[Zope-Checkins] SVN: Zope/trunk/ - Always unescape element contents on webdav.xmltools

Sidnei da Silva sidnei at awkly.org
Tue Nov 2 12:31:00 EST 2004


Log message for revision 28320:
  
  
        - Always unescape element contents on webdav.xmltools
  
        - Use saxutils to escape/unescape values for/from
          PROPFIND/PROPPATCH.
  
        - Make OFS.PropertySheet use the escaping function from
          webdav.xmltools.
  
        - Escape/unescape " and '
  
        - Set a default value of '' for the new 'alt' property as not to
          break existing content.
  

Changed:
  U   Zope/trunk/doc/CHANGES.txt
  U   Zope/trunk/lib/python/OFS/Image.py
  U   Zope/trunk/lib/python/OFS/PropertySheets.py
  U   Zope/trunk/lib/python/webdav/xmltools.py

-=-
Modified: Zope/trunk/doc/CHANGES.txt
===================================================================
--- Zope/trunk/doc/CHANGES.txt	2004-11-02 16:41:07 UTC (rev 28319)
+++ Zope/trunk/doc/CHANGES.txt	2004-11-02 17:31:00 UTC (rev 28320)
@@ -30,20 +30,33 @@
         the docutils package except some GPLed files which can not be included
         with the Zope distribution due to license constraints on svn.zope.org.
 
-      - docutils: moved from lib/python/docutils to 
-        lib/python/third_party/docutils 
+      - docutils: moved from lib/python/docutils to
+        lib/python/third_party/docutils
 
       - Collector #1557/OFS.Image: Introducing new 'alt' property. The 'alt'
         attribute is no longer taken from the 'title' property but from the new
-        'alt' property.  The border="0" attribute is no longer part of the HTML 
+        'alt' property.  The border="0" attribute is no longer part of the HTML
         output except specified otherwise.
-           
-      - Collector #1511: made IPCServer show up in the Control Panel under 
+
+      - Set a default value of '' for the new 'alt' property as not to
+        break existing content.
+
+      - Collector #1511: made IPCServer show up in the Control Panel under
         "Network Services"
 
-      - Collector #1443: Applied patch by Simon Eisenmann that reimplements 
+      - Collector #1443: Applied patch by Simon Eisenmann that reimplements
         the XML parser used in WebDAV fixing a memory leak.
 
+      - Always unescape element contents on webdav.xmltools
+
+      - Use saxutils to escape/unescape values for/from
+        PROPFIND/PROPPATCH.
+
+      - Make OFS.PropertySheet use the escaping function from
+        webdav.xmltools.
+
+      - Escape/unescape " and '
+
   Zope 2.8a1
 
 
@@ -77,14 +90,14 @@
      - The DateTime parser now throws a SyntaxError upon any parsing errors.
 
      - ZCatalog: added a new configuration option in the "Advanced" tab
-       to provide optional logging of the progress of long running 
+       to provide optional logging of the progress of long running
        reindexing or recataloging operations.
 
      - made Zope.configure return the starter instance to enable other
        methods to be called, such as starter.setupConfiguredLoggers()
 
      - Improved Unicode handling in Page Templates. Template contents
-       and title will now be saved as a Unicode string if 
+       and title will now be saved as a Unicode string if
        the management_page_charset variable can be acquired and is true.
        The character set of an uploaded file can now be specified.
 
@@ -191,11 +204,11 @@
        (for pre-Zope 2.5 instances) has been removed. If you want to migrate
        from such an old version to Zope 2.8, you need to clear and reindex
        your ZCatalog).
- 
-     - Collector #1457: ZCTextIndex's QueryError and ParseError 
+
+     - Collector #1457: ZCTextIndex's QueryError and ParseError
        are now available for import from untrusted code.
 
-     - Collector #1473: zpasswd.py can now accept --username 
+     - Collector #1473: zpasswd.py can now accept --username
        without --password
 
      - Collector #1491: talgettext.py did not create a proper header
@@ -213,15 +226,15 @@
      - Removed DWIM'y attempt to filter acquired-but-not-aceessible
        results from 'guarded_getattr'.
 
-     - Collector #1267: applied patch to fix segmentation faults on 
+     - Collector #1267: applied patch to fix segmentation faults on
        x86_64 systems
 
-     - ZReST: the charset used in the rendered HTML was not set to the 
+     - ZReST: the charset used in the rendered HTML was not set to the
        corresponding output_encoding property of the ZReST instance. In addition
-       changing the encodings through the Properties tab did not re-render 
+       changing the encodings through the Properties tab did not re-render
        the HTML.
 
