From 490a1f79fb735b7d5dac204acd23d48870ddab7d Mon Sep 17 00:00:00 2001 From: Vincent Pelletier <vincent@nexedi.com> Date: Fri, 22 Sep 2006 14:02:22 +0000 Subject: [PATCH] Change filtering policy : only keep trusted values instead of removing blacklisted ones. This makes the system more robust, though a tiny bit less flexible. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10251 20353a03-c40f-0410-a6d1-a30d3c3de9de --- .../ERP5XhtmlStyle_filterParameterList.xml | 56 ++++++------------- 1 file changed, 18 insertions(+), 38 deletions(-) diff --git a/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/ERP5XhtmlStyle_filterParameterList.xml b/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/ERP5XhtmlStyle_filterParameterList.xml index 90dd5133d1..43161a943e 100644 --- a/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/ERP5XhtmlStyle_filterParameterList.xml +++ b/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/ERP5XhtmlStyle_filterParameterList.xml @@ -68,50 +68,24 @@ </item> <item> <key> <string>_body</string> </key> - <value> <string># XXX: This file contains many duplicated loops when filtering, this is done on purpose :\n -# Each loop contains variable names which concern a certain hidden field generator (listbox, xhtml style,...).\n -# Above each loop is said wether it is normal or shoul dbe fixed.\n + <value> <string>kept_names = (\'editable_mode\', \'ignore_layout\', # erp5_web\n + \'selection_name\', \'selection_index\', # list mode\n + \'form_id\', # list mode and view mode\n + \'dialog_id\', \'dialog_method\', \'update_method\', \'dialog_category\', # dialog mode\n + \'object_uid\', \'object_path\', # view mode\n + \'field_id\', \'form_pickle\', \'form_signature\', # related string field\n + \'cancel_url\', # xhtml_style\n + )\n +kept_names = dict([(key, None) for key in kept_names])\n \n def isValid(value_name):\n """\n Return true when the given field name can be propagated, false otherwise.\n -\n - FIXME: _select should be a prefix, not a sufix, to avoid potential collisions with property names.\n """\n - prefix = value_name.split(\'_\')[0]\n - if value_name == \'field_id\' \\\n - or prefix not in (\'field\', \'subfield\', \'default\', \'select\', \'search\'):\n + if kept_names.has_key(value_name):\n return True\n return False\n \n -# Remove a strange value. No idea on its meaning nor what it does here.\n -if parameter_list.has_key(\'-C\'):\n - del parameter_list[\'-C\']\n -\n -# erp5_xhtml_style special fields.\n -# This is normal.\n -for k in (\'came_from\', \'SearchableText\', \'workflow_action\', \'portal_status_message\', \'reset\', \'dialog_id\', \'update_method\', \'dialog_method\', \'cancel_method\'):\n - if parameter_list.has_key(k):\n - del parameter_list[k]\n -\n -# Listbox search fields special values\n -# XXX: This should not be needed.\n -# for k in (\'id\', \'title\', \'description\', \'reporter\'):\n -# if parameter_list.has_key(k):\n -# del parameter_list[k]\n -\n -# Listbox special fields.\n -# XXX: This should not be needed.\n -for k in (\'listbox\', \'list_start\', \'uids\', \'listbox_uid\', \'list_selection_name\', \'md5_object_uid_list\'):\n - if parameter_list.has_key(k):\n - del parameter_list[k]\n -\n -# Subversion special fields\n -# XXX: This should not be needed.\n -for k in (\'changelog\', \'added\', \'removed\', \'modified\'):\n - if parameter_list.has_key(k):\n - del parameter_list[k]\n -\n for k in parameter_list.keys():\n if not isValid(k):\n del parameter_list[k]\n @@ -160,11 +134,17 @@ return parameter_list\n <value> <tuple> <string>parameter_list</string> + <string>kept_names</string> + <string>dict</string> + <string>append</string> + <string>$append0</string> + <string>_getiter_</string> + <string>key</string> + <string>None</string> <string>isValid</string> <string>_getattr_</string> - <string>_write_</string> - <string>_getiter_</string> <string>k</string> + <string>_write_</string> </tuple> </value> </item> -- 2.30.9