changeset 3274:6fe451cd6219

merged main
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 16 Mar 2008 22:42:34 +0100
parents 9c6900a92a64 (diff) ca2d37e7c9d0 (current diff)
children 3dd77e8e2702 e79c742eaca7
files
diffstat 9 files changed, 29 insertions(+), 25 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/Page.py	Sun Mar 16 21:45:04 2008 +0100
+++ b/MoinMoin/Page.py	Sun Mar 16 22:42:34 2008 +0100
@@ -1155,17 +1155,17 @@
                       request.dicts.has_member(request.cfg.openid_server_restricted_users_group, openid_username):
                         html_head = '<link rel="openid2.provider" href="%s">' % \
                                         wikiutil.escape(request.getQualifiedURL(self.url(request,
-                                                                                querystr={'action': 'serveopenid'})))
+                                                                                querystr={'action': 'serveopenid'})), True)
                         html_head += '<link rel="openid.server" href="%s">' % \
                                         wikiutil.escape(request.getQualifiedURL(self.url(request,
-                                                                                querystr={'action': 'serveopenid'})))
+                                                                                querystr={'action': 'serveopenid'})), True)
                         html_head += '<meta http-equiv="x-xrds-location" content="%s">' % \
                                         wikiutil.escape(request.getQualifiedURL(self.url(request,
-                                                                                querystr={'action': 'serveopenid', 'yadis': 'ep'})))
+                                                                                querystr={'action': 'serveopenid', 'yadis': 'ep'})), True)
                     elif self.page_name == request.cfg.page_front_page:
                         html_head = '<meta http-equiv="x-xrds-location" content="%s">' % \
                                         wikiutil.escape(request.getQualifiedURL(self.url(request,
-                                                                                querystr={'action': 'serveopenid', 'yadis': 'idp'})))
+                                                                                querystr={'action': 'serveopenid', 'yadis': 'idp'})), True)
 
                 request.theme.send_title(title, page=self,
                                     print_mode=print_mode,
--- a/MoinMoin/action/CopyPage.py	Sun Mar 16 21:45:04 2008 +0100
+++ b/MoinMoin/action/CopyPage.py	Sun Mar 16 22:42:34 2008 +0100
@@ -88,7 +88,7 @@
                 'subpage': subpages,
                 'subpages_checked': ('', 'checked')[self.request.form.get('subpages_checked', ['0'])[0] == '1'],
                 'subpage_label': _('Copy all /subpages too?'),
-                'pagename': wikiutil.escape(self.pagename),
+                'pagename': wikiutil.escape(self.pagename, True),
                 'newname_label': _("New name"),
                 'comment_label': _("Optional reason for the copying"),
                 'buttons_html': buttons_html,
@@ -133,7 +133,7 @@
 
         else:
             d = {
-                'pagename': wikiutil.escape(self.pagename),
+                'pagename': wikiutil.escape(self.pagename, True),
                 'newname_label': _("New name"),
                 'comment_label': _("Optional reason for the copying"),
                 'buttons_html': buttons_html,
--- a/MoinMoin/action/PackagePages.py	Sun Mar 16 21:45:04 2008 +0100
+++ b/MoinMoin/action/PackagePages.py	Sun Mar 16 22:42:34 2008 +0100
@@ -116,7 +116,7 @@
             'baseurl': self.request.getScriptname(),
             'error': error,
             'action': self.__class__.__name__,
-            'pagename': wikiutil.escape(self.pagename),
+            'pagename': wikiutil.escape(self.pagename, True),
             'pagename_quoted': wikiutil.quoteWikinameURL(self.pagename),
             'package': _('Package pages'),
             'cancel': _('Cancel'),
@@ -137,7 +137,7 @@
     <tr>
         <td class="label"><label>%(list_label)s</label></td>
         <td class="content">
-            <input type="text" name="pagelist" size="80" maxlength="200" value=%(pagename)s>
+            <input type="text" name="pagelist" size="80" maxlength="200" value="%(pagename)s">
         </td>
     </tr>
     <tr>
--- a/MoinMoin/action/RenamePage.py	Sun Mar 16 21:45:04 2008 +0100
+++ b/MoinMoin/action/RenamePage.py	Sun Mar 16 22:42:34 2008 +0100
@@ -87,7 +87,7 @@
                 'subpage': subpages,
                 'subpages_checked': ('', 'checked')[self.request.form.get('subpages_checked', ['0'])[0] == '1'],
                 'subpage_label': _('Rename all /subpages too?'),
-                'pagename': wikiutil.escape(self.pagename),
+                'pagename': wikiutil.escape(self.pagename, True),
                 'newname_label': _("New name"),
                 'comment_label': _("Optional reason for the renaming"),
                 'buttons_html': buttons_html,
@@ -132,7 +132,7 @@
 
         else:
             d = {
-                'pagename': wikiutil.escape(self.pagename),
+                'pagename': wikiutil.escape(self.pagename, True),
                 'newname_label': _("New name"),
                 'comment_label': _("Optional reason for the renaming"),
                 'buttons_html': buttons_html,
--- a/MoinMoin/action/SpellCheck.py	Sun Mar 16 21:45:04 2008 +0100
+++ b/MoinMoin/action/SpellCheck.py	Sun Mar 16 22:42:34 2008 +0100
@@ -192,7 +192,7 @@
 
         checkbox = '<input type="checkbox" name="newwords" value="%(word)s">%(word)s&nbsp;&nbsp;'
         msg = msg + (
-            " ".join([checkbox % {'word': wikiutil.escape(w), } for w in badwords]) +
+            " ".join([checkbox % {'word': wikiutil.escape(w, True), } for w in badwords]) +
             '<p><input type="submit" name="button_newwords" value="%s"></p>' %
                 _('Add checked words to dictionary')
         )
--- a/MoinMoin/action/diff.py	Sun Mar 16 21:45:04 2008 +0100
+++ b/MoinMoin/action/diff.py	Sun Mar 16 22:42:34 2008 +0100
@@ -120,14 +120,14 @@
     else:
         disable_next = u''
 
-    page_url = wikiutil.escape(currentpage.url(request))
+    page_url = wikiutil.escape(currentpage.url(request), True)
 
     navigation_html = """
 <table class="diff">
 <tr>
  <td style="border:0">
   <span style="text-align:left">
-   <form action=%s method="get">
+   <form action="%s" method="get">
     <input name="action" value="diff" type="hidden">
     <input name="rev1" value="%d" type="hidden">
     <input name="rev2" value="%d" type="hidden">
@@ -140,7 +140,7 @@
  </td>
  <td style="border:0">
   <span style="text-align:right">
-   <form action=%s method="get">
+   <form action="%s" method="get">
     <input name="action" value="diff" type="hidden">
     <input name="rev1" value="%d" type="hidden">
     <input name="rev2" value="%d" type="hidden">
--- a/MoinMoin/action/fullsearch.py	Sun Mar 16 21:45:04 2008 +0100
+++ b/MoinMoin/action/fullsearch.py	Sun Mar 16 22:42:34 2008 +0100
@@ -228,8 +228,7 @@
     # This action generates data using the user language
     request.setContentLanguage(request.lang)
 
-    request.theme.send_title(title % wikiutil.escape(needle), form=request.form,
-            pagename=pagename)
+    request.theme.send_title(title % needle, form=request.form, pagename=pagename)
 
     # Start content (important for RTL support)
     request.write(request.formatter.startContent("content"))
--- a/MoinMoin/theme/__init__.py	Sun Mar 16 21:45:04 2008 +0100
+++ b/MoinMoin/theme/__init__.py	Sun Mar 16 22:42:34 2008 +0100
@@ -843,8 +843,8 @@
         if self.shouldUseRSS(page):
             link = (u'<link rel="alternate" title="%s Recent Changes" '
                     u'href="%s" type="application/rss+xml">') % (
-                        self.cfg.sitename,
-                        wikiutil.escape(self.rsshref(page)) )
+                        wikiutil.escape(self.cfg.sitename, True),
+                        wikiutil.escape(self.rsshref(page), True) )
         return link
 
     def html_head(self, d):
@@ -855,7 +855,10 @@
         @return: html head
         """
         html = [
-            u'<title>%(title)s - %(sitename)s</title>' % d,
+            u'<title>%(title)s - %(sitename)s</title>' % {
+                'title': wikiutil.escape(d['title']),
+                'sitename': wikiutil.escape(d['sitename']),
+            },
             self.externalScript('common'),
             self.headscript(d), # Should move to separate .js file
             self.guiEditorScript(d),
@@ -1560,8 +1563,8 @@
             ''.join(user_head),
             self.html_head({
                 'page': page,
-                'title': wikiutil.escape(text),
-                'sitename': wikiutil.escape(request.cfg.html_pagetitle or request.cfg.sitename),
+                'title': text,
+                'sitename': request.cfg.html_pagetitle or request.cfg.sitename,
                 'print_mode': keywords.get('print_mode', False),
                 'media': keywords.get('media', 'screen'),
             }),
@@ -1630,7 +1633,7 @@
             request.user.edit_on_doubleclick):
             if request.user.may.write(pagename): # separating this gains speed
                 url = page.url(request, {'action': 'edit'})
-                bodyattr.append(''' ondblclick="location.href='%s'" ''' % wikiutil.escape(url))
+                bodyattr.append(''' ondblclick="location.href='%s'" ''' % wikiutil.escape(url, True))
 
         # Set body to the user interface language and direction
         bodyattr.append(' %s' % self.ui_lang_attr())
--- a/MoinMoin/widget/browser.py	Sun Mar 16 21:45:04 2008 +0100
+++ b/MoinMoin/widget/browser.py	Sun Mar 16 22:42:34 2008 +0100
@@ -44,7 +44,7 @@
         """
         return 'name="%s%s"' % (self.data_id, elem)
 
-    def _makeoption(self, item, selected, ntitem = None):
+    def _makeoption(self, item, selected, ntitem=None):
         """ create an option for a <select> form element
         @param item: string containing the item name to show
         @param selected: indicates whether the item should be default or not
@@ -54,10 +54,12 @@
         else:
             selected = ''
         assert(isinstance(item, basestring))
-        item = wikiutil.escape(item)
         if ntitem is None:
             ntitem = item
-        return '<option value="%s"%s>%s</option>' % (ntitem, selected, item)
+        return '<option value="%s"%s>%s</option>' % (
+            wikiutil.escape(ntitem, True),
+            selected,
+            wikiutil.escape(item))
 
     def _filteroptions(self, idx):
         """ create options for all elements in the column