changeset 3270:e06e15e90ba7

fix some wrong wikiutil.escape usage causing double-escaping
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 16 Mar 2008 21:04:16 +0100
parents 398ab9187a50
children 99e7f184541f
files MoinMoin/action/AttachFile.py MoinMoin/action/LikePages.py MoinMoin/action/LocalSiteMap.py MoinMoin/action/info.py MoinMoin/formatter/__init__.py MoinMoin/formatter/text_html.py MoinMoin/logfile/editlog.py MoinMoin/macro/__init__.py MoinMoin/script/migration/text_moin158_wiki.py MoinMoin/theme/__init__.py MoinMoin/userform/admin.py
diffstat 11 files changed, 37 insertions(+), 47 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/AttachFile.py	Sun Mar 16 17:11:12 2008 +0100
+++ b/MoinMoin/action/AttachFile.py	Sun Mar 16 21:04:16 2008 +0100
@@ -337,7 +337,7 @@
         if showheader:
             html.append(fmt.paragraph(1))
             html.append(fmt.text(_("No attachments stored for %(pagename)s") % {
-                                   'pagename': wikiutil.escape(pagename)}))
+                                   'pagename': pagename}))
             html.append(fmt.paragraph(0))
 
     return ''.join(html)
--- a/MoinMoin/action/LikePages.py	Sun Mar 16 17:11:12 2008 +0100
+++ b/MoinMoin/action/LikePages.py	Sun Mar 16 21:04:16 2008 +0100
@@ -220,10 +220,11 @@
             # Render title line
             request.write(request.formatter.paragraph(1))
             request.write(request.formatter.strong(1))
-            request.write(_('%(matchcount)d %(matches)s for "%(title)s"') % {
-                'matchcount': matchcount,
-                'matches': ' ' + (_('match'), _('matches'))[matchcount != 1],
-                'title': wikiutil.escape(title)})
+            request.write(request.formatter.text(
+                _('%(matchcount)d %(matches)s for "%(title)s"') % {
+                    'matchcount': matchcount,
+                    'matches': ' ' + (_('match'), _('matches'))[matchcount != 1],
+                    'title': title}))
             request.write(request.formatter.strong(0))
             request.write(request.formatter.paragraph(0))
 
--- a/MoinMoin/action/LocalSiteMap.py	Sun Mar 16 17:11:12 2008 +0100
+++ b/MoinMoin/action/LocalSiteMap.py	Sun Mar 16 21:04:16 2008 +0100
@@ -72,7 +72,7 @@
         pg = Page(request, name)
         action = __name__.split('.')[-1]
         self.append('&nbsp;' * (5*depth+1))
-        self.append(pg.link_to(request, wikiutil.escape(name), querystr={'action': action}))
+        self.append(pg.link_to(request, querystr={'action': action}))
         self.append("&nbsp;<small>[")
         self.append(pg.link_to(request, 'view'))
         self.append("</small>]<br>")
--- a/MoinMoin/action/info.py	Sun Mar 16 17:11:12 2008 +0100
+++ b/MoinMoin/action/info.py	Sun Mar 16 21:04:16 2008 +0100
@@ -140,7 +140,6 @@
 
                     actions.append(render_action(_('get'), {'action': 'AttachFile', 'do': 'get', 'target': '%s' % filename}))
                     actions.append(render_action(_('del'), {'action': 'AttachFile', 'do': 'del', 'target': '%s' % filename}))
-                    # XXX use?: wikiutil.escape(filename)
 
             history.addRow((
                 rev,
--- a/MoinMoin/formatter/__init__.py	Sun Mar 16 17:11:12 2008 +0100
+++ b/MoinMoin/formatter/__init__.py	Sun Mar 16 21:04:16 2008 +0100
@@ -314,7 +314,6 @@
         except ImportError, err:
             errmsg = unicode(err)
             if markup:
-                errmsg = wikiutil.escape(errmsg)
                 return (self.span(1, title=errmsg) +
                         self.text(markup) +
                         self.span(0))
--- a/MoinMoin/formatter/text_html.py	Sun Mar 16 17:11:12 2008 +0100
+++ b/MoinMoin/formatter/text_html.py	Sun Mar 16 21:04:16 2008 +0100
@@ -510,28 +510,23 @@
             else:
                 return self.url(0)
 
-    def url(self, on, url=None, css=None, do_escape=0, **kw):
+    def url(self, on, url=None, css=None, do_escape=None, **kw):
         """
-        Inserts an <a> element.
-
-        Call once with on=1 to start the link, and again with on=0
-        to end it (no other arguments are needed when on==0).
-
-        do_escape: filters url through wikiutil.escape
+        Inserts an <a> element (you can give any A tag attributes as kw args).
 
