[Zope-Checkins] SVN: Zope/branches/2.10/ - LP #491224: proper escaping of rendered error message
Andreas Jung
andreas at andreas-jung.com
Mon Jan 11 10:28:33 EST 2010
Log message for revision 108014:
- LP #491224: proper escaping of rendered error message
Changed:
U Zope/branches/2.10/doc/CHANGES.txt
U Zope/branches/2.10/lib/python/OFS/SimpleItem.py
-=-
Modified: Zope/branches/2.10/doc/CHANGES.txt
===================================================================
--- Zope/branches/2.10/doc/CHANGES.txt 2010-01-11 15:27:33 UTC (rev 108013)
+++ Zope/branches/2.10/doc/CHANGES.txt 2010-01-11 15:28:32 UTC (rev 108014)
@@ -8,6 +8,8 @@
Bugs fixed
+ - LP #491224: proper escaping of rendered error message
+
- Also look for ZEXP imports within the clienthome directory. This
provides a place to put imports that won't be clobbered by buildout
in a buildout-based Zope instance.
Modified: Zope/branches/2.10/lib/python/OFS/SimpleItem.py
===================================================================
--- Zope/branches/2.10/lib/python/OFS/SimpleItem.py 2010-01-11 15:27:33 UTC (rev 108013)
+++ Zope/branches/2.10/lib/python/OFS/SimpleItem.py 2010-01-11 15:28:32 UTC (rev 108014)
@@ -36,6 +36,7 @@
from DocumentTemplate.ustr import ustr
from ExtensionClass import Base
from webdav.Resource import Resource
+from webdav.xmltools import escape as xml_escape
from zExceptions import Redirect
from zExceptions.ExceptionFormatter import format_exception
from zope.interface import implements
@@ -228,6 +229,7 @@
else:
v = HTML.__call__(s, client, REQUEST, **kwargs)
except:
+
logger.error(
'Exception while rendering an error message',
exc_info=True
@@ -243,6 +245,7 @@
"event log for full details: %s)")%(
html_quote(sys.exc_info()[1]),
))
+ v = xml_escape(v)
raise error_type, v, tb
finally:
if hasattr(self, '_v_eek'): del self._v_eek
More information about the Zope-Checkins
mailing list