3.1 --- a/actions/EventAggregatorNewEvent.py Mon Jan 31 01:18:10 2011 +0100
3.2 +++ b/actions/EventAggregatorNewEvent.py Sun Feb 06 01:50:51 2011 +0100
3.3 @@ -2,7 +2,7 @@
3.4 """
3.5 MoinMoin - EventAggregatorNewEvent Action
3.6
3.7 - @copyright: 2008, 2009, 2010 by Paul Boddie <paul@boddie.org.uk>
3.8 + @copyright: 2008, 2009, 2010, 2011 by Paul Boddie <paul@boddie.org.uk>
3.9 @copyright: 2000-2004 Juergen Hermann <jh@web.de>,
3.10 2003-2008 MoinMoin:ThomasWaldmann,
3.11 2004-2006 MoinMoin:AlexanderSchremmer,
3.12 @@ -15,6 +15,9 @@
3.13 from MoinMoin.PageEditor import PageEditor
3.14 import EventAggregatorSupport
3.15
3.16 +escape = EventAggregatorSupport.escape
3.17 +escattr = EventAggregatorSupport.escattr
3.18 +
3.19 try:
3.20 import pytz
3.21 except ImportError:
3.22 @@ -61,12 +64,13 @@
3.23 # In the advanced view, populate a menu.
3.24
3.25 if show_advanced:
3.26 - category_list.append('<option value="%s" %s>%s</option>' % (category_pagename, selected, category_name))
3.27 + category_list.append('<option value="%s" %s>%s</option>' % (
3.28 + escattr(category_pagename), selected, escape(category_name)))
3.29
3.30 # In the basic view, use hidden fields.
3.31
3.32 elif selected:
3.33 - category_list.append('<input value="%s" name="category" type="hidden" />' % category_pagename)
3.34 + category_list.append('<input value="%s" name="category" type="hidden" />' % escattr(category_pagename))
3.35
3.36 # Prepare the topics list.
3.37
3.38 @@ -97,7 +101,7 @@
3.39 if pytz is not None:
3.40 for pytz_regime in pytz.common_timezones:
3.41 selected = self._get_selected(pytz_regime, regime)
3.42 - regime_list.append('<option value="%s" %s>%s</option>' % (pytz_regime, selected, pytz_regime))
3.43 + regime_list.append('<option value="%s" %s>%s</option>' % (escattr(pytz_regime), selected, escape(pytz_regime)))
3.44
3.45 # Permitting configuration of the template name.
3.46
3.47 @@ -105,63 +109,63 @@
3.48
3.49 d = {
3.50 "buttons_html" : buttons_html,
3.51 - "category_label" : _("Categories"),
3.52 + "category_label" : escape(_("Categories")),
3.53 "category_list" : "\n".join(category_list),
3.54
3.55 "start_month_list" : "\n".join(start_month_list),
3.56 "end_month_list" : "\n".join(end_month_list),
3.57
3.58 "regime_list" : "\n".join(regime_list),
3.59 - "use_regime_label" : _("Using local time"),
3.60 + "use_regime_label" : escape(_("Using local time")),
3.61
3.62 - "show_end_date_label" : _("Specify end date"),
3.63 - "hide_end_date_label" : _("End event on same day"),
3.64 + "show_end_date_label" : escape(_("Specify end date")),
3.65 + "hide_end_date_label" : escape(_("End event on same day")),
3.66
3.67 - "show_times_label" : _("Specify times"),
3.68 - "hide_times_label" : _("No start and end times"),
3.69 + "show_times_label" : escape(_("Specify times")),
3.70 + "hide_times_label" : escape(_("No start and end times")),
3.71
3.72 - "show_offsets_label" : _("Specify UTC offsets"),
3.73 - "show_regime_label" : _("Specify location"),
3.74 - "hide_zone_label" : _("Make times apply everywhere"),
3.75 + "show_offsets_label" : escape(_("Specify UTC offsets")),
3.76 + "show_regime_label" : escape(_("Specify location")),
3.77 + "hide_zone_label" : escape(_("Make times apply everywhere")),
3.78
3.79 - "start_label" : _("Start date (day, month, year)"),
3.80 - "start_day_default" : form.get("start-day", [""])[0],
3.81 - "start_year_default" : start_year_default,
3.82 - "start_time_label" : _("Start time (hour, minute, second)"),
3.83 - "start_hour_default" : form.get("start-hour", [""])[0],
3.84 - "start_minute_default" : form.get("start-minute", [""])[0],
3.85 - "start_second_default" : form.get("start-second", [""])[0],
3.86 - "start_offset_default" : form.get("start-offset", [""])[0],
3.87 + "start_label" : escape(_("Start date (day, month, year)")),
3.88 + "start_day_default" : escattr(form.get("start-day", [""])[0]),
3.89 + "start_year_default" : escattr(start_year_default),
3.90 + "start_time_label" : escape(_("Start time (hour, minute, second)")),
3.91 + "start_hour_default" : escattr(form.get("start-hour", [""])[0]),
3.92 + "start_minute_default" : escattr(form.get("start-minute", [""])[0]),
3.93 + "start_second_default" : escattr(form.get("start-second", [""])[0]),
3.94 + "start_offset_default" : escattr(form.get("start-offset", [""])[0]),
3.95
3.96 - "end_label" : _("End date (day, month, year) - if different"),
3.97 - "end_day_default" : form.get("end-day", [""])[0] or form.get("start-day", [""])[0],
3.98 - "end_year_default" : end_year_default,
3.99 - "end_time_label" : _("End time (hour, minute, second)"),
3.100 - "end_hour_default" : form.get("end-hour", [""])[0],
3.101 - "end_minute_default" : form.get("end-minute", [""])[0],
3.102 - "end_second_default" : form.get("end-second", [""])[0],
3.103 - "end_offset_default" : form.get("end-offset", [""])[0] or form.get("start-offset", [""])[0],
3.104 + "end_label" : escape(_("End date (day, month, year) - if different")),
3.105 + "end_day_default" : escattr(form.get("end-day", [""])[0] or form.get("start-day", [""])[0]),
3.106 + "end_year_default" : escattr(end_year_default),
3.107 + "end_time_label" : escape(_("End time (hour, minute, second)")),
3.108 + "end_hour_default" : escattr(form.get("end-hour", [""])[0]),
3.109 + "end_minute_default" : escattr(form.get("end-minute", [""])[0]),
3.110 + "end_second_default" : escattr(form.get("end-second", [""])[0]),
3.111 + "end_offset_default" : escattr(form.get("end-offset", [""])[0] or form.get("start-offset", [""])[0]),
3.112
3.113 - "title_label" : _("Event title/summary"),
3.114 - "title_default" : form.get("title", [""])[0],
3.115 - "description_label" : _("Event description"),
3.116 - "description_default" : form.get("description", [""])[0],
3.117 - "location_label" : _("Event location"),
3.118 - "location_default" : form.get("location", [""])[0],
3.119 - "link_label" : _("Event URL"),
3.120 - "link_default" : form.get("link", [""])[0],
3.121 + "title_label" : escape(_("Event title/summary")),
3.122 + "title_default" : escattr(form.get("title", [""])[0]),
3.123 + "description_label" : escape(_("Event description")),
3.124 + "description_default" : escattr(form.get("description", [""])[0]),
3.125 + "location_label" : escape(_("Event location")),
3.126 + "location_default" : escattr(form.get("location", [""])[0]),
3.127 + "link_label" : escape(_("Event URL")),
3.128 + "link_default" : escattr(form.get("link", [""])[0]),
3.129
3.130 - "topics_label" : _("Topics"),
3.131 - "add_topic_label" : _("Add topic"),
3.132 - "remove_topic_label" : _("Remove topic"),
3.133 + "topics_label" : escape(_("Topics")),
3.134 + "add_topic_label" : escape(_("Add topic")),
3.135 + "remove_topic_label" : escape(_("Remove topic")),
3.136
3.137 - "template_label" : _("Event template"),
3.138 - "template_default" : form.get("template", [""])[0] or template_default,
3.139 - "parent_label" : _("Parent page"),
3.140 - "parent_default" : form.get("parent", [""])[0],
3.141 + "template_label" : escape(_("Event template")),
3.142 + "template_default" : escattr(form.get("template", [""])[0] or template_default),
3.143 + "parent_label" : escape(_("Parent page")),
3.144 + "parent_default" : escattr(form.get("parent", [""])[0]),
3.145
3.146 - "advanced_label" : _("Show advanced options"),
3.147 - "basic_label" : _("Hide advanced options"),
3.148 + "advanced_label" : escape(_("Show advanced options")),
3.149 + "basic_label" : escape(_("Hide advanced options")),
3.150 }
3.151
3.152 # Prepare the output HTML.
3.153 @@ -357,7 +361,7 @@
3.154 # Topics.
3.155
3.156 for i, topic in enumerate(topics):
3.157 - d["topic"] = topic
3.158 + d["topic"] = escattr(topic)
3.159 d["topic_number"] = i
3.160 html += '''
3.161 <tr>
4.1 --- a/actions/EventAggregatorSummary.py Mon Jan 31 01:18:10 2011 +0100
4.2 +++ b/actions/EventAggregatorSummary.py Sun Feb 06 01:50:51 2011 +0100
4.3 @@ -17,6 +17,9 @@
4.4 from MoinMoin import wikiutil
4.5 import EventAggregatorSupport
4.6
4.7 +escape = EventAggregatorSupport.escape
4.8 +escattr = EventAggregatorSupport.escattr
4.9 +
4.10 Dependencies = ['pages']
4.11
4.12 # Action class and supporting functions.
4.13 @@ -42,7 +45,8 @@
4.14
4.15 selected = self._get_selected_for_list(category_pagename, category_pagenames)
4.16
4.17 - category_list.append('<option value="%s" %s>%s</option>' % (category_pagename, selected, category_name))
4.18 + category_list.append('<option value="%s" %s>%s</option>' % (
4.19 + escattr(category_pagename), selected, escape(category_name)))
4.20
4.21 # Initialise month lists and defaults.
4.22
4.23 @@ -73,8 +77,8 @@
4.24 descriptions = form.get("descriptions", [None])[0]
4.25
4.26 descriptions_list = [
4.27 - '<option value="%s" %s>%s</option>' % ("page", self._get_selected("page", descriptions), _("page")),
4.28 - '<option value="%s" %s>%s</option>' % ("comment", self._get_selected("comment", descriptions), _("comment"))
4.29 + '<option value="%s" %s>%s</option>' % ("page", self._get_selected("page", descriptions), escape(_("page"))),
4.30 + '<option value="%s" %s>%s</option>' % ("comment", self._get_selected("comment", descriptions), escape(_("comment")))
4.31 ]
4.32
4.33 # Format.
4.34 @@ -82,39 +86,39 @@
4.35 format = form.get("format", [None])[0]
4.36
4.37 format_list = [
4.38 - '<option value="%s" %s>%s</option>' % ("iCalendar", self._get_selected("iCalendar", format), _("iCalendar")),
4.39 - '<option value="%s" %s>%s</option>' % ("RSS", self._get_selected("RSS", format), _("RSS 2.0"))
4.40 + '<option value="%s" %s>%s</option>' % ("iCalendar", self._get_selected("iCalendar", format), escape(_("iCalendar"))),
4.41 + '<option value="%s" %s>%s</option>' % ("RSS", self._get_selected("RSS", format), escape(_("RSS 2.0")))
4.42 ]
4.43
4.44 right_arrow = unicode('\xe2\x86\x92', "utf-8")
4.45
4.46 d = {
4.47 "buttons_html" : buttons_html,
4.48 - "category_label" : _("Categories"),
4.49 + "category_label" : escape(_("Categories")),
4.50 "category_list" : "\n".join(category_list),
4.51 "start_month_list" : "\n".join(start_month_list),
4.52 - "start_label" : _("Start day (optional), month and year"),
4.53 - "start_day_default" : start_day_default,
4.54 - "start_year_default" : start_year_default,
4.55 - "start_criteria_label" : _("or special criteria"),
4.56 - "start_criteria_default": start_criteria_default,
4.57 - "start_eval_label" : right_arrow,
4.58 - "start_criteria_eval" : start_criteria_evaluated,
4.59 + "start_label" : escape(_("Start day (optional), month and year")),
4.60 + "start_day_default" : escattr(start_day_default),
4.61 + "start_year_default" : escattr(start_year_default),
4.62 + "start_criteria_label" : escape(_("or special criteria")),
4.63 + "start_criteria_default": escattr(start_criteria_default),
4.64 + "start_eval_label" : escattr(right_arrow),
4.65 + "start_criteria_eval" : escape(start_criteria_evaluated),
4.66 "end_month_list" : "\n".join(end_month_list),
4.67 - "end_label" : _("End day (optional), month and year"),
4.68 - "end_day_default" : end_day_default,
4.69 - "end_year_default" : end_year_default,
4.70 - "end_criteria_label" : _("or special criteria"),
4.71 - "end_criteria_default" : end_criteria_default,
4.72 + "end_label" : escape(_("End day (optional), month and year")),
4.73 + "end_day_default" : escattr(end_day_default),
4.74 + "end_year_default" : escattr(end_year_default),
4.75 + "end_criteria_label" : escape(_("or special criteria")),
4.76 + "end_criteria_default" : escattr(end_criteria_default),
4.77 "end_eval_label" : right_arrow,
4.78 - "end_criteria_eval" : end_criteria_evaluated,
4.79 - "descriptions_label" : _("Use descriptions from..."),
4.80 + "end_criteria_eval" : escape(end_criteria_evaluated),
4.81 + "descriptions_label" : escape(_("Use descriptions from...")),
4.82 "descriptions_list" : "\n".join(descriptions_list),
4.83 - "format_label" : _("Summary format"),
4.84 + "format_label" : escape(_("Summary format")),
4.85 "format_list" : "\n".join(format_list),
4.86 - "parent_label" : _("Parent page"),
4.87 - "parent_name" : form.get("parent", [""])[0],
4.88 - "resolution" : resolution,
4.89 + "parent_label" : escape(_("Parent page")),
4.90 + "parent_name" : escattr(form.get("parent", [""])[0]),
4.91 + "resolution" : escattr(resolution),
4.92 }
4.93
4.94 return '''