Log message for revision 108030: Better fix, with test, for error-during-standard_error_message with tainted error_value.
Changed: U Zope/branches/Zope-2_8-branch/lib/python/OFS/SimpleItem.py A Zope/branches/Zope-2_8-branch/lib/python/OFS/tests/test_SimpleItem.py -=- Modified: Zope/branches/Zope-2_8-branch/lib/python/OFS/SimpleItem.py =================================================================== --- Zope/branches/Zope-2_8-branch/lib/python/OFS/SimpleItem.py 2010-01-11 20:19:06 UTC (rev 108029) +++ Zope/branches/Zope-2_8-branch/lib/python/OFS/SimpleItem.py 2010-01-11 21:24:55 UTC (rev 108030) @@ -25,7 +25,6 @@ import Globals, App.Management, Acquisition, App.Undo import AccessControl.Role, AccessControl.Owned, App.Common from webdav.Resource import Resource -from webdav.xmltools import escape as xml_escape from ExtensionClass import Base from ComputedAttribute import ComputedAttribute from AccessControl import getSecurityManager, Unauthorized @@ -218,7 +217,7 @@ exc_info=True ) try: - strv = str(error_value) + strv = repr(error_value) # quotes tainted strings except: strv = ('<unprintable %s object>' % str(type(error_value).__name__)) @@ -228,7 +227,6 @@ "event log for full details: %s)")%( html_quote(sys.exc_info()[1]), )) - v = xml_escape(v) raise error_type, v, tb finally: if hasattr(self, '_v_eek'): del self._v_eek Added: Zope/branches/Zope-2_8-branch/lib/python/OFS/tests/test_SimpleItem.py =================================================================== --- Zope/branches/Zope-2_8-branch/lib/python/OFS/tests/test_SimpleItem.py (rev 0) +++ Zope/branches/Zope-2_8-branch/lib/python/OFS/tests/test_SimpleItem.py 2010-01-11 21:24:55 UTC (rev 108030) @@ -0,0 +1,51 @@ +import unittest + +class ItemTests(unittest.TestCase): + + def _getTargetClass(self): + from OFS.SimpleItem import Item + return Item + + def _makeOne(self, *args, **kw): + return self._getTargetClass()(*args, **kw) + + def test_raise_StandardErrorMessage_str_errorValue(self): + item = self._makeOne() + def _raise_during_standard_error_message(*args, **kw): + raise ZeroDivisionError('testing') + item.standard_error_message = _raise_during_standard_error_message + try: + item.raise_standardErrorMessage( + error_type=OverflowError, + error_value='simple', + REQUEST={'dummy': ''}, + ) + except: + import sys + self.assertEqual(sys.exc_info()[0], 'OverflowError') + value = sys.exc_info()[1] + self.failUnless(value.startswith("'simple'")) + self.failUnless('full details: testing' in value) + + def test_raise_StandardErrorMessage_TaintedString_errorValue(self): + from ZPublisher.TaintedString import TaintedString + item = self._makeOne() + def _raise_during_standard_error_message(*args, **kw): + raise ZeroDivisionError('testing') + item.standard_error_message = _raise_during_standard_error_message + try: + item.raise_standardErrorMessage( + error_type=OverflowError, + error_value=TaintedString('<simple>'), + REQUEST={'dummy': ''}, + ) + except: + import sys + self.assertEqual(sys.exc_info()[0], 'OverflowError') + value = sys.exc_info()[1] + self.failIf('<' in value) + +def test_suite(): + return unittest.TestSuite(( + unittest.makeSuite(ItemTests), + )) _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins