Mercurial > moin > 1.9

changeset 1766:2e640592bfd1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix some unescaped uses of pagename (ported from 1.5-803/805/806)
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 30 Jan 2007 23:01:44 +0100
parents 6e438de156d9
children df2e76ac7dee
files MoinMoin/action/AttachFile.py MoinMoin/action/LocalSiteMap.py MoinMoin/action/RenamePage.py MoinMoin/theme/__init__.py
diffstat 4 files changed, 4 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/AttachFile.py	Tue Jan 30 22:47:57 2007 +0100
+++ b/MoinMoin/action/AttachFile.py	Tue Jan 30 23:01:44 2007 +0100
@@ -341,7 +341,7 @@
         str = str + "</ul>"
     else:
         if showheader:
-            str = '%s<p>%s</p>' % (str, _("No attachments stored for %(pagename)s") % {'pagename': pagename})
+            str = '%s<p>%s</p>' % (str, _("No attachments stored for %(pagename)s") % {'pagename': wikiutil.escape(pagename)})
 
     return str
 
--- a/MoinMoin/action/LocalSiteMap.py	Tue Jan 30 22:47:57 2007 +0100
+++ b/MoinMoin/action/LocalSiteMap.py	Tue Jan 30 23:01:44 2007 +0100
@@ -72,7 +72,7 @@
         pg = Page(request, name)
         action = __name__.split('.')[-1]
         self.append('&nbsp;' * (5*depth+1))
-        self.append(pg.link_to(request, name, querystr={'action': action}))
+        self.append(pg.link_to(request, wikiutil.escape(name), querystr={'action': action}))
         self.append("&nbsp;<small>[")
         self.append(pg.link_to(request, 'view'))
         self.append("</small>]<br>")
--- a/MoinMoin/action/RenamePage.py	Tue Jan 30 22:47:57 2007 +0100
+++ b/MoinMoin/action/RenamePage.py	Tue Jan 30 23:01:44 2007 +0100
@@ -63,7 +63,7 @@
     def get_form_html(self, buttons_html):
         _ = self._
         d = {
-            'pagename': self.pagename,
+            'pagename': wikiutil.escape(self.pagename),
             'newname_label': _("New name"),
             'comment_label': _("Optional reason for the renaming"),
             'buttons_html': buttons_html,
--- a/MoinMoin/theme/__init__.py	Tue Jan 30 22:47:57 2007 +0100
+++ b/MoinMoin/theme/__init__.py	Tue Jan 30 23:01:44 2007 +0100
@@ -697,7 +697,7 @@
                 pagename = page.page_name
                 if self.request.cfg.show_interwiki:
                     pagename = "%s: %s" % (self.request.cfg.interwikiname, pagename)
-                info = "%s  (%s)" % (pagename, info)
+                info = "%s  (%s)" % (wikiutil.escape(pagename), info)
                 html = '<p id="pageinfo" class="info"%(lang)s>%(info)s</p>\n' % {
                     'lang': self.ui_lang_attr(),
                     'info': info