Commit ac6ad2a8 authored by Jérome Perrin's avatar Jérome Perrin Committed by Cédric Le Ninivin

ERP5Form/EditorField: don't initialize with user input

parent 3b080872
...@@ -39,6 +39,7 @@ from Products.Formulator.Validator import ValidationError ...@@ -39,6 +39,7 @@ from Products.Formulator.Validator import ValidationError
from Products.Formulator.StandardFields import FloatField, StringField,\ from Products.Formulator.StandardFields import FloatField, StringField,\
DateTimeField, TextAreaField, CheckBoxField, ListField, LinesField, \ DateTimeField, TextAreaField, CheckBoxField, ListField, LinesField, \
MultiListField, IntegerField MultiListField, IntegerField
from Products.ERP5Form.EditorField import EditorField
from Products.Formulator.MethodField import Method from Products.Formulator.MethodField import Method
from Products.Formulator.TALESField import TALESMethod from Products.Formulator.TALESField import TALESMethod
...@@ -1084,6 +1085,45 @@ class TestFieldValueCache(ERP5TypeTestCase): ...@@ -1084,6 +1085,45 @@ class TestFieldValueCache(ERP5TypeTestCase):
self.assertEqual(True, cache_size == self._getCacheSize('ProxyField.get_value')) self.assertEqual(True, cache_size == self._getCacheSize('ProxyField.get_value'))
class TestEditorField(ERP5TypeTestCase):
def afterSetUp(self):
self.field = EditorField('test_field').__of__(self.portal)
self.portal.REQUEST['here'] = self.portal
def test_render_editable_textarea(self):
self.field.values['default'] = 'value'
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<textarea rows="5" cols="40" name="field_test_field" >\nvalue</textarea>')
def test_render_editable_textarea_REQUEST(self):
self.field.values['default'] = 'default value'
self.field.values['editable'] = 1
self.portal.REQUEST.form[
self.field.generate_field_key(key=self.field.id)
] = 'user <value>'
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<textarea rows="5" cols="40" name="field_test_field" >\nuser &lt;value&gt;</textarea>')
def test_render_non_editable_textarea(self):
self.field.values['default'] = '<not &scaped'
self.field.values['editable'] = 0
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<div ><not &scaped</div>')
def test_render_non_editable_textarea_REQUEST(self):
self.field.values['default'] = 'trusted value'
self.field.values['editable'] = 0
self.portal.REQUEST.form[
self.field.generate_field_key(key=self.field.id)
] = 'untrusted user value'
self.assertEqual(
self.field.render(REQUEST=self.portal.REQUEST),
'<div >trusted value</div>')
def makeDummyOid(): def makeDummyOid():
import time, random import time, random
return '%s%s' % (time.time(), random.random()) return '%s%s' % (time.time(), random.random())
...@@ -1103,4 +1143,5 @@ def test_suite(): ...@@ -1103,4 +1143,5 @@ def test_suite():
suite.addTest(unittest.makeSuite(TestMultiListField)) suite.addTest(unittest.makeSuite(TestMultiListField))
suite.addTest(unittest.makeSuite(TestProxyField)) suite.addTest(unittest.makeSuite(TestProxyField))
suite.addTest(unittest.makeSuite(TestFieldValueCache)) suite.addTest(unittest.makeSuite(TestFieldValueCache))
suite.addTest(unittest.makeSuite(TestEditorField))
return suite return suite
...@@ -155,3 +155,13 @@ class EditorField(ZMIField): ...@@ -155,3 +155,13 @@ class EditorField(ZMIField):
widget = EditorWidgetInstance widget = EditorWidgetInstance
validator = Validator.TextValidatorInstance validator = Validator.TextValidatorInstance
def _get_user_input_value(self, key, REQUEST):
"""
Try to get a value of the field from the REQUEST
"""
# because non-editable editor fields are used to render raw HTML, we don't
# initialize them with user input.
if self.get_value('editable'):
return REQUEST.form[key]
raise KeyError(key)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment