Commit 45e5350a authored by Sidnei da Silva's avatar Sidnei da Silva

- Always unescape element contents on webdav.xmltools

      - Use saxutils to escape/unescape values for/from
        PROPFIND/PROPPATCH.

      - Make OFS.PropertySheet use the escaping function from
        webdav.xmltools.

      - Escape/unescape " and '

      - Set a default value of '' for the new 'alt' property as not to
        break existing content.
parent df259636
......@@ -30,20 +30,33 @@ Zope Changes
the docutils package except some GPLed files which can not be included
with the Zope distribution due to license constraints on svn.zope.org.
- docutils: moved from lib/python/docutils to
lib/python/third_party/docutils
- docutils: moved from lib/python/docutils to
lib/python/third_party/docutils
- Collector #1557/OFS.Image: Introducing new 'alt' property. The 'alt'
attribute is no longer taken from the 'title' property but from the new
'alt' property. The border="0" attribute is no longer part of the HTML
'alt' property. The border="0" attribute is no longer part of the HTML
output except specified otherwise.
- Collector #1511: made IPCServer show up in the Control Panel under
- Set a default value of '' for the new 'alt' property as not to
break existing content.
- Collector #1511: made IPCServer show up in the Control Panel under
"Network Services"
- Collector #1443: Applied patch by Simon Eisenmann that reimplements
- Collector #1443: Applied patch by Simon Eisenmann that reimplements
the XML parser used in WebDAV fixing a memory leak.
- Always unescape element contents on webdav.xmltools
- Use saxutils to escape/unescape values for/from
PROPFIND/PROPPATCH.
- Make OFS.PropertySheet use the escaping function from
webdav.xmltools.
- Escape/unescape " and '
Zope 2.8a1
......@@ -77,14 +90,14 @@ Zope Changes
- The DateTime parser now throws a SyntaxError upon any parsing errors.
- ZCatalog: added a new configuration option in the "Advanced" tab
to provide optional logging of the progress of long running
to provide optional logging of the progress of long running
reindexing or recataloging operations.
- made Zope.configure return the starter instance to enable other
methods to be called, such as starter.setupConfiguredLoggers()
- Improved Unicode handling in Page Templates. Template contents
and title will now be saved as a Unicode string if
and title will now be saved as a Unicode string if
the management_page_charset variable can be acquired and is true.
The character set of an uploaded file can now be specified.
......@@ -191,11 +204,11 @@ Zope Changes
(for pre-Zope 2.5 instances) has been removed. If you want to migrate
from such an old version to Zope 2.8, you need to clear and reindex
your ZCatalog).
- Collector #1457: ZCTextIndex's QueryError and ParseError
- Collector #1457: ZCTextIndex's QueryError and ParseError
are now available for import from untrusted code.
- Collector #1473: zpasswd.py can now accept --username
- Collector #1473: zpasswd.py can now accept --username
without --password
- Collector #1491: talgettext.py did not create a proper header
......@@ -213,15 +226,15 @@ Zope Changes
- Removed DWIM'y attempt to filter acquired-but-not-aceessible
results from 'guarded_getattr'.
- Collector #1267: applied patch to fix segmentation faults on
- Collector #1267: applied patch to fix segmentation faults on
x86_64 systems
- ZReST: the charset used in the rendered HTML was not set to the
- ZReST: the charset used in the rendered HTML was not set to the
corresponding output_encoding property of the ZReST instance. In addition
changing the encodings through the Properties tab did not re-render
changing the encodings through the Properties tab did not re-render
the HTML.
- Collector #1234: an exception triple passed to LOG() was not
- Collector #1234: an exception triple passed to LOG() was not
propagated properly to the logging module of Python
- Collector #1441: Removed headers introduced to make Microsoft
......@@ -246,8 +259,8 @@ Zope Changes
- added "version.txt" to setup.py to avoid untrue "unreleased version"
messages within the control panel
- Collector #1436: applied patch to fix a memory leak in
cAccessControl.
- Collector #1436: applied patch to fix a memory leak in
cAccessControl.
- Collector #1431: fixed NetBSD support in initgroups.c
......@@ -261,17 +274,17 @@ Zope Changes
- Zope can now be embedded in C/C++ without exceptions being raised
in zdoptions.
- Collector #1213: Fixed wrong labels of cache parameters
- Collector #1213: Fixed wrong labels of cache parameters
- Collector #1265: Fixed handling of orphans in ZTUtil.Batch
- Collector #1293: missing 'address' parameters within one of the server
sections raise an exception.
sections raise an exception.
- Collector #1345: AcceleratedHTTPCacheManager now sends the
Last-Modified header.
- Collector #1126: ZPublisher.Converters.field2lines now using
- Collector #1126: ZPublisher.Converters.field2lines now using
splitlines() instead of split('\n').
- Collector #1322: fixed HTML quoting problem with ZSQL methods
......@@ -283,14 +296,14 @@ Zope Changes
- Collector #1259: removed the "uninstall" target from the Makefile
since the uninstall routine could also remove non-Zope files. Because
