Log message for revision 69796: ZTUtils.make_hidden_input did not escape double-quotes. Fixes http://www.zope.org/Collectors/Zope/2175
Changed: U Zope/branches/2.9/doc/CHANGES.txt U Zope/branches/2.9/lib/python/ZTUtils/Zope.py U Zope/branches/2.9/lib/python/ZTUtils/tests/testZope.py -=- Modified: Zope/branches/2.9/doc/CHANGES.txt =================================================================== --- Zope/branches/2.9/doc/CHANGES.txt 2006-08-27 13:50:58 UTC (rev 69795) +++ Zope/branches/2.9/doc/CHANGES.txt 2006-08-27 14:14:52 UTC (rev 69796) @@ -8,6 +8,8 @@ Bugs fixed + - Collector #2175: ZTUtils.make_hidden_input did not escape double-quotes. + - Collector #1907: Moved 'alt' property from File to Image. - Collector #1983: Specifying session-resolution-seconds >= 1200 caused Modified: Zope/branches/2.9/lib/python/ZTUtils/Zope.py =================================================================== --- Zope/branches/2.9/lib/python/ZTUtils/Zope.py 2006-08-27 13:50:58 UTC (rev 69795) +++ Zope/branches/2.9/lib/python/ZTUtils/Zope.py 2006-08-27 14:14:52 UTC (rev 69796) @@ -200,7 +200,7 @@ d.update(arg) d.update(kwargs) - hq = cgi.escape + hq = lambda x:cgi.escape(x, quote=True) qlist = complex_marshal(d.items()) for i in range(len(qlist)): k, m, v = qlist[i] Modified: Zope/branches/2.9/lib/python/ZTUtils/tests/testZope.py =================================================================== --- Zope/branches/2.9/lib/python/ZTUtils/tests/testZope.py 2006-08-27 13:50:58 UTC (rev 69795) +++ Zope/branches/2.9/lib/python/ZTUtils/tests/testZope.py 2006-08-27 14:14:52 UTC (rev 69796) @@ -5,6 +5,7 @@ import string import urllib from ZTUtils.Zope import make_query, complex_marshal +from ZTUtils.Zope import make_hidden_input from DateTime import DateTime class QueryTests(TestCase): @@ -50,6 +51,18 @@ record=record, string=str_) assert query == 'date:date=%s&integer:int=1&listing:int:list=1&listing:date:list=%s&listing:list=str&string=str&record.arg1:int:list:record=1&record.arg1:date:list:record=%s&record.arg1:list:record=str&record.arg2:int:record=1'%(quote_date,quote_date,quote_date) + def testMakeHiddenInput(self): + tag = make_hidden_input(foo='bar') + self.assertEqual(tag, '<input type="hidden" name="foo" value="bar">') + tag = make_hidden_input(foo=1) + self.assertEqual(tag, '<input type="hidden" name="foo:int" value="1">') + # Escaping + tag = make_hidden_input(foo='bar & baz') + self.assertEqual(tag, '<input type="hidden" name="foo" value="bar & baz">') + tag = make_hidden_input(foo='<bar>') + self.assertEqual(tag, '<input type="hidden" name="foo" value="<bar>">') + tag = make_hidden_input(foo='"bar"') + self.assertEqual(tag, '<input type="hidden" name="foo" value=""bar"">') def test_suite(): return makeSuite(QueryTests) _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins