1.1 --- a/MoinMoin/Page.py Thu Jun 03 16:49:30 2010 +0400
1.2 +++ b/MoinMoin/Page.py Fri Jun 04 02:04:00 2010 +0400
1.3 @@ -1056,8 +1056,8 @@
1.4 self.formatter.set_highlight_re(self.hilite_re)
1.5 except re.error, err:
1.6 request.theme.add_msg(_('Invalid highlighting regular expression "%(regex)s": %(error)s') % {
1.7 - 'regex': self.hilite_re,
1.8 - 'error': str(err),
1.9 + 'regex': wikiutil.escape(self.hilite_re),
1.10 + 'error': wikiutil.escape(str(err)),
1.11 }, "warning")
1.12 self.hilite_re = None
1.13
1.14 @@ -1113,7 +1113,7 @@
1.15 request.theme.add_msg("<strong>%s</strong><br>" % (
1.16 _('Revision %(rev)d as of %(date)s') % {
1.17 'rev': self.rev,
1.18 - 'date': self.mtime_printable(request)
1.19 + 'date': wikiutil.escape(self.mtime_printable(request))
1.20 }), "info")
1.21
1.22 # This redirect message is very annoying.
2.1 --- a/MoinMoin/PageGraphicalEditor.py Thu Jun 03 16:49:30 2010 +0400
2.2 +++ b/MoinMoin/PageGraphicalEditor.py Fri Jun 04 02:04:00 2010 +0400
2.3 @@ -170,14 +170,15 @@
2.4 elif 'template' in request.values:
2.5 # If the page does not exist, we try to get the content from the template parameter.
2.6 template_page = wikiutil.unquoteWikiname(request.values['template'])
2.7 + template_page_escaped = wikiutil.escape(template_page)
2.8 if request.user.may.read(template_page):
2.9 raw_body = Page(request, template_page).get_raw_body()
2.10 if raw_body:
2.11 - request.write(_("[Content of new page loaded from %s]") % (template_page, ), '<br>')
2.12 + request.write(_("[Content of new page loaded from %s]") % (template_page_escaped, ), '<br>')
2.13 else:
2.14 - request.write(_("[Template %s not found]") % (template_page, ), '<br>')
2.15 + request.write(_("[Template %s not found]") % (template_page_escaped, ), '<br>')
2.16 else:
2.17 - request.write(_("[You may not read %s]") % (template_page, ), '<br>')
2.18 + request.write(_("[You may not read %s]") % (template_page_escaped, ), '<br>')
2.19
2.20 # Make backup on previews - but not for new empty pages
2.21 if not use_draft and preview and raw_body:
3.1 --- a/MoinMoin/action/CopyPage.py Thu Jun 03 16:49:30 2010 +0400
3.2 +++ b/MoinMoin/action/CopyPage.py Fri Jun 04 02:04:00 2010 +0400
3.3 @@ -86,7 +86,7 @@
3.4 def get_form_html(self, buttons_html):
3.5 _ = self._
3.6 if self.users_subpages:
3.7 - subpages = ' '.join(self.users_subpages)
3.8 + subpages = ' '.join([wikiutil.escape(page) for page in self.users_subpages])
3.9
3.10 d = {
3.11 'textcha': TextCha(self.request).render(),
4.1 --- a/MoinMoin/action/LikePages.py Thu Jun 03 16:49:30 2010 +0400
4.2 +++ b/MoinMoin/action/LikePages.py Fri Jun 04 02:04:00 2010 +0400
4.3 @@ -24,19 +24,19 @@
4.4
4.5 # Error?
4.6 if isinstance(matches, (str, unicode)):
4.7 - request.theme.add_msg(matches, "info")
4.8 + request.theme.add_msg(wikiutil.escape(matches), "info")
4.9 Page(request, pagename).send_page()
4.10 return
4.11
4.12 # No matches
4.13 if not matches:
4.14 - request.theme.add_msg(_('No pages like "%s"!') % (pagename, ), "error")
4.15 + request.theme.add_msg(_('No pages like "%s"!') % (wikiutil.escape(pagename), ), "error")
4.16 Page(request, pagename).send_page()
4.17 return
4.18
4.19 # One match - display it
4.20 if len(matches) == 1:
4.21 - request.theme.add_msg(_('Exactly one page like "%s" found, redirecting to page.') % (pagename, ), "info")
4.22 + request.theme.add_msg(_('Exactly one page like "%s" found, redirecting to page.') % (wikiutil.escape(pagename), ), "info")
4.23 Page(request, matches.keys()[0]).send_page()
4.24 return
4.25
5.1 --- a/MoinMoin/action/Load.py Thu Jun 03 16:49:30 2010 +0400
5.2 +++ b/MoinMoin/action/Load.py Fri Jun 04 02:04:00 2010 +0400
5.3 @@ -111,7 +111,7 @@
5.4 'upload_label_file': _('File to load page content from'),
5.5 'upload_label_comment': _('Comment'),
5.6 'upload_label_rename': _('Page name'),
5.7 - 'pagename': self.pagename,
5.8 + 'pagename': wikiutil.escape(self.pagename, quote=1),
5.9 'buttons_html': buttons_html,
5.10 'action_name': self.form_trigger,
5.11 'textcha': TextCha(self.request).render(),
6.1 --- a/MoinMoin/action/RenamePage.py Thu Jun 03 16:49:30 2010 +0400
6.2 +++ b/MoinMoin/action/RenamePage.py Fri Jun 04 02:04:00 2010 +0400
6.3 @@ -99,7 +99,7 @@
6.4 if self.subpages:
6.5 redirect_label = _('Create redirect for renamed page(s)?')
6.6
6.7 - subpages = ' '.join(self.subpages)
6.8 + subpages = ' '.join([wikiutil.escape(page) for page in self.subpages])
6.9 subpages_html = """
6.10 <tr>
6.11 <dd>
6.12 @@ -117,6 +117,7 @@
6.13 else:
6.14 redirect_label = _('Create redirect for renamed page?')
6.15 subpages_html = ""
6.16 +>>>>>>> other
6.17
6.18 if self.show_redirect:
6.19 redirect_html = '<tr><dd>%(redirect_label)s<input type="checkbox" name="rename_redirect" value="1" %(redirect)s></dd></tr>' % {
7.1 --- a/MoinMoin/action/anywikidraw.py Thu Jun 03 16:49:30 2010 +0400
7.2 +++ b/MoinMoin/action/anywikidraw.py Fri Jun 04 02:04:00 2010 +0400
7.3 @@ -205,6 +205,6 @@
7.4 else:
7.5 msg = awd.render()
7.6 if msg:
7.7 - request.theme.add_msg(msg, 'error')
7.8 + request.theme.add_msg(wikiutil.escape(msg), 'error')
7.9 do_show(pagename, request)
7.10
8.1 --- a/MoinMoin/action/backup.py Thu Jun 03 16:49:30 2010 +0400
8.2 +++ b/MoinMoin/action/backup.py Fri Jun 04 02:04:00 2010 +0400
8.3 @@ -80,8 +80,11 @@
8.4 request.theme.send_footer(pagename)
8.5 request.theme.send_closing_html()
8.6
8.7 -
8.8 +# NOTE: consider using ActionBase.render_msg instead of this function.
8.9 def sendMsg(request, pagename, msg, msgtype):
8.10 + """
8.11 + @param msg: Message to show. Should be escaped.
8.12 + """
8.13 from MoinMoin import Page
8.14 request.theme.add_msg(msg, msgtype)
8.15 return Page.Page(request, pagename).send_page()
8.16 @@ -107,5 +110,4 @@
8.17 sendBackupForm(request, pagename)
8.18 else:
8.19 return sendMsg(request, pagename,
8.20 - msg=_('Unknown backup subaction: %s.') % dowhat, msgtype="error")
8.21 -
8.22 + msg=_('Unknown backup subaction: %s.') % wikiutil.escape(dowhat), msgtype="error")
9.1 --- a/MoinMoin/action/chart.py Thu Jun 03 16:49:30 2010 +0400
9.2 +++ b/MoinMoin/action/chart.py Fri Jun 04 02:04:00 2010 +0400
9.3 @@ -6,6 +6,7 @@
9.4 2006 MoinMoin:ThomasWaldmann
9.5 @license: GNU GPL, see COPYING for details.