this was to dangerous it has been removed completely.
this was to dangerous it has been removed completely.
- Collector #1299: Fixed bug in sequence.sort()
- Collector #1159: Added test for __MACH__ to initgroups.c so the
initgroups method becomes available on Mac OS X.
- Collector #1004: text,token properties were missing in
- Collector #1004: text,token properties were missing in
PropertyManager management page.
- Display index name on error message when index can't be used as
......
......@@ -76,6 +76,7 @@ class File(Persistent, Implicit, PropertyManager,
precondition=''
size=None
alt=''
manage_editForm =DTMLFile('dtml/fileEdit',globals(),
Kind='File',kind='file')
......
......@@ -807,15 +807,12 @@ def absattr(attr):
return attr()
return attr
def xml_escape(v):
""" convert any content from ISO-8859-1 to UTF-8
The main use is to escape non-US object property values
(e.g. containing accented characters). Also we convert "<" and ">"
to entities to keep the properties XML compliant.
"""
v = str(v)
v = v.replace('&', '&amp;')
v = v.replace('<', '&lt;')
v = v.replace('>', '&gt;')
return unicode(v,"latin-1").encode("utf-8")
def xml_escape(value):
from webdav.xmltools import escape
if not isinstance(value, basestring):
value = unicode(value)
if not isinstance(value, unicode):
# XXX It really shouldn't be hardcoded to latin-1 here.
value = value.decode('latin-1')
value = escape(value)
return value.encode('utf-8')
......@@ -10,13 +10,10 @@
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""
"""
WebDAV XML request parsing tool using xml.minidom as xml parser.
Code contributed by Simon Eisenmann, struktur AG, Stuttgart, Germany
"""
__version__='$Revision: 1.15.2.1 $'[11:-2]
"""
......@@ -26,55 +23,88 @@ TODO:
and find out if some code uses/requires these methods.
=> If yes implement them, else forget them.
NOTE: So far i didn't have any problems.
If you have problems please report them.
"""
from xml.dom import minidom
from xml.sax.saxutils import escape as _escape, unescape as _unescape
escape_entities = {'"': '&quot;',
"'": '&apos;',
}
unescape_entities = {'&quot;': '"',
'&apos;': "'",
}
def escape(value, entities=None):
_ent = escape_entities
if entities is not None:
_ent = _ent.copy()
_ent.update(entities)
return _escape(value, entities)
def unescape(value, entities=None):
_ent = unescape_entities
if entities is not None:
_ent = _ent.copy()
_ent.update(entities)
return _unescape(value, entities)
# XXX latin-1 is hardcoded on OFS.PropertySheets as the expected
# encoding properties will be stored in. Optimally, we should use the
# same encoding as the 'default_encoding' property that is used for
# the ZMI.
zope_encoding = 'latin-1'
class Node:
""" our nodes no matter what type """
""" Our nodes no matter what type
"""
node = None
def __init__(self, node):
self.node=node
def elements(self, name=None, ns=None):
nodes=[ Node(n) for n in self.node.childNodes if n.nodeType == n.ELEMENT_NODE and \
((name is None) or ((n.localName.lower())==name)) and \
((ns is None) or (n.namespaceURI==ns)) ]
nodes = []
for n in self.node.childNodes:
if (n.nodeType == n.ELEMENT_NODE and
((name is None) or ((n.localName.lower())==name)) and
((ns is None) or (n.namespaceURI==ns))):
nodes.append(Element(n))
return nodes
def qname(self):
return '%s%s' % (self.namespace(), self.name())
return '%s%s' % (self.namespace(), self.name())
def addNode(self, node):
# XXX: no support for adding nodes here
raise NotImplementedError, 'addNode not implemented'
def toxml(self):
return self.node.toxml()
def strval(self):
return self.toxml()
return self.toxml().encode(zope_encoding)
def name(self): return self.node.localName
def attrs(self): return self.node.attributes
def value(self): return self.node.nodeValue
def nodes(self): return self.node.childNodes
def nskey(self): return self.node.namespaceURI
def namespace(self): return self.nskey()
def del_attr(self, name):
# XXX: no support for removing attributes
# XXX: no support for removing attributes
# zope can calls this after remapping to remove namespace
# haven't seen this happening though
return None
def remap(self, dict, n=0, top=1):
# XXX: this method is used to do some strange remapping of elements
# and namespaces .. not sure how to do this with minidom
......@@ -87,18 +117,31 @@ class Node:
return "<Node %s (from %s)>" % (self.name(), self.namespace())
else: return "<Node %s>" % self.name()
class Element(Node):
def toxml(self):
# When dealing with Elements, we only want the Element's content.
result = u''
for n in self.node.childNodes:
value = n.toxml()
# Use unescape possibly escaped values. We do this
# because the value is *always* escaped in it's XML
# representation, and if we store it escaped it will come
# out *double escaped* when doing a PROPFIND.
value = unescape(value, entities=unescape_entities)
result += value
return result
class XmlParser:
""" simple wrapper around minidom to support the required
interfaces for zope.webdav
""" Simple wrapper around minidom to support the required
interfaces for zope.webdav
"""
dom = None
def __init__(self):
pass
def parse(self, data):
self.dom=minidom.parseString(data)
self.dom = minidom.parseString(data)
return Node(self.dom)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment