changeset 5533:54e0fc07a9d4

merged moin/1.8
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 13 Feb 2010 19:06:54 +0100
parents 9101ca32b43d (current diff) 7252009186c0 (diff)
children 6698d5db825a
files MoinMoin/user.py MoinMoin/userprefs/prefs.py
diffstat 2 files changed, 12 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/user.py	Fri Feb 12 21:02:15 2010 +0300
+++ b/MoinMoin/user.py	Sat Feb 13 19:06:54 2010 +0100
@@ -561,8 +561,9 @@
             elif isinstance(value, dict):
                 key += '{}'
                 value = encodeDict(value)
-            line = u"%s=%s\n" % (key, unicode(value))
-            data.write(line)
+            line = u"%s=%s" % (key, unicode(value))
+            line = line.replace('\n', ' ').replace('\r', ' ') # no lineseps
+            data.write(line + '\n')
         data.close()
 
         arena = 'user'
--- a/MoinMoin/userprefs/prefs.py	Fri Feb 12 21:02:15 2010 +0300
+++ b/MoinMoin/userprefs/prefs.py	Sat Feb 13 19:06:54 2010 +0100
@@ -62,7 +62,7 @@
 
         if not 'name' in request.user.auth_attribs:
             # Require non-empty name
-            new_name = form.get('name', request.user.name)
+            new_name = wikiutil.clean_input(form.get('name', request.user.name)).strip()
 
             # Don't allow changing the name to an invalid one
             if not user.isValidName(request, new_name):
@@ -85,8 +85,7 @@
 
         if not 'email' in request.user.auth_attribs:
             # try to get the email
-            new_email = wikiutil.clean_input(form.get('email', request.user.email))
-            new_email = new_email.strip()
+            new_email = wikiutil.clean_input(form.get('email', request.user.email)).strip()
 
             # Require email
             if not new_email and 'email' not in request.cfg.user_form_remove:
@@ -127,15 +126,15 @@
 
         if not 'aliasname' in request.user.auth_attribs:
             # aliasname
-            request.user.aliasname = wikiutil.clean_input(form.get('aliasname', ''))
+            request.user.aliasname = wikiutil.clean_input(form.get('aliasname', '')).strip()
 
         # editor size
         request.user.edit_rows = util.web.getIntegerInput(request, 'edit_rows',
                                                           request.user.edit_rows, 10, 60)
 
         # try to get the editor
-        request.user.editor_default = form.get('editor_default', self.cfg.editor_default)
-        request.user.editor_ui = form.get('editor_ui', self.cfg.editor_ui)
+        request.user.editor_default = wikiutil.clean_input(form.get('editor_default', self.cfg.editor_default))
+        request.user.editor_ui = wikiutil.clean_input(form.get('editor_ui', self.cfg.editor_ui))
 
         # time zone
         request.user.tz_offset = util.web.getIntegerInput(request, 'tz_offset',
@@ -150,7 +149,7 @@
             request.user.date_fmt = '' # default
 
         # try to get the (optional) theme
-        theme_name = form.get('theme_name', self.cfg.theme_default)
+        theme_name = wikiutil.clean_input(form.get('theme_name', self.cfg.theme_default))
         if theme_name != request.user.theme_name:
             # if the theme has changed, load the new theme
             # so the user has a direct feedback
@@ -164,7 +163,7 @@
                 return 'error', _("The theme '%(theme_name)s' could not be loaded!") % locals()
 
         # try to get the (optional) preferred language
-        request.user.language = form.get('language', '')
+        request.user.language = wikiutil.clean_input(form.get('language', ''))
         if request.user.language == u'': # For language-statistics
             from MoinMoin import i18n
             request.user.real_language = i18n.get_browser_language(request)
@@ -190,6 +189,7 @@
                 continue
             default = self.cfg.user_form_defaults[key]
             value = form.get(key, default)
+            value = wikiutil.clean_input(value)
             setattr(request.user, key, value)
 
         # checkbox options
@@ -199,6 +199,7 @@
                 try:
                     value = int(value)
                 except ValueError:
+                    # value we got is crap, do not setattr this value, just pass
                     pass
                 else:
                     setattr(request.user, key, value)