# HG changeset patch
# User Paul Boddie <paul@boddie.org.uk>
# Date 1296955099 -3600
# Node ID 067b30223eb3db64971ace7dae263e4eae09dce6
# Parent  e1684a6e8a821ac67ae6d591b703edaefbb66b15
Fixed HTML encoding in the forms produced by the actions.
Updated release information.

diff -r e1684a6e8a82 -r 067b30223eb3 EventAggregatorSupport.py
--- a/EventAggregatorSupport.py	Mon Apr 12 20:33:40 2010 +0200
+++ b/EventAggregatorSupport.py	Sun Feb 06 02:18:19 2011 +0100
@@ -2,7 +2,7 @@
 """
     MoinMoin - EventAggregator library
 
-    @copyright: 2008, 2009, 2010 by Paul Boddie <paul@boddie.org.uk>
+    @copyright: 2008, 2009, 2010, 2011 by Paul Boddie <paul@boddie.org.uk>
     @copyright: 2000-2004 Juergen Hermann <jh@web.de>,
                 2005-2008 MoinMoin:ThomasWaldmann.
     @license: GNU GPL (v2 or later), see COPYING.txt for details.
@@ -26,7 +26,12 @@
 except ImportError:
     pytz = None
 
-__version__ = "0.6"
+escape = wikiutil.escape
+
+def escattr(s):
+    return escape(s, 1)
+
+__version__ = "0.6.1"
 
 # Date labels.
 
diff -r e1684a6e8a82 -r 067b30223eb3 PKG-INFO
--- a/PKG-INFO	Mon Apr 12 20:33:40 2010 +0200
+++ b/PKG-INFO	Sun Feb 06 02:18:19 2011 +0100
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: EventAggregator
-Version: 0.6
+Version: 0.6.1
 Author: Paul Boddie
 Author-email: paul at boddie org uk
 Maintainer: Paul Boddie
diff -r e1684a6e8a82 -r 067b30223eb3 README.txt
--- a/README.txt	Mon Apr 12 20:33:40 2010 +0200
+++ b/README.txt	Sun Feb 06 02:18:19 2011 +0100
@@ -26,6 +26,9 @@
 Important Notices
 -----------------
 
+Release 0.6.1 fixes various bugs in HTML production done by the actions. It is
+strongly recommended to upgrade from earlier versions to this release.
+
 In release 0.6, support for event times has been introduced. Due to the
 complicated nature of times, time zones, time regimes, and so on, the
 behaviour of the software may change in future versions to support common
@@ -224,6 +227,11 @@
 time zone information for the correct interpretation of time information in
 those summaries. Thus, it is highly recommended that pytz be installed.
 
+New in EventAggregator 0.6.1 (Changes since EventAggregator 0.6)
+----------------------------------------------------------------
+
+  * Fixed HTML encoding in the forms generated by the actions.
+
 New in EventAggregator 0.6 (Changes since EventAggregator 0.5)
 --------------------------------------------------------------
 
diff -r e1684a6e8a82 -r 067b30223eb3 actions/EventAggregatorNewEvent.py
--- a/actions/EventAggregatorNewEvent.py	Mon Apr 12 20:33:40 2010 +0200
+++ b/actions/EventAggregatorNewEvent.py	Sun Feb 06 02:18:19 2011 +0100
@@ -2,7 +2,7 @@
 """
     MoinMoin - EventAggregatorNewEvent Action
 
-    @copyright: 2008, 2009, 2010 by Paul Boddie <paul@boddie.org.uk>
+    @copyright: 2008, 2009, 2010, 2011 by Paul Boddie <paul@boddie.org.uk>
     @copyright: 2000-2004 Juergen Hermann <jh@web.de>,
                 2003-2008 MoinMoin:ThomasWaldmann,
                 2004-2006 MoinMoin:AlexanderSchremmer,
@@ -15,6 +15,9 @@
 from MoinMoin.PageEditor import PageEditor
 import EventAggregatorSupport
 
+escape = EventAggregatorSupport.escape
+escattr = EventAggregatorSupport.escattr
+
 try:
     import pytz
 except ImportError:
@@ -74,12 +77,13 @@
             # In the advanced view, populate a menu.
 
             if show_advanced:
-                category_list.append('<option value="%s" %s>%s</option>' % (category_pagename, selected, category_name))
+                category_list.append('<option value="%s" %s>%s</option>' % (
+                    escattr(category_pagename), selected, escape(category_name)))
 
             # In the basic view, use hidden fields.
 
             elif selected:
-                category_list.append('<input value="%s" name="category" type="hidden" />' % category_pagename)
+                category_list.append('<input value="%s" name="category" type="hidden" />' % escattr(category_pagename))
 
         # Prepare the topics list.
 
@@ -106,9 +110,9 @@
         for month in range(1, 13):
             month_label = _(EventAggregatorSupport.getMonthLabel(month))
             selected = self._get_selected(month, start_month)
-            start_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, month_label))
+            start_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, escape(month_label)))
             selected = self._get_selected(month, end_month)
-            end_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, month_label))
+            end_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, escape(month_label)))
 
         # Initialise regime lists.
 
@@ -122,7 +126,7 @@
         if pytz is not None:
             for pytz_regime in pytz.common_timezones:
                 selected = self._get_selected(pytz_regime, regime)
-                regime_list.append('<option value="%s" %s>%s</option>' % (pytz_regime, selected, pytz_regime))
+                regime_list.append('<option value="%s" %s>%s</option>' % (escattr(pytz_regime), selected, escape(pytz_regime)))
 
         # Permitting configuration of the template name.
 
@@ -130,63 +134,63 @@
 
         d = {
             "buttons_html"          : buttons_html,
-            "category_label"        : _("Categories"),
+            "category_label"        : escape(_("Categories")),
             "category_list"         : "\n".join(category_list),
 
             "start_month_list"      : "\n".join(start_month_list),
             "end_month_list"        : "\n".join(end_month_list),
 
             "regime_list"           : "\n".join(regime_list),
-            "use_regime_label"      : _("Using local time"),
+            "use_regime_label"      : escape(_("Using local time")),
 
-            "show_end_date_label"   : _("Specify end date"),
-            "hide_end_date_label"   : _("End event on same day"),
+            "show_end_date_label"   : escape(_("Specify end date")),
+            "hide_end_date_label"   : escape(_("End event on same day")),
 
-            "show_times_label"      : _("Specify times"),
-            "hide_times_label"      : _("No start and end times"),
+            "show_times_label"      : escape(_("Specify times")),
+            "hide_times_label"      : escape(_("No start and end times")),
 
-            "show_offsets_label"    : _("Specify UTC offsets"),
-            "show_regime_label"     : _("Specify location"),
-            "hide_zone_label"       : _("Make times apply everywhere"),
+            "show_offsets_label"    : escape(_("Specify UTC offsets")),
+            "show_regime_label"     : escape(_("Specify location")),
+            "hide_zone_label"       : escape(_("Make times apply everywhere")),
 
-            "start_label"           : _("Start date (day, month, year)"),
-            "start_day_default"     : form.get("start-day", [""])[0],
-            "start_year_default"    : form.get("start-year", [""])[0] or EventAggregatorSupport.getCurrentYear(),
-            "start_time_label"      : _("Start time (hour, minute, second)"),
-            "start_hour_default"    : form.get("start-hour", [""])[0],
-            "start_minute_default"  : form.get("start-minute", [""])[0],
-            "start_second_default"  : form.get("start-second", [""])[0],
-            "start_offset_default"  : form.get("start-offset", [""])[0],
+            "start_label"           : escape(_("Start date (day, month, year)")),
+            "start_day_default"     : escattr(form.get("start-day", [""])[0]),
+            "start_year_default"    : escattr(form.get("start-year", [""])[0] or EventAggregatorSupport.getCurrentYear()),
+            "start_time_label"      : escape(_("Start time (hour, minute, second)")),
+            "start_hour_default"    : escattr(form.get("start-hour", [""])[0]),
+            "start_minute_default"  : escattr(form.get("start-minute", [""])[0]),
+            "start_second_default"  : escattr(form.get("start-second", [""])[0]),
+            "start_offset_default"  : escattr(form.get("start-offset", [""])[0]),
 
-            "end_label"             : _("End date (day, month, year) - if different"),
-            "end_day_default"       : form.get("end-day", [""])[0] or form.get("start-day", [""])[0],
-            "end_year_default"      : form.get("end-year", [""])[0] or form.get("start-year", [""])[0],
-            "end_time_label"        : _("End time (hour, minute, second)"),
-            "end_hour_default"      : form.get("end-hour", [""])[0],
-            "end_minute_default"    : form.get("end-minute", [""])[0],
-            "end_second_default"    : form.get("end-second", [""])[0],
-            "end_offset_default"    : form.get("end-offset", [""])[0] or form.get("start-offset", [""])[0],
+            "end_label"             : escape(_("End date (day, month, year) - if different")),
+            "end_day_default"       : escattr(form.get("end-day", [""])[0] or form.get("start-day", [""])[0]),
+            "end_year_default"      : escattr(form.get("end-year", [""])[0] or form.get("start-year", [""])[0]),
+            "end_time_label"        : escape(_("End time (hour, minute, second)")),
+            "end_hour_default"      : escattr(form.get("end-hour", [""])[0]),
+            "end_minute_default"    : escattr(form.get("end-minute", [""])[0]),
+            "end_second_default"    : escattr(form.get("end-second", [""])[0]),
+            "end_offset_default"    : escattr(form.get("end-offset", [""])[0] or form.get("start-offset", [""])[0]),
 
-            "title_label"           : _("Event title/summary"),
-            "title_default"         : form.get("title", [""])[0],
-            "description_label"     : _("Event description"),
-            "description_default"   : form.get("description", [""])[0],
-            "location_label"        : _("Event location"),
-            "location_default"      : form.get("location", [""])[0],
-            "link_label"            : _("Event URL"),
-            "link_default"          : form.get("link", [""])[0],
+            "title_label"           : escape(_("Event title/summary")),
+            "title_default"         : escattr(form.get("title", [""])[0]),
+            "description_label"     : escape(_("Event description")),
+            "description_default"   : escattr(form.get("description", [""])[0]),
+            "location_label"        : escape(_("Event location")),
+            "location_default"      : escattr(form.get("location", [""])[0]),
+            "link_label"            : escape(_("Event URL")),
+            "link_default"          : escattr(form.get("link", [""])[0]),
 
-            "topics_label"          : _("Topics"),
-            "add_topic_label"       : _("Add topic"),
-            "remove_topic_label"    : _("Remove topic"),
+            "topics_label"          : escape(_("Topics")),
+            "add_topic_label"       : escape(_("Add topic")),
+            "remove_topic_label"    : escape(_("Remove topic")),
 
-            "template_label"        : _("Event template"),
-            "template_default"      : form.get("template", [""])[0] or template_default,
-            "parent_label"          : _("Parent page"),
-            "parent_default"        : form.get("parent", [""])[0],
+            "template_label"        : escape(_("Event template")),
+            "template_default"      : escattr(form.get("template", [""])[0] or template_default),
+            "parent_label"          : escape(_("Parent page")),
+            "parent_default"        : escattr(form.get("parent", [""])[0]),
 
-            "advanced_label"        : _("Show advanced options"),
-            "basic_label"           : _("Hide advanced options"),
+            "advanced_label"        : escape(_("Show advanced options")),
+            "basic_label"           : escape(_("Hide advanced options")),
             }
 
         # Prepare the output HTML.
@@ -382,7 +386,7 @@
         # Topics.
 
         for i, topic in enumerate(topics):
-            d["topic"] = topic
+            d["topic"] = escattr(topic)
             d["topic_number"] = i
             html += '''
     <tr>
diff -r e1684a6e8a82 -r 067b30223eb3 actions/EventAggregatorSummary.py
--- a/actions/EventAggregatorSummary.py	Mon Apr 12 20:33:40 2010 +0200
+++ b/actions/EventAggregatorSummary.py	Sun Feb 06 02:18:19 2011 +0100
@@ -2,7 +2,7 @@
 """
     MoinMoin - EventAggregatorSummary Action
 
-    @copyright: 2008, 2009, 2010 by Paul Boddie <paul@boddie.org.uk>
+    @copyright: 2008, 2009, 2010, 2011 by Paul Boddie <paul@boddie.org.uk>
     @copyright: 2000-2004 Juergen Hermann <jh@web.de>,
                 2003-2008 MoinMoin:ThomasWaldmann,
                 2004-2006 MoinMoin:AlexanderSchremmer,
@@ -18,6 +18,9 @@
 from MoinMoin import wikiutil
 import EventAggregatorSupport
 
+escape = EventAggregatorSupport.escape
+escattr = EventAggregatorSupport.escattr
+
 Dependencies = ['pages']
 
 # Action class and supporting functions.
@@ -38,40 +41,40 @@
                 EventAggregatorSupport.getCategories(request),
                 request):
 
-            category_list.append('<option value="%s">%s</option>' % (category_pagename, category_name))
+            category_list.append('<option value="%s">%s</option>' % (escattr(category_pagename), escape(category_name)))
 
         month_list = []
         month_list.append('<option value=""></option>')
 
         for month in range(1, 13):
             month_label = _(EventAggregatorSupport.getMonthLabel(month))
-            month_list.append('<option value="%02d">%s</option>' % (month, month_label))
+            month_list.append('<option value="%02d">%s</option>' % (month, escape(month_label)))
 
         descriptions_list = [
-            '<option value="%s">%s</option>' % ("page", _("page")),
-            '<option value="%s">%s</option>' % ("comment", _("comment"))
+            '<option value="%s">%s</option>' % ("page", escape(_("page"))),
+            '<option value="%s">%s</option>' % ("comment", escape(_("comment")))
             ]
 
         format_list = [
-            '<option value="%s">%s</option>' % ("iCalendar", _("iCalendar")),
-            '<option value="%s">%s</option>' % ("RSS", _("RSS 2.0"))
+            '<option value="%s">%s</option>' % ("iCalendar", escape(_("iCalendar"))),
+            '<option value="%s">%s</option>' % ("RSS", escape(_("RSS 2.0")))
             ]
 
         d = {
             "buttons_html"          : buttons_html,
-            "category_label"        : _("Categories"),
+            "category_label"        : escape(_("Categories")),
             "category_list"         : "\n".join(category_list),
             "month_list"            : "\n".join(month_list),
-            "start_label"           : _("Start year and month"),
+            "start_label"           : escape(_("Start year and month")),
             "start_year_default"    : "",
-            "end_label"             : _("End year and month"),
+            "end_label"             : escape(_("End year and month")),
             "end_year_default"      : "",
-            "descriptions_label"    : _("Use descriptions from..."),
+            "descriptions_label"    : escape(_("Use descriptions from...")),
             "descriptions_list"     : "\n".join(descriptions_list),
-            "format_label"          : _("Summary format"),
+            "format_label"          : escape(_("Summary format")),
             "format_list"           : "\n".join(format_list),
-            "parent_label"          : _("Parent page"),
-            "parent_name"           : form.get("parent", [""])[0],
+            "parent_label"          : escape(_("Parent page")),
+            "parent_name"           : escattr(form.get("parent", [""])[0]),
             }
 
         return '''
diff -r e1684a6e8a82 -r 067b30223eb3 docs/COPYING.txt
--- a/docs/COPYING.txt	Mon Apr 12 20:33:40 2010 +0200
+++ b/docs/COPYING.txt	Sun Feb 06 02:18:19 2011 +0100
@@ -1,7 +1,7 @@
 Licence Agreement
 -----------------
 
-Copyright (C) 2008, 2009, 2010 Paul Boddie <paul@boddie.org.uk>
+Copyright (C) 2008, 2009, 2010, 2011 Paul Boddie <paul@boddie.org.uk>
 
 Some patches provided by the following contributors:
 
diff -r e1684a6e8a82 -r 067b30223eb3 setup.py
--- a/setup.py	Mon Apr 12 20:33:40 2010 +0200
+++ b/setup.py	Sun Feb 06 02:18:19 2011 +0100
@@ -8,6 +8,6 @@
     author       = "Paul Boddie",
     author_email = "paul@boddie.org.uk",
     url          = "http://moinmo.in/MacroMarket/EventAggregator",
-    version      = "0.6",
+    version      = "0.6.1",
     py_modules   = ["EventAggregatorSupport", "MoinMoin.script.import.eventfeed"]
     )