-        Keyword params:
-            url - the URL to link to; will go through Wiki URL mapping.
-            css - a space-separated list of CSS classes
-            attrs -  just include this string verbatim inside
-                     the <a> element; can be used for arbitrary attrs;
-                     all escaping and quoting is the caller's responsibility.
-
-        Note that the 'attrs' keyword argument is for backwards compatibility
-        only.  It should not be used for new code -- instead just pass
-        any attributes in as separate keyword arguments.
-
-        1.5.3: removed ugly "attrs" keyword argument handling code
+        @param on: 1 to start the link, 0 to end the link (no other arguments are needed when on==0).
+        @param url: the URL to link to; will go through Wiki URL mapping.
+        @param css: a space-separated list of CSS classes
+        @param do_escape: DEPRECATED and not used any more, please remove it from your code!
+                          We will remove this parameter in moin 1.8 (it used to filter url
+                          param through wikiutil.escape, but text_html formatter's _open
+                          will do it again, so this just leads to double escaping now).
         """
+        if do_escape is not None:
+            if do_escape:
+                logging.warning("Deprecation warning: MoinMoin.formatter.text_html.url being called with do_escape=1/True parameter, please review caller.")
+            else:
+                logging.warning("Deprecation warning: MoinMoin.formatter.text_html.url being called with do_escape=0/False parameter, please remove it from the caller.")
         if on:
             attrs = self._langAttr()
 
@@ -541,8 +536,6 @@
                 del kw['href']
             if url is not None:
                 url = wikiutil.mapURL(self.request, url)
-                if do_escape:
-                    url = wikiutil.escape(url)
                 attrs['href'] = url
 
             if css:
@@ -629,7 +622,7 @@
                 css = 'attachment'
             else:
                 target = AttachFile.getAttachUrl(pagename, fname, self.request, upload=True)
-                title = _('Upload new attachment "%(filename)s"') % {'filename': wikiutil.escape(fname)}
+                title = _('Upload new attachment "%(filename)s"') % {'filename': fname}
                 css = 'attachment nonexistent'
             return self.url(on, target, css=css, title=title)
         else:
@@ -651,8 +644,7 @@
                 kw['alt'] = kw['title']
             return self.image(**kw)
         else:
-            title = _('Upload new attachment "%(filename)s"') % {
-                      'filename': wikiutil.escape(fname)}
+            title = _('Upload new attachment "%(filename)s"') % {'filename': fname}
             img = self.icon('attachimg')
             css = 'nonexistent'
             target = AttachFile.getAttachUrl(pagename, fname, self.request, upload=True)
--- a/MoinMoin/logfile/editlog.py	Sun Mar 16 17:11:12 2008 +0100
+++ b/MoinMoin/logfile/editlog.py	Sun Mar 16 21:04:16 2008 +0100
@@ -110,7 +110,7 @@
             aliasname = self._usercache[self.userid].aliasname
             if not aliasname:
                 aliasname = name
-            title = wikiutil.escape(aliasname + title)
+            title = aliasname + title
             text = (request.formatter.interwikilink(1, title=title, generated=True, *info) +
                     request.formatter.text(name) +
                     request.formatter.interwikilink(0, title=title, *info))
@@ -119,7 +119,7 @@
             aliasname = self._usercache[self.userid].aliasname
             if not aliasname:
                 aliasname = name
-            title = wikiutil.escape(aliasname + title)
+            title = aliasname + title
             url = 'mailto:%s' % info
             text = (request.formatter.url(1, url, css='mailto', title=title) +
                     request.formatter.text(name) +
@@ -129,11 +129,13 @@
                 idx = info.index('.')
             except ValueError:
                 idx = len(info)
-            title = wikiutil.escape('???' + title)
-            text = wikiutil.escape(info[:idx])
+            title = '???' + title
+            text = request.formatter.text(info[:idx])
         else:
             raise Exception("unknown EditorData type")
-        return '<span title="%s">%s</span>' % (title, text)
+        return (request.formatter.span(1, title=title) +
+                text +
+                request.formatter.span(0))
 
