changeset 478:2a915e70966f

arnica: wikiutil.escape fixes
author Reimar Bauer <rb.proj AT googlemail DOT com>
date Thu, 21 Jan 2010 21:13:42 +0100
parents 0c8be5763de1
children 167888214d95
files data/plugin/action/arnica_slides.py data/plugin/parser/text_x_arnica.py
diffstat 2 files changed, 24 insertions(+), 24 deletions(-) [+]
line wrap: on
line diff
--- a/data/plugin/action/arnica_slides.py	Tue Jan 19 21:07:35 2010 +0100
+++ b/data/plugin/action/arnica_slides.py	Thu Jan 21 21:13:42 2010 +0100
@@ -6,7 +6,7 @@
 
     Based on gallery2image, (c) 2005-2008 by MoinMoin:ReimarBauer.
 
-    @copyright: 2008 by MoinMoin:ReimarBauer
+    @copyright: 2008-2010 by MoinMoin:ReimarBauer
     @license: GNU GPL, see COPYING for details.
 """
 import os, re
@@ -257,9 +257,9 @@
 <span id="arnica_last_slide"><a class="last_slide" onClick="arnica_last_slide();" title="last slide" ></a></span>
 </div>
 """ % {
-        "this_webnail_list": this_webnail_list,
-        "this_webnail_name": packLine(images),
-        "original_images": packLine(original_images),
+        "this_webnail_list": wikiutil.escape(this_webnail_list),
+        "this_webnail_name": wikiutil.escape(packLine(images)),
+        "original_images": wikiutil.escape(packLine(original_images), quote=1),
         "this_alias_list": wikiutil.escape(packLine([wikiutil.renderText(request, WikiParser, alias_name.replace('<<BR>>', ' ')) for alias_name in alias]), quote=1),
         "this_exif_date_list": wikiutil.escape(packLine(exif_date), quote=1),
         "option_webnails": option_webnail,
@@ -280,9 +280,9 @@
         "server": request.getQualifiedURL(),
         "link_url": link_to_image,
         "alt_text": wikiutil.escape(alias[idx].replace('<<BR>>', ' '), quote=1),
-        "this_alias_text": wikiutil.renderText(request, WikiParser, alias[idx].replace('<<BR>>', ' ').replace('&quot;', '"')),
+        "this_alias_text": wikiutil.renderText(request, WikiParser, wikiutil.escape(alias[idx]).replace('<<BR>>', ' ').replace('&quot;', '"')),
         "this_exif_date_text": wikiutil.escape(exif_date[idx], quote=1),
-        "this_image": image_url,
+        "this_image": wikiutil.escape(image_url),
         "pagename": pagename,
         "navigation": navigation,
     }
@@ -302,10 +302,10 @@
         url = cache.url(request, filename)
         prefix = 'Webnail:'
         options.append('<option%(selected)s value="%(name)s">%(prefix)s %(alias)s' % {
-            "selected": (url.split('_')[-1] == this_image.split('_')[-1]) and ' selected' or '',
-            "name": this_image,
+            "selected": wikiutil.escape((url.split('_')[-1] == this_image.split('_')[-1]) and ' selected' or ''),
+            "name": wikiutil.escape(this_image),
             "prefix": prefix,
-            "alias": original_images[i],
+            "alias": wikiutil.escape(original_images[i]),
         })
         i += 1
     return ''.join(options)
--- a/data/plugin/parser/text_x_arnica.py	Tue Jan 19 21:07:35 2010 +0100
+++ b/data/plugin/parser/text_x_arnica.py	Thu Jan 21 21:13:42 2010 +0100
@@ -10,7 +10,7 @@
 
     Based on Gallery2 by ReimarBauer 2005-2008, ThomasWaldmann 2005, FlorianFesti 2006
 
-    @copyright: 2008 by MoinMoin:ReimarBauer
+    @copyright: 2008-2010 by MoinMoin:ReimarBauer
     @license: GNU GPL, see COPYING for details.
 """
 
@@ -133,7 +133,7 @@
             'url': Page(self.request, self.pagename).url(self.request),
             'htdocs': self.request.cfg.url_prefix_static,
             "pagename": wikiutil.quoteWikinameURL(self.pagename),
-            "this_target": this_target,
+            "this_target": wikiutil.escape(this_target),
         }
 
     def html_tools(self, image):
@@ -173,13 +173,13 @@
         "url": Page(self.request, self.pagename).url(self.request),
         "pagename": self.pagename,
         "htdocs": self.request.cfg.url_prefix_static,
-        "description": packLine([(self.arnica_image[image][3]).replace('"', '&quot;')] + [(self.arnica_image[img][3]).replace('"', '&quot;') for img in selected_images]),
-        "exif_date": packLine([self.arnica_image[image][2]] + [self.arnica_image[img][2] for img in selected_images]),
-        "target": self.arnica_image[image][0],
-        "original_images": packLine([image] + selected_images),
-        "images": packLine([self.arnica_image[image][0]] + [self.arnica_image[img][0] for img in selected_images]),
-        "original_images": packLine([image] + selected_images),
-        "this_target": image,
+        "description": wikiutil.escape(packLine([(self.arnica_image[image][3])] + [(self.arnica_image[img][3]) for img in selected_images]), quote=1),
+        "exif_date": wikiutil.escape(packLine([self.arnica_image[image][2]] + [self.arnica_image[img][2] for img in selected_images]), quote=1),
+        "target": wikiutil.escape(self.arnica_image[image][0]),
+        "original_images": wikiutil.escape(packLine([image] + selected_images)),
+        "images": wikiutil.escape(packLine([self.arnica_image[image][0]] + [self.arnica_image[img][0] for img in selected_images])),
+        "original_images": wikiutil.escape(packLine([image] + selected_images)),
+        "this_target": wikiutil.escape(image),
         "html_tools_restricted": self.html_tools_restricted(image),
         }
         return html
@@ -254,12 +254,12 @@
         "title": title,
         "url": Page(self.request, self.pagename).url(self.request),
         "pagename": self.pagename,
-        "description": packLine([(self.arnica_image[image][3]).replace('"', '&quot;')] + [(self.arnica_image[img][3]).replace('"', '&quot;') for img in selected_images]),
-        "exif_date": packLine([self.arnica_image[image][2]] + [self.arnica_image[img][2] for img in selected_images]),
-        "target": self.arnica_image[image][0],
-        "original_images": packLine([image] + selected_images),
-        "images": packLine([self.arnica_image[image][0]] + [self.arnica_image[img][0] for img in selected_images]),
-        "thumbnail": self.arnica_image[image][1],
+        "description": wikiutil.escape(packLine([(self.arnica_image[image][3])] + [(self.arnica_image[img][3]) for img in selected_images]), quote=1),
+        "exif_date": wikiutil.escape(packLine([self.arnica_image[image][2]] + [self.arnica_image[img][2] for img in selected_images])),
+        "target": wikiutil.escape(self.arnica_image[image][0]),
+        "original_images": wikiutil.escape(packLine([image] + selected_images)),
+        "images": wikiutil.escape(packLine([self.arnica_image[image][0]] + [self.arnica_image[img][0] for img in selected_images])),
+        "thumbnail": wikiutil.escape(self.arnica_image[image][1]),
         "width": self.thumbnail_width,
         "html_tools": self.html_show_tools(image),
         "date_html": self.html_show_date(image),