-     - Collector #1234: an exception triple passed to LOG() was not 
+     - Collector #1234: an exception triple passed to LOG() was not
        propagated properly to the logging module of Python
 
      - Collector #1441: Removed headers introduced to make Microsoft
@@ -246,8 +259,8 @@
      - added "version.txt" to setup.py to avoid untrue "unreleased version"
        messages within the control panel
 
-     - Collector #1436: applied patch to fix a memory leak in 
-       cAccessControl. 
+     - Collector #1436: applied patch to fix a memory leak in
+       cAccessControl.
 
      - Collector #1431: fixed NetBSD support in initgroups.c
 
@@ -261,17 +274,17 @@
      - Zope can now be embedded in C/C++ without exceptions being raised
        in zdoptions.
 
-     - Collector #1213: Fixed wrong labels of cache parameters 
+     - Collector #1213: Fixed wrong labels of cache parameters
 
      - Collector #1265: Fixed handling of orphans in ZTUtil.Batch
 
      - Collector #1293: missing 'address' parameters within one of the server
-       sections raise an exception. 
+       sections raise an exception.
 
      - Collector #1345: AcceleratedHTTPCacheManager now sends the
        Last-Modified header.
 
-     - Collector #1126: ZPublisher.Converters.field2lines now using 
+     - Collector #1126: ZPublisher.Converters.field2lines now using
        splitlines() instead of split('\n').
 
      - Collector #1322: fixed HTML quoting problem with ZSQL methods
@@ -283,14 +296,14 @@
 
      - Collector #1259: removed the "uninstall" target from the Makefile
        since the uninstall routine could also remove non-Zope files. Because
-       this was to dangerous it has been removed completely. 
+       this was to dangerous it has been removed completely.
 
      - Collector #1299: Fixed bug in sequence.sort()
 
      - Collector #1159: Added test for __MACH__ to initgroups.c so the
        initgroups method becomes available on Mac OS X.
 
-     - Collector #1004: text,token properties were missing in 
+     - Collector #1004: text,token properties were missing in
        PropertyManager management page.
 
      - Display index name on error message when index can't be used as

Modified: Zope/trunk/lib/python/OFS/Image.py
===================================================================
--- Zope/trunk/lib/python/OFS/Image.py	2004-11-02 16:41:07 UTC (rev 28319)
+++ Zope/trunk/lib/python/OFS/Image.py	2004-11-02 17:31:00 UTC (rev 28320)
@@ -76,6 +76,7 @@
 
     precondition=''
     size=None
+    alt=''
 
     manage_editForm  =DTMLFile('dtml/fileEdit',globals(),
                                Kind='File',kind='file')

Modified: Zope/trunk/lib/python/OFS/PropertySheets.py
===================================================================
--- Zope/trunk/lib/python/OFS/PropertySheets.py	2004-11-02 16:41:07 UTC (rev 28319)
+++ Zope/trunk/lib/python/OFS/PropertySheets.py	2004-11-02 17:31:00 UTC (rev 28320)
@@ -807,15 +807,12 @@
         return attr()
     return attr
 
-
-def xml_escape(v):
-    """ convert any content from ISO-8859-1 to UTF-8
-    The main use is to escape non-US object property values
-    (e.g. containing accented characters). Also we convert "<" and ">"
-    to entities to keep the properties XML compliant.
-    """
-    v = str(v)
-    v = v.replace('&', '&amp;')
-    v = v.replace('<', '&lt;')
-    v = v.replace('>', '&gt;')
-    return  unicode(v,"latin-1").encode("utf-8")
+def xml_escape(value):
+    from webdav.xmltools import escape
+    if not isinstance(value, basestring):
+        value = unicode(value)
+    if not isinstance(value, unicode):
+        # XXX It really shouldn't be hardcoded to latin-1 here.
+        value = value.decode('latin-1')
+    value = escape(value)
+    return value.encode('utf-8')

Modified: Zope/trunk/lib/python/webdav/xmltools.py
===================================================================
--- Zope/trunk/lib/python/webdav/xmltools.py	2004-11-02 16:41:07 UTC (rev 28319)
+++ Zope/trunk/lib/python/webdav/xmltools.py	2004-11-02 17:31:00 UTC (rev 28320)
@@ -10,13 +10,10 @@
 # FOR A PARTICULAR PURPOSE
 #
 ##############################################################################
-
-
-""" 
+"""
 WebDAV XML request parsing tool using xml.minidom as xml parser.
 Code contributed by Simon Eisenmann, struktur AG, Stuttgart, Germany
 """
-
 __version__='$Revision: 1.15.2.1 $'[11:-2]
 
 """
@@ -26,55 +23,88 @@
    and find out if some code uses/requires these methods.
 
    => If yes implement them, else forget them.
-   
+
    NOTE: So far i didn't have any problems.
          If you have problems please report them.
 
 """
 
 from xml.dom import minidom
+from xml.sax.saxutils import escape as _escape, unescape as _unescape
 
+escape_entities = {'"': '&quot;',
+                   "'": '&apos;',
+                   }
+
+unescape_entities = {'&quot;': '"',
+                     '&apos;': "'",
+                     }
+
+def escape(value, entities=None):
+    _ent = escape_entities
+    if entities is not None:
+        _ent = _ent.copy()
+        _ent.update(entities)
+    return _escape(value, entities)
+
+def unescape(value, entities=None):
+    _ent = unescape_entities
+    if entities is not None:
+        _ent = _ent.copy()
+        _ent.update(entities)
+    return _unescape(value, entities)
+
+# XXX latin-1 is hardcoded on OFS.PropertySheets as the expected
+# encoding properties will be stored in. Optimally, we should use the
+# same encoding as the 'default_encoding' property that is used for
+# the ZMI.
+zope_encoding = 'latin-1'
+
 class Node:
-    """ our nodes no matter what type """
-    
+    """ Our nodes no matter what type
+    """
+
     node = None
-    
+
     def __init__(self, node):
         self.node=node
-        
+
     def elements(self, name=None, ns=None):
-        nodes=[ Node(n) for n in self.node.childNodes if n.nodeType == n.ELEMENT_NODE and \
-                                                   ((name is None) or ((n.localName.lower())==name)) and \
-                                                   ((ns is None) or (n.namespaceURI==ns)) ]
+        nodes = []
+        for n in self.node.childNodes:
+            if (n.nodeType == n.ELEMENT_NODE and
+                ((name is None) or ((n.localName.lower())==name)) and
+                ((ns is None) or (n.namespaceURI==ns))):
+                nodes.append(Element(n))
         return nodes
 
     def qname(self):
-        return '%s%s' % (self.namespace(), self.name()) 
-        
+        return '%s%s' % (self.namespace(), self.name())
+
     def addNode(self, node):
         # XXX: no support for adding nodes here
         raise NotImplementedError, 'addNode not implemented'
 
     def toxml(self):
         return self.node.toxml()
-        
+
     def strval(self):
-        return self.toxml()
-        
+        return self.toxml().encode(zope_encoding)
+
     def name(self):  return self.node.localName
     def attrs(self): return self.node.attributes
     def value(self): return self.node.nodeValue
     def nodes(self): return self.node.childNodes
     def nskey(self): return self.node.namespaceURI
-    
+
     def namespace(self): return self.nskey()
-  
+
     def del_attr(self, name):
-        # XXX: no support for removing attributes 
+        # XXX: no support for removing attributes
 	#      zope can calls this after remapping to remove namespace
 	#      haven't seen this happening though
         return None
-  
+
     def remap(self, dict, n=0, top=1):
         # XXX: this method is used to do some strange remapping of elements
         #      and namespaces .. not sure how to do this with minidom
@@ -87,18 +117,31 @@
             return "<Node %s (from %s)>" % (self.name(), self.namespace())
         else: return "<Node %s>" % self.name()
 
+class Element(Node):
 
+    def toxml(self):
+        # When dealing with Elements, we only want the Element's content.
+        result = u''
+        for n in self.node.childNodes:
+            value = n.toxml()
+            # Use unescape possibly escaped values.  We do this
+            # because the value is *always* escaped in it's XML
+            # representation, and if we store it escaped it will come
+            # out *double escaped* when doing a PROPFIND.
+            value = unescape(value, entities=unescape_entities)
+            result += value
+        return result
+
 class XmlParser:
-    """ simple wrapper around minidom to support the required 
-        interfaces for zope.webdav
+    """ Simple wrapper around minidom to support the required
+    interfaces for zope.webdav
     """
 
     dom = None
-    
+
     def __init__(self):
         pass
-        
+
     def parse(self, data):
-        self.dom=minidom.parseString(data)
+        self.dom = minidom.parseString(data)
         return Node(self.dom)
-        



More information about the Zope-Checkins mailing list