 
 class EditLog(LogFile):
--- a/MoinMoin/macro/__init__.py	Sun Mar 16 17:11:12 2008 +0100
+++ b/MoinMoin/macro/__init__.py	Sun Mar 16 21:04:16 2008 +0100
@@ -372,7 +372,7 @@
         if self.request.user.valid:
             # decode address and generate mailto: link
             email = decodeSpamSafeEmail(email)
-            result = (self.formatter.url(1, 'mailto:' + email, css='mailto', do_escape=0) +
+            result = (self.formatter.url(1, 'mailto:' + email, css='mailto') +
                       self.formatter.text(text or email) +
                       self.formatter.url(0))
         else:
--- a/MoinMoin/script/migration/text_moin158_wiki.py	Sun Mar 16 17:11:12 2008 +0100
+++ b/MoinMoin/script/migration/text_moin158_wiki.py	Sun Mar 16 21:04:16 2008 +0100
@@ -433,11 +433,11 @@
             return self.attachment(words, pretty_url=1)
 
         if wikiutil.isPicture(words[1]) and re.match(self.url_rule, words[1]):
-            return (self.formatter.url(1, words[0], css='external', do_escape=0) +
+            return (self.formatter.url(1, words[0], css='external') +
                     self.formatter.image(title=words[0], alt=words[0], src=words[1]) +
                     self.formatter.url(0))
         else:
-            return (self.formatter.url(1, words[0], css=scheme, do_escape=0) +
+            return (self.formatter.url(1, words[0], css=scheme) +
                     self.formatter.text(words[1]) +
                     self.formatter.url(0))
 
--- a/MoinMoin/theme/__init__.py	Sun Mar 16 17:11:12 2008 +0100
+++ b/MoinMoin/theme/__init__.py	Sun Mar 16 21:04:16 2008 +0100
@@ -337,7 +337,6 @@
         if wikiutil.is_URL(pagename):
             if not title:
                 title = pagename
-            title = wikiutil.escape(title)
             link = fmt.url(1, pagename) + fmt.text(title) + fmt.url(0)
             return pagename, link
 
@@ -354,7 +353,6 @@
             else:
                 if not title:
                     title = page
-                title = wikiutil.escape(title)
                 link = fmt.interwikilink(True, interwiki, page) + fmt.text(title) + fmt.interwikilink(False, interwiki, page)
                 return pagename, link
         except ValueError:
@@ -1631,9 +1629,8 @@
             not keywords.get('print_mode', 0) and
             request.user.edit_on_doubleclick):
             if request.user.may.write(pagename): # separating this gains speed
-                querystr = wikiutil.escape(wikiutil.makeQueryString({'action': 'edit'}))
-                url = page.url(request, querystr)
-                bodyattr.append(''' ondblclick="location.href='%s'" ''' % url)
+                url = page.url(request, {'action': 'edit'})
+                bodyattr.append(''' ondblclick="location.href='%s'" ''' % wikiutil.escape(url))
 
         # Set body to the user interface language and direction
         bodyattr.append(' %s' % self.ui_lang_attr())
--- a/MoinMoin/userform/admin.py	Sun Mar 16 17:11:12 2008 +0100
+++ b/MoinMoin/userform/admin.py	Sun Mar 16 21:04:16 2008 +0100
@@ -76,10 +76,10 @@
         data.addRow((
             request.formatter.rawHTML(namelink),
             request.formatter.rawHTML(list_groups),
-            (request.formatter.url(1, 'mailto:' + account.email, css='mailto', do_escape=0) +
+            (request.formatter.url(1, 'mailto:' + account.email, css='mailto') +
              request.formatter.text(account.email) +
              request.formatter.url(0)),
-            (request.formatter.url(1, 'xmpp:' + account.jid, css='mailto', do_escape=0) +
+            (request.formatter.url(1, 'xmpp:' + account.jid, css='mailto') +
              request.formatter.text(account.jid) +
              request.formatter.url(0)),
             mail_link + " - " + enable_disable_link