Log message for revision 69797:
  Merged r69795:69796 from 2.9 branch.
  
  ZTUtils.make_hidden_input did not escape double-quotes.
  Fixes http://www.zope.org/Collectors/Zope/2175
  

Changed:
  U   Zope/branches/2.10/doc/CHANGES.txt
  U   Zope/branches/2.10/lib/python/ZTUtils/Zope.py
  U   Zope/branches/2.10/lib/python/ZTUtils/tests/testZope.py

-=-
Modified: Zope/branches/2.10/doc/CHANGES.txt
===================================================================
--- Zope/branches/2.10/doc/CHANGES.txt  2006-08-27 14:14:52 UTC (rev 69796)
+++ Zope/branches/2.10/doc/CHANGES.txt  2006-08-27 14:17:54 UTC (rev 69797)
@@ -10,6 +10,8 @@
 
       - Collector #2176: Fixed bad logging call.
 
+      - Collector #2175: ZTUtils.make_hidden_input did not escape 
double-quotes.
+
       - Collector #1907: Moved 'alt' property from File to Image.
 
       - Collector #1983: Specifying session-resolution-seconds >= 1200 caused

Modified: Zope/branches/2.10/lib/python/ZTUtils/Zope.py
===================================================================
--- Zope/branches/2.10/lib/python/ZTUtils/Zope.py       2006-08-27 14:14:52 UTC 
(rev 69796)
+++ Zope/branches/2.10/lib/python/ZTUtils/Zope.py       2006-08-27 14:17:54 UTC 
(rev 69797)
@@ -200,7 +200,7 @@
         d.update(arg)
     d.update(kwargs)
 
-    hq = cgi.escape
+    hq = lambda x:cgi.escape(x, quote=True)
     qlist = complex_marshal(d.items())
     for i in range(len(qlist)):
         k, m, v = qlist[i]

Modified: Zope/branches/2.10/lib/python/ZTUtils/tests/testZope.py
===================================================================
--- Zope/branches/2.10/lib/python/ZTUtils/tests/testZope.py     2006-08-27 
14:14:52 UTC (rev 69796)
+++ Zope/branches/2.10/lib/python/ZTUtils/tests/testZope.py     2006-08-27 
14:17:54 UTC (rev 69797)
@@ -5,6 +5,7 @@
 import string
 import urllib
 from ZTUtils.Zope import make_query, complex_marshal
+from ZTUtils.Zope import make_hidden_input
 from DateTime import DateTime
 
 class QueryTests(TestCase):
@@ -50,6 +51,18 @@
                            record=record, string=str_)
         assert query == 
'date:date=%s&integer:int=1&listing:int:list=1&listing:date:list=%s&listing:list=str&string=str&record.arg1:int:list:record=1&record.arg1:date:list:record=%s&record.arg1:list:record=str&record.arg2:int:record=1'%(quote_date,quote_date,quote_date)
 
+    def testMakeHiddenInput(self):
+        tag = make_hidden_input(foo='bar')
+        self.assertEqual(tag, '<input type="hidden" name="foo" value="bar">')
+        tag = make_hidden_input(foo=1)
+        self.assertEqual(tag, '<input type="hidden" name="foo:int" value="1">')
+        # Escaping
+        tag = make_hidden_input(foo='bar & baz')
+        self.assertEqual(tag, '<input type="hidden" name="foo" value="bar 
&amp; baz">')
+        tag = make_hidden_input(foo='<bar>')
+        self.assertEqual(tag, '<input type="hidden" name="foo" 
value="&lt;bar&gt;">')
+        tag = make_hidden_input(foo='"bar"')
+        self.assertEqual(tag, '<input type="hidden" name="foo" 
value="&quot;bar&quot;">')
 
 def test_suite():
     return makeSuite(QueryTests)

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to