[Zope-Checkins] SVN: Zope/trunk/ - Don't escape properties stored as XML (ie: having a

Sidnei da Silva sidnei at awkly.org
Wed Nov 3 11:54:12 EST 2004 

Log message for revision 28328:
  
        - Don't escape properties stored as XML (ie: having a
          __xml_attrs__ metadata set by PROPPATCH) when building a
          PROPFIND response.
  
        - If a PROPPATCH element value contains only a CDATA section,
          store the CDATA contents only.
  

Changed:
  U   Zope/trunk/doc/CHANGES.txt
  U   Zope/trunk/lib/python/OFS/PropertySheets.py
  U   Zope/trunk/lib/python/webdav/xmltools.py

-=-
Modified: Zope/trunk/doc/CHANGES.txt
===================================================================
--- Zope/trunk/doc/CHANGES.txt	2004-11-02 21:30:05 UTC (rev 28327)
+++ Zope/trunk/doc/CHANGES.txt	2004-11-03 16:54:12 UTC (rev 28328)
@@ -57,6 +57,13 @@
 
       - Escape/unescape " and '
 
+      - Don't escape properties stored as XML (ie: having a
+        __xml_attrs__ metadata set by PROPPATCH) when building a
+        PROPFIND response.
+
+      - If a PROPPATCH element value contains only a CDATA section,
+        store the CDATA contents only.
+
   Zope 2.8a1
 
 

Modified: Zope/trunk/lib/python/OFS/PropertySheets.py
===================================================================
--- Zope/trunk/lib/python/OFS/PropertySheets.py	2004-11-02 21:30:05 UTC (rev 28327)
+++ Zope/trunk/lib/python/OFS/PropertySheets.py	2004-11-03 16:54:12 UTC (rev 28328)
@@ -324,14 +324,14 @@
             # check for xml property
             attrs=item.get('meta', {}).get('__xml_attrs__', None)
             if attrs is not None:
+                # It's a xml property. Don't escape value.
                 attrs=map(lambda n: ' %s="%s"' % n, attrs.items())
                 attrs=''.join(attrs)
             else:
-                # Quote non-xml items here?
+                # It's a non-xml property. Escape value.
                 attrs=''
-
-            if not hasattr(self,"dav__"+name):
-                value = xml_escape(value)
+                if not hasattr(self,"dav__"+name):
+                    value = xml_escape(value)
             prop='  <n:%s%s>%s</n:%s>' % (name, attrs, value, name)
 
             result.append(prop)
@@ -375,13 +375,14 @@
             # allow for xml properties
             attrs=item.get('meta', {}).get('__xml_attrs__', None)
             if attrs is not None:
+                # It's a xml property. Don't escape value.
                 attrs=map(lambda n: ' %s="%s"' % n, attrs.items())
                 attrs=''.join(attrs)
             else:
-                # quote non-xml items here?
+                # It's a non-xml property. Escape value.
                 attrs=''
-            if not hasattr(self, 'dav__%s' % name):
-                value = xml_escape(value)
+                if not hasattr(self, 'dav__%s' % name):
+                    value = xml_escape(value)
             prop='<n:%s%s xmlns:n="%s">%s</n:%s>\n' % (
                 name, attrs, xml_id, value, name)
             code='200 OK'

Modified: Zope/trunk/lib/python/webdav/xmltools.py
===================================================================
--- Zope/trunk/lib/python/webdav/xmltools.py	2004-11-02 21:30:05 UTC (rev 28327)
+++ Zope/trunk/lib/python/webdav/xmltools.py	2004-11-03 16:54:12 UTC (rev 28328)
@@ -34,6 +34,7 @@
 
 """
 
+from StringIO import StringIO
 from xml.dom import minidom
 from xml.sax.saxutils import escape as _escape, unescape as _unescape
 
@@ -72,7 +73,7 @@
     node = None
 
     def __init__(self, node):
-        self.node=node
+        self.node = node
 
     def elements(self, name=None, ns=None):
         nodes = []
@@ -112,7 +113,10 @@
         #       but the :n isnt part of the attribute name .. gash!
 
         attr = name.split(':')[0]
-        return self.node.removeAttribute(attr)
+        if (self.node.hasAttributes() and
+            self.node.attributes.has_key(attr)):
+            # Only remove attributes if they exist
+            return self.node.removeAttribute(attr)
 
     def remap(self, dict, n=0, top=1):
         # XXX:  this method is used to do some strange remapping of elements
@@ -136,16 +140,23 @@
 
     def toxml(self):
         # When dealing with Elements, we only want the Element's content.
-        result = u''
+        writer = StringIO(u'')
         for n in self.node.childNodes:
-            value = n.toxml()
-            # Use unescape possibly escaped values.  We do this
-            # because the value is *always* escaped in it's XML
-            # representation, and if we store it escaped it will come
-            # out *double escaped* when doing a PROPFIND.
-            value = unescape(value, entities=unescape_entities)
-            result += value
-        return result
+            if n.nodeType == n.CDATA_SECTION_NODE:
+                # CDATA sections should not be unescaped.
+                writer.write(n.data)
+            elif n.nodeType == n.ELEMENT_NODE:
+                writer.write(n.toxml())
+            else:
+                # TEXT_NODE and what else?
+                value = n.toxml()
+                # Unescape possibly escaped values.  We do this
+                # because the value is *always* escaped in it's XML
+                # representation, and if we store it escaped it will come
+                # out *double escaped* when doing a PROPFIND.
+                value = unescape(value, entities=unescape_entities)
+                writer.write(value)
+        return writer.getvalue()
 
 class XmlParser:
     """ Simple wrapper around minidom to support the required

More information about the Zope-Checkins mailing list