1.1 --- a/actions/EventAggregatorNewEvent.py Mon Apr 12 20:33:40 2010 +0200
1.2 +++ b/actions/EventAggregatorNewEvent.py Sun Feb 06 02:18:19 2011 +0100
1.3 @@ -2,7 +2,7 @@
1.4 """
1.5 MoinMoin - EventAggregatorNewEvent Action
1.6
1.7 - @copyright: 2008, 2009, 2010 by Paul Boddie <paul@boddie.org.uk>
1.8 + @copyright: 2008, 2009, 2010, 2011 by Paul Boddie <paul@boddie.org.uk>
1.9 @copyright: 2000-2004 Juergen Hermann <jh@web.de>,
1.10 2003-2008 MoinMoin:ThomasWaldmann,
1.11 2004-2006 MoinMoin:AlexanderSchremmer,
1.12 @@ -15,6 +15,9 @@
1.13 from MoinMoin.PageEditor import PageEditor
1.14 import EventAggregatorSupport
1.15
1.16 +escape = EventAggregatorSupport.escape
1.17 +escattr = EventAggregatorSupport.escattr
1.18 +
1.19 try:
1.20 import pytz
1.21 except ImportError:
1.22 @@ -74,12 +77,13 @@
1.23 # In the advanced view, populate a menu.
1.24
1.25 if show_advanced:
1.26 - category_list.append('<option value="%s" %s>%s</option>' % (category_pagename, selected, category_name))
1.27 + category_list.append('<option value="%s" %s>%s</option>' % (
1.28 + escattr(category_pagename), selected, escape(category_name)))
1.29
1.30 # In the basic view, use hidden fields.
1.31
1.32 elif selected:
1.33 - category_list.append('<input value="%s" name="category" type="hidden" />' % category_pagename)
1.34 + category_list.append('<input value="%s" name="category" type="hidden" />' % escattr(category_pagename))
1.35
1.36 # Prepare the topics list.
1.37
1.38 @@ -106,9 +110,9 @@
1.39 for month in range(1, 13):
1.40 month_label = _(EventAggregatorSupport.getMonthLabel(month))
1.41 selected = self._get_selected(month, start_month)
1.42 - start_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, month_label))
1.43 + start_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, escape(month_label)))
1.44 selected = self._get_selected(month, end_month)
1.45 - end_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, month_label))
1.46 + end_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, escape(month_label)))
1.47
1.48 # Initialise regime lists.
1.49
1.50 @@ -122,7 +126,7 @@
1.51 if pytz is not None:
1.52 for pytz_regime in pytz.common_timezones:
1.53 selected = self._get_selected(pytz_regime, regime)
1.54 - regime_list.append('<option value="%s" %s>%s</option>' % (pytz_regime, selected, pytz_regime))
1.55 + regime_list.append('<option value="%s" %s>%s</option>' % (escattr(pytz_regime), selected, escape(pytz_regime)))
1.56
1.57 # Permitting configuration of the template name.
1.58
1.59 @@ -130,63 +134,63 @@
1.60
1.61 d = {
1.62 "buttons_html" : buttons_html,
1.63 - "category_label" : _("Categories"),
1.64 + "category_label" : escape(_("Categories")),
1.65 "category_list" : "\n".join(category_list),
1.66
1.67 "start_month_list" : "\n".join(start_month_list),
1.68 "end_month_list" : "\n".join(end_month_list),
1.69
1.70 "regime_list" : "\n".join(regime_list),
1.71 - "use_regime_label" : _("Using local time"),
1.72 + "use_regime_label" : escape(_("Using local time")),
1.73
1.74 - "show_end_date_label" : _("Specify end date"),
1.75 - "hide_end_date_label" : _("End event on same day"),
1.76 + "show_end_date_label" : escape(_("Specify end date")),
1.77 + "hide_end_date_label" : escape(_("End event on same day")),
1.78
1.79 - "show_times_label" : _("Specify times"),
1.80 - "hide_times_label" : _("No start and end times"),
1.81 + "show_times_label" : escape(_("Specify times")),
1.82 + "hide_times_label" : escape(_("No start and end times")),
1.83
1.84 - "show_offsets_label" : _("Specify UTC offsets"),
1.85 - "show_regime_label" : _("Specify location"),
1.86 - "hide_zone_label" : _("Make times apply everywhere"),
1.87 + "show_offsets_label" : escape(_("Specify UTC offsets")),
1.88 + "show_regime_label" : escape(_("Specify location")),
1.89 + "hide_zone_label" : escape(_("Make times apply everywhere")),
1.90
1.91 - "start_label" : _("Start date (day, month, year)"),
1.92 - "start_day_default" : form.get("start-day", [""])[0],
1.93 - "start_year_default" : form.get("start-year", [""])[0] or EventAggregatorSupport.getCurrentYear(),
1.94 - "start_time_label" : _("Start time (hour, minute, second)"),
1.95 - "start_hour_default" : form.get("start-hour", [""])[0],
1.96 - "start_minute_default" : form.get("start-minute", [""])[0],
1.97 - "start_second_default" : form.get("start-second", [""])[0],
1.98 - "start_offset_default" : form.get("start-offset", [""])[0],
1.99 + "start_label" : escape(_("Start date (day, month, year)")),
1.100 + "start_day_default" : escattr(form.get("start-day", [""])[0]),
1.101 + "start_year_default" : escattr(form.get("start-year", [""])[0] or EventAggregatorSupport.getCurrentYear()),
1.102 + "start_time_label" : escape(_("Start time (hour, minute, second)")),
1.103 + "start_hour_default" : escattr(form.get("start-hour", [""])[0]),
1.104 + "start_minute_default" : escattr(form.get("start-minute", [""])[0]),
1.105 + "start_second_default" : escattr(form.get("start-second", [""])[0]),
1.106 + "start_offset_default" : escattr(form.get("start-offset", [""])[0]),
1.107
1.108 - "end_label" : _("End date (day, month, year) - if different"),
1.109 - "end_day_default" : form.get("end-day", [""])[0] or form.get("start-day", [""])[0],
1.110 - "end_year_default" : form.get("end-year", [""])[0] or form.get("start-year", [""])[0],
1.111 - "end_time_label" : _("End time (hour, minute, second)"),
1.112 - "end_hour_default" : form.get("end-hour", [""])[0],
1.113 - "end_minute_default" : form.get("end-minute", [""])[0],
1.114 - "end_second_default" : form.get("end-second", [""])[0],
1.115 - "end_offset_default" : form.get("end-offset", [""])[0] or form.get("start-offset", [""])[0],
1.116 + "end_label" : escape(_("End date (day, month, year) - if different")),
1.117 + "end_day_default" : escattr(form.get("end-day", [""])[0] or form.get("start-day", [""])[0]),
1.118 + "end_year_default" : escattr(form.get("end-year", [""])[0] or form.get("start-year", [""])[0]),
1.119 + "end_time_label" : escape(_("End time (hour, minute, second)")),
1.120 + "end_hour_default" : escattr(form.get("end-hour", [""])[0]),
1.121 + "end_minute_default" : escattr(form.get("end-minute", [""])[0]),
1.122 + "end_second_default" : escattr(form.get("end-second", [""])[0]),
1.123 + "end_offset_default" : escattr(form.get("end-offset", [""])[0] or form.get("start-offset", [""])[0]),
1.124
1.125 - "title_label" : _("Event title/summary"),
1.126 - "title_default" : form.get("title", [""])[0],
1.127 - "description_label" : _("Event description"),
1.128 - "description_default" : form.get("description", [""])[0],
1.129 - "location_label" : _("Event location"),
1.130 - "location_default" : form.get("location", [""])[0],
1.131 - "link_label" : _("Event URL"),
1.132 - "link_default" : form.get("link", [""])[0],
1.133 + "title_label" : escape(_("Event title/summary")),
1.134 + "title_default" : escattr(form.get("title", [""])[0]),
1.135 + "description_label" : escape(_("Event description")),
1.136 + "description_default" : escattr(form.get("description", [""])[0]),
1.137 + "location_label" : escape(_("Event location")),
1.138 + "location_default" : escattr(form.get("location", [""])[0]),
1.139 + "link_label" : escape(_("Event URL")),
1.140 + "link_default" : escattr(form.get("link", [""])[0]),
1.141
1.142 - "topics_label" : _("Topics"),
1.143 - "add_topic_label" : _("Add topic"),
1.144 - "remove_topic_label" : _("Remove topic"),
1.145 + "topics_label" : escape(_("Topics")),
1.146 + "add_topic_label" : escape(_("Add topic")),
1.147 + "remove_topic_label" : escape(_("Remove topic")),
1.148
1.149 - "template_label" : _("Event template"),
1.150 - "template_default" : form.get("template", [""])[0] or template_default,
1.151 - "parent_label" : _("Parent page"),
1.152 - "parent_default" : form.get("parent", [""])[0],
1.153 + "template_label" : escape(_("Event template")),
1.154 + "template_default" : escattr(form.get("template", [""])[0] or template_default),
1.155 + "parent_label" : escape(_("Parent page")),
1.156 + "parent_default" : escattr(form.get("parent", [""])[0]),
1.157
1.158 - "advanced_label" : _("Show advanced options"),
1.159 - "basic_label" : _("Hide advanced options"),
1.160 + "advanced_label" : escape(_("Show advanced options")),
1.161 + "basic_label" : escape(_("Hide advanced options")),
1.162 }
1.163
1.164 # Prepare the output HTML.
1.165 @@ -382,7 +386,7 @@
1.166 # Topics.
1.167
1.168 for i, topic in enumerate(topics):
1.169 - d["topic"] = topic
1.170 + d["topic"] = escattr(topic)
1.171 d["topic_number"] = i
1.172 html += '''
1.173 <tr>