4.1 --- a/actions/EventAggregatorNewEvent.py Mon Apr 12 20:33:40 2010 +0200
4.2 +++ b/actions/EventAggregatorNewEvent.py Sun Feb 06 02:18:19 2011 +0100
4.3 @@ -2,7 +2,7 @@
4.4 """
4.5 MoinMoin - EventAggregatorNewEvent Action
4.6
4.7 - @copyright: 2008, 2009, 2010 by Paul Boddie <paul@boddie.org.uk>
4.8 + @copyright: 2008, 2009, 2010, 2011 by Paul Boddie <paul@boddie.org.uk>
4.9 @copyright: 2000-2004 Juergen Hermann <jh@web.de>,
4.10 2003-2008 MoinMoin:ThomasWaldmann,
4.11 2004-2006 MoinMoin:AlexanderSchremmer,
4.12 @@ -15,6 +15,9 @@
4.13 from MoinMoin.PageEditor import PageEditor
4.14 import EventAggregatorSupport
4.15
4.16 +escape = EventAggregatorSupport.escape
4.17 +escattr = EventAggregatorSupport.escattr
4.18 +
4.19 try:
4.20 import pytz
4.21 except ImportError:
4.22 @@ -74,12 +77,13 @@
4.23 # In the advanced view, populate a menu.
4.24
4.25 if show_advanced:
4.26 - category_list.append('<option value="%s" %s>%s</option>' % (category_pagename, selected, category_name))
4.27 + category_list.append('<option value="%s" %s>%s</option>' % (
4.28 + escattr(category_pagename), selected, escape(category_name)))
4.29
4.30 # In the basic view, use hidden fields.
4.31
4.32 elif selected:
4.33 - category_list.append('<input value="%s" name="category" type="hidden" />' % category_pagename)
4.34 + category_list.append('<input value="%s" name="category" type="hidden" />' % escattr(category_pagename))
4.35
4.36 # Prepare the topics list.
4.37
4.38 @@ -106,9 +110,9 @@
4.39 for month in range(1, 13):
4.40 month_label = _(EventAggregatorSupport.getMonthLabel(month))
4.41 selected = self._get_selected(month, start_month)
4.42 - start_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, month_label))
4.43 + start_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, escape(month_label)))
4.44 selected = self._get_selected(month, end_month)
4.45 - end_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, month_label))
4.46 + end_month_list.append('<option value="%02d" %s>%s</option>' % (month, selected, escape(month_label)))
4.47
4.48 # Initialise regime lists.
4.49
4.50 @@ -122,7 +126,7 @@
4.51 if pytz is not None:
4.52 for pytz_regime in pytz.common_timezones:
4.53 selected = self._get_selected(pytz_regime, regime)
4.54 - regime_list.append('<option value="%s" %s>%s</option>' % (pytz_regime, selected, pytz_regime))
4.55 + regime_list.append('<option value="%s" %s>%s</option>' % (escattr(pytz_regime), selected, escape(pytz_regime)))
4.56
4.57 # Permitting configuration of the template name.
4.58
4.59 @@ -130,63 +134,63 @@
4.60
4.61 d = {
4.62 "buttons_html" : buttons_html,
4.63 - "category_label" : _("Categories"),
4.64 + "category_label" : escape(_("Categories")),
4.65 "category_list" : "\n".join(category_list),
4.66
4.67 "start_month_list" : "\n".join(start_month_list),
4.68 "end_month_list" : "\n".join(end_month_list),
4.69
4.70 "regime_list" : "\n".join(regime_list),
4.71 - "use_regime_label" : _("Using local time"),
4.72 + "use_regime_label" : escape(_("Using local time")),
4.73
4.74 - "show_end_date_label" : _("Specify end date"),
4.75 - "hide_end_date_label" : _("End event on same day"),
4.76 + "show_end_date_label" : escape(_("Specify end date")),
4.77 + "hide_end_date_label" : escape(_("End event on same day")),
4.78
4.79 - "show_times_label" : _("Specify times"),
4.80 - "hide_times_label" : _("No start and end times"),
4.81 + "show_times_label" : escape(_("Specify times")),
4.82 + "hide_times_label" : escape(_("No start and end times")),
4.83
4.84 - "show_offsets_label" : _("Specify UTC offsets"),
4.85 - "show_regime_label" : _("Specify location"),
4.86 - "hide_zone_label" : _("Make times apply everywhere"),
4.87 + "show_offsets_label" : escape(_("Specify UTC offsets")),
4.88 + "show_regime_label" : escape(_("Specify location")),
4.89 + "hide_zone_label" : escape(_("Make times apply everywhere")),
4.90
4.91 - "start_label" : _("Start date (day, month, year)"),
4.92 - "start_day_default" : form.get("start-day", [""])[0],
4.93 - "start_year_default" : form.get("start-year", [""])[0] or EventAggregatorSupport.getCurrentYear(),
4.94 - "start_time_label" : _("Start time (hour, minute, second)"),
4.95 - "start_hour_default" : form.get("start-hour", [""])[0],
4.96 - "start_minute_default" : form.get("start-minute", [""])[0],
4.97 - "start_second_default" : form.get("start-second", [""])[0],
4.98 - "start_offset_default" : form.get("start-offset", [""])[0],
4.99 + "start_label" : escape(_("Start date (day, month, year)")),
4.100 + "start_day_default" : escattr(form.get("start-day", [""])[0]),
4.101 + "start_year_default" : escattr(form.get("start-year", [""])[0] or EventAggregatorSupport.getCurrentYear()),
4.102 + "start_time_label" : escape(_("Start time (hour, minute, second)")),
4.103 + "start_hour_default" : escattr(form.get("start-hour", [""])[0]),
4.104 + "start_minute_default" : escattr(form.get("start-minute", [""])[0]),
4.105 + "start_second_default" : escattr(form.get("start-second", [""])[0]),
4.106 + "start_offset_default" : escattr(form.get("start-offset", [""])[0]),
4.107
4.108 - "end_label" : _("End date (day, month, year) - if different"),
4.109 - "end_day_default" : form.get("end-day", [""])[0] or form.get("start-day", [""])[0],
4.110 - "end_year_default" : form.get("end-year", [""])[0] or form.get("start-year", [""])[0],
4.111 - "end_time_label" : _("End time (hour, minute, second)"),
4.112 - "end_hour_default" : form.get("end-hour", [""])[0],
4.113 - "end_minute_default" : form.get("end-minute", [""])[0],
4.114 - "end_second_default" : form.get("end-second", [""])[0],
4.115 - "end_offset_default" : form.get("end-offset", [""])[0] or form.get("start-offset", [""])[0],
4.116 + "end_label" : escape(_("End date (day, month, year) - if different")),
4.117 + "end_day_default" : escattr(form.get("end-day", [""])[0] or form.get("start-day", [""])[0]),
4.118 + "end_year_default" : escattr(form.get("end-year", [""])[0] or form.get("start-year", [""])[0]),
4.119 + "end_time_label" : escape(_("End time (hour, minute, second)")),
4.120 + "end_hour_default" : escattr(form.get("end-hour", [""])[0]),
4.121 + "end_minute_default" : escattr(form.get("end-minute", [""])[0]),
4.122 + "end_second_default" : escattr(form.get("end-second", [""])[0]),
4.123 + "end_offset_default" : escattr(form.get("end-offset", [""])[0] or form.get("start-offset", [""])[0]),
4.124
4.125 - "title_label" : _("Event title/summary"),
4.126 - "title_default" : form.get("title", [""])[0],
4.127 - "description_label" : _("Event description"),
4.128 - "description_default" : form.get("description", [""])[0],
4.129 - "location_label" : _("Event location"),
4.130 - "location_default" : form.get("location", [""])[0],
4.131 - "link_label" : _("Event URL"),
4.132 - "link_default" : form.get("link", [""])[0],
4.133 + "title_label" : escape(_("Event title/summary")),
4.134 + "title_default" : escattr(form.get("title", [""])[0]),
4.135 + "description_label" : escape(_("Event description")),
4.136 + "description_default" : escattr(form.get("description", [""])[0]),
4.137 + "location_label" : escape(_("Event location")),
4.138 + "location_default" : escattr(form.get("location", [""])[0]),
4.139 + "link_label" : escape(_("Event URL")),
4.140 + "link_default" : escattr(form.get("link", [""])[0]),
4.141
4.142 - "topics_label" : _("Topics"),
4.143 - "add_topic_label" : _("Add topic"),
4.144 - "remove_topic_label" : _("Remove topic"),
4.145 + "topics_label" : escape(_("Topics")),
4.146 + "add_topic_label" : escape(_("Add topic")),
4.147 + "remove_topic_label" : escape(_("Remove topic")),
4.148
4.149 - "template_label" : _("Event template"),
4.150 - "template_default" : form.get("template", [""])[0] or template_default,
4.151 - "parent_label" : _("Parent page"),
4.152 - "parent_default" : form.get("parent", [""])[0],
4.153 + "template_label" : escape(_("Event template")),
4.154 + "template_default" : escattr(form.get("template", [""])[0] or template_default),
4.155 + "parent_label" : escape(_("Parent page")),
4.156 + "parent_default" : escattr(form.get("parent", [""])[0]),
4.157
4.158 - "advanced_label" : _("Show advanced options"),
4.159 - "basic_label" : _("Hide advanced options"),
4.160 + "advanced_label" : escape(_("Show advanced options")),
4.161 + "basic_label" : escape(_("Hide advanced options")),
4.162 }
4.163
4.164 # Prepare the output HTML.
4.165 @@ -382,7 +386,7 @@
4.166 # Topics.
4.167
4.168 for i, topic in enumerate(topics):
4.169 - d["topic"] = topic
4.170 + d["topic"] = escattr(topic)
4.171 d["topic_number"] = i
4.172 html += '''
4.173 <tr>
5.1 --- a/actions/EventAggregatorSummary.py Mon Apr 12 20:33:40 2010 +0200
5.2 +++ b/actions/EventAggregatorSummary.py Sun Feb 06 02:18:19 2011 +0100
5.3 @@ -2,7 +2,7 @@
5.4 """
5.5 MoinMoin - EventAggregatorSummary Action
5.6
5.7 - @copyright: 2008, 2009, 2010 by Paul Boddie <paul@boddie.org.uk>
5.8 + @copyright: 2008, 2009, 2010, 2011 by Paul Boddie <paul@boddie.org.uk>
5.9 @copyright: 2000-2004 Juergen Hermann <jh@web.de>,
5.10 2003-2008 MoinMoin:ThomasWaldmann,
5.11 2004-2006 MoinMoin:AlexanderSchremmer,
5.12 @@ -18,6 +18,9 @@
5.13 from MoinMoin import wikiutil
5.14 import EventAggregatorSupport
5.15
5.16 +escape = EventAggregatorSupport.escape
5.17 +escattr = EventAggregatorSupport.escattr
5.18 +
5.19 Dependencies = ['pages']
5.20
5.21 # Action class and supporting functions.
5.22 @@ -38,40 +41,40 @@
5.23 EventAggregatorSupport.getCategories(request),
5.24 request):
5.25
5.26 - category_list.append('<option value="%s">%s</option>' % (category_pagename, category_name))
5.27 + category_list.append('<option value="%s">%s</option>' % (escattr(category_pagename), escape(category_name)))
5.28
5.29 month_list = []
5.30 month_list.append('<option value=""></option>')
5.31
5.32 for month in range(1, 13):
5.33 month_label = _(EventAggregatorSupport.getMonthLabel(month))
5.34 - month_list.append('<option value="%02d">%s</option>' % (month, month_label))
5.35 + month_list.append('<option value="%02d">%s</option>' % (month, escape(month_label)))
5.36
5.37 descriptions_list = [
5.38 - '<option value="%s">%s</option>' % ("page", _("page")),
5.39 - '<option value="%s">%s</option>' % ("comment", _("comment"))
5.40 + '<option value="%s">%s</option>' % ("page", escape(_("page"))),
5.41 + '<option value="%s">%s</option>' % ("comment", escape(_("comment")))
5.42 ]
5.43
5.44 format_list = [
5.45 - '<option value="%s">%s</option>' % ("iCalendar", _("iCalendar")),
5.46 - '<option value="%s">%s</option>' % ("RSS", _("RSS 2.0"))
5.47 + '<option value="%s">%s</option>' % ("iCalendar", escape(_("iCalendar"))),
5.48 + '<option value="%s">%s</option>' % ("RSS", escape(_("RSS 2.0")))
5.49 ]
5.50
5.51 d = {
5.52 "buttons_html" : buttons_html,
5.53 - "category_label" : _("Categories"),
5.54 + "category_label" : escape(_("Categories")),
5.55 "category_list" : "\n".join(category_list),
5.56 "month_list" : "\n".join(month_list),
5.57 - "start_label" : _("Start year and month"),
5.58 + "start_label" : escape(_("Start year and month")),
5.59 "start_year_default" : "",
5.60 - "end_label" : _("End year and month"),
5.61 + "end_label" : escape(_("End year and month")),
5.62 "end_year_default" : "",
5.63 - "descriptions_label" : _("Use descriptions from..."),
5.64 + "descriptions_label" : escape(_("Use descriptions from...")),
5.65 "descriptions_list" : "\n".join(descriptions_list),
5.66 - "format_label" : _("Summary format"),
5.67 + "format_label" : escape(_("Summary format")),
5.68 "format_list" : "\n".join(format_list),
5.69 - "parent_label" : _("Parent page"),
5.70 - "parent_name" : form.get("parent", [""])[0],
5.71 + "parent_label" : escape(_("Parent page")),
5.72 + "parent_name" : escattr(form.get("parent", [""])[0]),
5.73 }
5.74
5.75 return '''