Commit 49937b8d authored by Jérome Perrin's avatar Jérome Perrin Committed by Xiaowu Zhang

ERP5Form/EditorField: don't initialize with user input

parent c25b51e1
......@@ -42,6 +42,7 @@ from Products.Formulator.StandardFields import FloatField, StringField,\
DateTimeField, TextAreaField, CheckBoxField, ListField, LinesField, \
MultiListField, IntegerField
from Products.ERP5Form.CaptchaField import CaptchaField
from Products.ERP5Form.EditorField import EditorField
from Products.Formulator.MethodField import Method
from Products.Formulator.TALESField import TALESMethod
......@@ -1191,6 +1192,45 @@ class TestCaptchaField(ERP5TypeTestCase):
})
class TestEditorField(ERP5TypeTestCase):
def afterSetUp(self):
self.field = EditorField('test_field').__of__(self.portal)
self.portal.REQUEST['here'] = self.portal
def test_render_editable_textarea(self):
self.field.values['default'] = 'value'
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<textarea rows="5" cols="40" name="field_test_field" >\nvalue</textarea>')
def test_render_editable_textarea_REQUEST(self):
self.field.values['default'] = 'default value'
self.field.values['editable'] = 1
self.portal.REQUEST.form[
self.field.generate_field_key(key=self.field.id)
] = 'user <value>'
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<textarea rows="5" cols="40" name="field_test_field" >\nuser &lt;value&gt;</textarea>')
def test_render_non_editable_textarea(self):
self.field.values['default'] = '<not &scaped'
self.field.values['editable'] = 0
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<div ><not &scaped</div>')
def test_render_non_editable_textarea_REQUEST(self):
self.field.values['default'] = 'trusted value'
self.field.values['editable'] = 0
self.portal.REQUEST.form[
self.field.generate_field_key(key=self.field.id)
] = 'untrusted user value'
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<div >trusted value</div>')
def makeDummyOid():
import time, random
return '%s%s' % (time.time(), random.random())
......@@ -1211,4 +1251,5 @@ def test_suite():
suite.addTest(unittest.makeSuite(TestProxyField))
suite.addTest(unittest.makeSuite(TestFieldValueCache))
suite.addTest(unittest.makeSuite(TestCaptchaField))
suite.addTest(unittest.makeSuite(TestEditorField))
return suite
......@@ -155,3 +155,13 @@ class EditorField(ZMIField):
widget = EditorWidgetInstance
validator = Validator.TextValidatorInstance
def _get_user_input_value(self, key, REQUEST):
"""
Try to get a value of the field from the REQUEST
"""
# because non-editable editor fields are used to render raw HTML, we don't
# initialize them with user input.
if self.get_value('editable'):
return REQUEST.form[key]
raise KeyError(key)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment