-    del parameter_list[k]\n
-\n
-# Subversion special fields\n
-# XXX: This should not be needed.\n
-for k in (\'changelog\', \'added\', \'removed\', \'modified\'):\n
-  if parameter_list.has_key(k):\n
-    del parameter_list[k]\n
-\n
 for k in parameter_list.keys():\n
   if not isValid(k):\n
     del parameter_list[k]\n
@@ -160,11 +134,17 @@ return parameter_list\n
                         <value>
                           <tuple>
                             <string>parameter_list</string>
+                            <string>kept_names</string>
+                            <string>dict</string>
+                            <string>append</string>
+                            <string>$append0</string>
+                            <string>_getiter_</string>
+                            <string>key</string>
+                            <string>None</string>
                             <string>isValid</string>
                             <string>_getattr_</string>
-                            <string>_write_</string>
-                            <string>_getiter_</string>
                             <string>k</string>
+                            <string>_write_</string>
                           </tuple>
                         </value>
                     </item>
-- 
2.30.9