9.6 """
9.7 +from MoinMoin import wikiutil
9.8 from MoinMoin.util import pysupport
9.9
9.10 def execute(pagename, request):
9.11 @@ -27,7 +28,7 @@
9.12 try:
9.13 func = pysupport.importName("MoinMoin.stats.%s" % chart_type, 'draw')
9.14 except (ImportError, AttributeError):
9.15 - request.theme.add_msg(_('Bad chart type "%s"!') % chart_type, "error")
9.16 + request.theme.add_msg(_('Bad chart type "%s"!') % wikiutil.escape(chart_type), "error")
9.17 return request.page.send_page()
9.18
9.19 func(pagename, request)
10.1 --- a/MoinMoin/action/language_setup.py Thu Jun 03 16:49:30 2010 +0400
10.2 +++ b/MoinMoin/action/language_setup.py Fri Jun 04 02:04:00 2010 +0400
10.3 @@ -11,7 +11,7 @@
10.4 @license: GNU GPL, see COPYING for details.
10.5 """
10.6
10.7 -from MoinMoin import i18n, packages
10.8 +from MoinMoin import i18n, packages, wikiutil
10.9 from MoinMoin.i18n import strings
10.10 i18n.strings = strings
10.11
10.12 @@ -85,7 +85,7 @@
10.13
10.14 lang_selector = u''.join([fmt.paragraph(1), _("Choose:"), ' ', ' '.join(lang_links), fmt.paragraph(0)])
10.15
10.16 - title = _("Install language packs for '%s'") % (lang)
10.17 + title = _("Install language packs for '%s'") % wikiutil.escape(lang)
10.18 request.theme.add_msg(msg, "info")
10.19 request.theme.send_title(title, page=request.page, pagename=pagename)
10.20 request.write(request.formatter.startContent("content"))
11.1 --- a/MoinMoin/action/login.py Thu Jun 03 16:49:30 2010 +0400
11.2 +++ b/MoinMoin/action/login.py Fri Jun 04 02:04:00 2010 +0400
11.3 @@ -66,7 +66,7 @@
11.4 return self.handle_multistage()
11.5 if hasattr(request, '_login_messages'):
11.6 for msg in request._login_messages:
11.7 - request.theme.add_msg(msg, "error")
11.8 + request.theme.add_msg(wikiutil.escape(msg), "error")
11.9 return self.page.send_page()
11.10
11.11 else: # show login form
12.1 --- a/MoinMoin/action/newaccount.py Thu Jun 03 16:49:30 2010 +0400
12.2 +++ b/MoinMoin/action/newaccount.py Fri Jun 04 02:04:00 2010 +0400
12.3 @@ -59,7 +59,7 @@
12.4 if pw_checker:
12.5 pw_error = pw_checker(request, theuser.name, password)
12.6 if pw_error:
12.7 - return _("Password not acceptable: %s") % pw_error
12.8 + return _("Password not acceptable: %s") % wikiutil.escape(pw_error)
12.9
12.10 # Encode password
12.11 if password and not password.startswith('{SHA}'):
12.12 @@ -67,7 +67,7 @@
12.13 theuser.enc_password = user.encodePassword(password)
12.14 except UnicodeError, err:
12.15 # Should never happen
12.16 - return "Can't encode password: %s" % str(err)
12.17 + return "Can't encode password: %s" % wikiutil.escape(str(err))
12.18
12.19 # try to get the email, for new users it is required
12.20 email = wikiutil.clean_input(form.get('email', ''))
13.1 --- a/MoinMoin/action/recoverpass.py Thu Jun 03 16:49:30 2010 +0400
13.2 +++ b/MoinMoin/action/recoverpass.py Fri Jun 04 02:04:00 2010 +0400
13.3 @@ -175,7 +175,7 @@
13.4 if pw_checker:
13.5 pw_error = pw_checker(request, name, newpass)
13.6 if pw_error:
13.7 - msg = _("Password not acceptable: %s") % pw_error
13.8 + msg = _("Password not acceptable: %s") % wikiutil.escape(pw_error)
13.9 if not pw_error:
13.10 u = user.User(request, user.getUserId(request, name))
13.11 if u and u.valid and u.apply_recovery_token(token, newpass):
14.1 --- a/MoinMoin/action/userprofile.py Thu Jun 03 16:49:30 2010 +0400
14.2 +++ b/MoinMoin/action/userprofile.py Fri Jun 04 02:04:00 2010 +0400
14.3 @@ -28,7 +28,7 @@
14.4 oldval = getattr(theuser, key)
14.5 setattr(theuser, key, val)
14.6 theuser.save()
14.7 - request.theme.add_msg('%s.%s: %s -> %s' % (user_name, key, oldval, val), "info")
14.8 + request.theme.add_msg('%s.%s: %s -> %s' % tuple([wikiutil.escape(s) for s in [user_name, key, oldval, val]]), "info")
14.9
14.10 Page(request, pagename).send_page()
14.11