Log message for revision 112536: - LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit`` methods could not deal with ``TaintedString`` instances. Removed the entirely redundant ``DTMLDocument.manage_edit`` method at the same time.
Changed: U Zope/branches/2.12/doc/CHANGES.rst U Zope/branches/2.12/src/OFS/DTMLDocument.py U Zope/branches/2.12/src/OFS/DTMLMethod.py U Zope/branches/2.12/src/OFS/tests/test_DTMLMethod.py -=- Modified: Zope/branches/2.12/doc/CHANGES.rst =================================================================== --- Zope/branches/2.12/doc/CHANGES.rst 2010-05-19 12:44:11 UTC (rev 112535) +++ Zope/branches/2.12/doc/CHANGES.rst 2010-05-19 12:58:54 UTC (rev 112536) @@ -11,6 +11,10 @@ Bugs Fixed ++++++++++ +- LP #142590: The ``DTMLMethod`` and ``DTMLDocument`` ``manage_edit`` + methods could not deal with ``TaintedString`` instances. Removed the + entirely redundant ``DTMLDocument.manage_edit`` method at the same time. + - LP #142451: If non-recursive ownership changes are made using ``changeOwnership``, do not touch any children. Modified: Zope/branches/2.12/src/OFS/DTMLDocument.py =================================================================== --- Zope/branches/2.12/src/OFS/DTMLDocument.py 2010-05-19 12:44:11 UTC (rev 112535) +++ Zope/branches/2.12/src/OFS/DTMLDocument.py 2010-05-19 12:58:54 UTC (rev 112536) @@ -52,37 +52,6 @@ or perms for perms in DTMLMethod.__ac_permissions__]) - def manage_edit(self, data, title, - SUBMIT='Change', - dtpref_cols='100%', - dtpref_rows='20', - REQUEST=None - ): - """ Replace contents with 'data', title with 'title'. - - The SUBMIT parameter is also used to change the size of the editing - area on the default Document edit screen. If the value is "Smaller", - the rows and columns decrease by 5. If the value is "Bigger", the - rows and columns increase by 5. If any other or no value is supplied, - the data gets checked for DTML errors and is saved. - """ - self._validateProxy(REQUEST) - if self._size_changes.has_key(SUBMIT): - return self._er(data, title, - SUBMIT, dtpref_cols, dtpref_rows, REQUEST) - if self.wl_isLocked(): - raise ResourceLockedError( - 'This document has been locked via WebDAV.') - - self.title = str(title) - if type(data) is not type(''): - data = data.read() - self.munge(data) - self.ZCacheable_invalidate() - if REQUEST: - message = "Content changed." - return self.manage_main(self, REQUEST, manage_tabs_message=message) - def manage_upload(self, file='', REQUEST=None): """ Replace the contents of the document with the text in 'file'. """ Modified: Zope/branches/2.12/src/OFS/DTMLMethod.py =================================================================== --- Zope/branches/2.12/src/OFS/DTMLMethod.py 2010-05-19 12:44:11 UTC (rev 112535) +++ Zope/branches/2.12/src/OFS/DTMLMethod.py 2010-05-19 12:58:54 UTC (rev 112536) @@ -38,6 +38,7 @@ from zExceptions import Forbidden from zExceptions.TracebackSupplement import PathTracebackSupplement from ZPublisher.Iterators import IStreamIterator +from ZPublisher.TaintedString import TaintedString from zope.contenttype import guess_content_type @@ -287,10 +288,12 @@ return self._er(data, title, SUBMIT, dtpref_cols, dtpref_rows, REQUEST) if self.wl_isLocked(): - raise ResourceLockedError('This DTML Method is locked via WebDAV') + raise ResourceLockedError('This item is locked via WebDAV') self.title = str(title) - if type(data) is not type(''): + if isinstance(data, TaintedString): + data = data.quoted() + if not isinstance(data, basestring): data = data.read() self.munge(data) self.ZCacheable_invalidate() Modified: Zope/branches/2.12/src/OFS/tests/test_DTMLMethod.py =================================================================== --- Zope/branches/2.12/src/OFS/tests/test_DTMLMethod.py 2010-05-19 12:44:11 UTC (rev 112535) +++ Zope/branches/2.12/src/OFS/tests/test_DTMLMethod.py 2010-05-19 12:58:54 UTC (rev 112536) @@ -14,7 +14,16 @@ from webdav.interfaces import IWriteLock verifyClass(IWriteLock, self._getTargetClass()) + def test_edit_taintedstring(self): + from ZPublisher.TaintedString import TaintedString + doc = self._makeOne() + self.assertEquals(doc.read(), '') + data = TaintedString('hello<br/>') + doc.manage_edit(data, 'title') + self.assertEquals(doc.read(), 'hello<br/>') + + class FactoryTests(unittest.TestCase): def test_defaults_no_standard_html_header(self): _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins