Log message for revision 108014: - LP #491224: proper escaping of rendered error message
Changed: U Zope/branches/2.10/doc/CHANGES.txt U Zope/branches/2.10/lib/python/OFS/SimpleItem.py -=- Modified: Zope/branches/2.10/doc/CHANGES.txt =================================================================== --- Zope/branches/2.10/doc/CHANGES.txt 2010-01-11 15:27:33 UTC (rev 108013) +++ Zope/branches/2.10/doc/CHANGES.txt 2010-01-11 15:28:32 UTC (rev 108014) @@ -8,6 +8,8 @@ Bugs fixed + - LP #491224: proper escaping of rendered error message + - Also look for ZEXP imports within the clienthome directory. This provides a place to put imports that won't be clobbered by buildout in a buildout-based Zope instance. Modified: Zope/branches/2.10/lib/python/OFS/SimpleItem.py =================================================================== --- Zope/branches/2.10/lib/python/OFS/SimpleItem.py 2010-01-11 15:27:33 UTC (rev 108013) +++ Zope/branches/2.10/lib/python/OFS/SimpleItem.py 2010-01-11 15:28:32 UTC (rev 108014) @@ -36,6 +36,7 @@ from DocumentTemplate.ustr import ustr from ExtensionClass import Base from webdav.Resource import Resource +from webdav.xmltools import escape as xml_escape from zExceptions import Redirect from zExceptions.ExceptionFormatter import format_exception from zope.interface import implements @@ -228,6 +229,7 @@ else: v = HTML.__call__(s, client, REQUEST, **kwargs) except: + logger.error( 'Exception while rendering an error message', exc_info=True @@ -243,6 +245,7 @@ "event log for full details: %s)")%( html_quote(sys.exc_info()[1]), )) + v = xml_escape(v) raise error_type, v, tb finally: if hasattr(self, '_v_eek'): del self._v_eek _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins