1.1 --- a/actions/EventAggregatorSummary.py Mon Apr 12 20:33:40 2010 +0200
1.2 +++ b/actions/EventAggregatorSummary.py Sun Feb 06 02:18:19 2011 +0100
1.3 @@ -2,7 +2,7 @@
1.4 """
1.5 MoinMoin - EventAggregatorSummary Action
1.6
1.7 - @copyright: 2008, 2009, 2010 by Paul Boddie <paul@boddie.org.uk>
1.8 + @copyright: 2008, 2009, 2010, 2011 by Paul Boddie <paul@boddie.org.uk>
1.9 @copyright: 2000-2004 Juergen Hermann <jh@web.de>,
1.10 2003-2008 MoinMoin:ThomasWaldmann,
1.11 2004-2006 MoinMoin:AlexanderSchremmer,
1.12 @@ -18,6 +18,9 @@
1.13 from MoinMoin import wikiutil
1.14 import EventAggregatorSupport
1.15
1.16 +escape = EventAggregatorSupport.escape
1.17 +escattr = EventAggregatorSupport.escattr
1.18 +
1.19 Dependencies = ['pages']
1.20
1.21 # Action class and supporting functions.
1.22 @@ -38,40 +41,40 @@
1.23 EventAggregatorSupport.getCategories(request),
1.24 request):
1.25
1.26 - category_list.append('<option value="%s">%s</option>' % (category_pagename, category_name))
1.27 + category_list.append('<option value="%s">%s</option>' % (escattr(category_pagename), escape(category_name)))
1.28
1.29 month_list = []
1.30 month_list.append('<option value=""></option>')
1.31
1.32 for month in range(1, 13):
1.33 month_label = _(EventAggregatorSupport.getMonthLabel(month))
1.34 - month_list.append('<option value="%02d">%s</option>' % (month, month_label))
1.35 + month_list.append('<option value="%02d">%s</option>' % (month, escape(month_label)))
1.36
1.37 descriptions_list = [
1.38 - '<option value="%s">%s</option>' % ("page", _("page")),
1.39 - '<option value="%s">%s</option>' % ("comment", _("comment"))
1.40 + '<option value="%s">%s</option>' % ("page", escape(_("page"))),
1.41 + '<option value="%s">%s</option>' % ("comment", escape(_("comment")))
1.42 ]
1.43
1.44 format_list = [
1.45 - '<option value="%s">%s</option>' % ("iCalendar", _("iCalendar")),
1.46 - '<option value="%s">%s</option>' % ("RSS", _("RSS 2.0"))
1.47 + '<option value="%s">%s</option>' % ("iCalendar", escape(_("iCalendar"))),
1.48 + '<option value="%s">%s</option>' % ("RSS", escape(_("RSS 2.0")))
1.49 ]
1.50
1.51 d = {
1.52 "buttons_html" : buttons_html,
1.53 - "category_label" : _("Categories"),
1.54 + "category_label" : escape(_("Categories")),
1.55 "category_list" : "\n".join(category_list),
1.56 "month_list" : "\n".join(month_list),
1.57 - "start_label" : _("Start year and month"),
1.58 + "start_label" : escape(_("Start year and month")),
1.59 "start_year_default" : "",
1.60 - "end_label" : _("End year and month"),
1.61 + "end_label" : escape(_("End year and month")),
1.62 "end_year_default" : "",
1.63 - "descriptions_label" : _("Use descriptions from..."),
1.64 + "descriptions_label" : escape(_("Use descriptions from...")),
1.65 "descriptions_list" : "\n".join(descriptions_list),
1.66 - "format_label" : _("Summary format"),
1.67 + "format_label" : escape(_("Summary format")),
1.68 "format_list" : "\n".join(format_list),
1.69 - "parent_label" : _("Parent page"),
1.70 - "parent_name" : form.get("parent", [""])[0],
1.71 + "parent_label" : escape(_("Parent page")),
1.72 + "parent_name" : escattr(form.get("parent", [""])[0]),
1.73 }
1.74
1.75 return '''