[Zope-Checkins] CVS: Zope/lib/python/Products/Transience - Transience.py:1.26
Martijn Pieters
mj@zope.com
Thu, 1 Aug 2002 12:01:12 -0400
Update of /cvs-repository/Zope/lib/python/Products/Transience
In directory cvs.zope.org:/tmp/cvs-serv9325/lib/python/Products/Transience
Modified Files:
Transience.py
Log Message:
Big change
- Make DTML automatically html quote data indirectly taken from REQUEST
which contain a '<'. Make sure (almost) all string operation preserve the
taint on this data.
- Fix exceptions that use REQUEST data; quote the data.
- Don't let form and cookie values mask the REQUEST computed values such as
URL0 and BASE1.
=== Zope/lib/python/Products/Transience/Transience.py 1.25 => 1.26 ===
import thread
import ThreadLock
import Queue
+from cgi import escape
_marker = []
@@ -324,14 +325,14 @@
def _setTimeout(self, timeout_mins):
if type(timeout_mins) is not type(1):
- raise TypeError, (timeout_mins, "Must be integer")
+ raise TypeError, (escape(`timeout_mins`), "Must be integer")
self._timeout_secs = t_secs = timeout_mins * 60
# timeout_slices == fewest number of timeslices that's >= t_secs
self._timeout_slices=int(math.ceil(float(t_secs)/self._period))
def _setLimit(self, limit):
if type(limit) is not type(1):
- raise TypeError, (limit, "Must be integer")
+ raise TypeError, (escape(`limit`), "Must be integer")
self._limit = limit
security.declareProtected(MGMT_SCREEN_PERM, 'nudge')