1.1 --- a/actions/EventAggregatorNewEvent.py Mon Jan 31 01:18:10 2011 +0100
1.2 +++ b/actions/EventAggregatorNewEvent.py Sun Feb 06 01:50:51 2011 +0100
1.3 @@ -2,7 +2,7 @@
1.4 """
1.5 MoinMoin - EventAggregatorNewEvent Action
1.6
1.7 - @copyright: 2008, 2009, 2010 by Paul Boddie <paul@boddie.org.uk>
1.8 + @copyright: 2008, 2009, 2010, 2011 by Paul Boddie <paul@boddie.org.uk>
1.9 @copyright: 2000-2004 Juergen Hermann <jh@web.de>,
1.10 2003-2008 MoinMoin:ThomasWaldmann,
1.11 2004-2006 MoinMoin:AlexanderSchremmer,
1.12 @@ -15,6 +15,9 @@
1.13 from MoinMoin.PageEditor import PageEditor
1.14 import EventAggregatorSupport
1.15
1.16 +escape = EventAggregatorSupport.escape
1.17 +escattr = EventAggregatorSupport.escattr
1.18 +
1.19 try:
1.20 import pytz
1.21 except ImportError:
1.22 @@ -61,12 +64,13 @@
1.23 # In the advanced view, populate a menu.
1.24
1.25 if show_advanced:
1.26 - category_list.append('<option value="%s" %s>%s</option>' % (category_pagename, selected, category_name))
1.27 + category_list.append('<option value="%s" %s>%s</option>' % (
1.28 + escattr(category_pagename), selected, escape(category_name)))
1.29
1.30 # In the basic view, use hidden fields.
1.31
1.32 elif selected:
1.33 - category_list.append('<input value="%s" name="category" type="hidden" />' % category_pagename)
1.34 + category_list.append('<input value="%s" name="category" type="hidden" />' % escattr(category_pagename))
1.35
1.36 # Prepare the topics list.
1.37
1.38 @@ -97,7 +101,7 @@
1.39 if pytz is not None:
1.40 for pytz_regime in pytz.common_timezones:
1.41 selected = self._get_selected(pytz_regime, regime)
1.42 - regime_list.append('<option value="%s" %s>%s</option>' % (pytz_regime, selected, pytz_regime))
1.43 + regime_list.append('<option value="%s" %s>%s</option>' % (escattr(pytz_regime), selected, escape(pytz_regime)))
1.44
1.45 # Permitting configuration of the template name.
1.46
1.47 @@ -105,63 +109,63 @@
1.48
1.49 d = {
1.50 "buttons_html" : buttons_html,
1.51 - "category_label" : _("Categories"),
1.52 + "category_label" : escape(_("Categories")),
1.53 "category_list" : "\n".join(category_list),
1.54
1.55 "start_month_list" : "\n".join(start_month_list),
1.56 "end_month_list" : "\n".join(end_month_list),
1.57
1.58 "regime_list" : "\n".join(regime_list),
1.59 - "use_regime_label" : _("Using local time"),
1.60 + "use_regime_label" : escape(_("Using local time")),
1.61
1.62 - "show_end_date_label" : _("Specify end date"),
1.63 - "hide_end_date_label" : _("End event on same day"),
1.64 + "show_end_date_label" : escape(_("Specify end date")),
1.65 + "hide_end_date_label" : escape(_("End event on same day")),
1.66
1.67 - "show_times_label" : _("Specify times"),
1.68 - "hide_times_label" : _("No start and end times"),
1.69 + "show_times_label" : escape(_("Specify times")),
1.70 + "hide_times_label" : escape(_("No start and end times")),
1.71
1.72 - "show_offsets_label" : _("Specify UTC offsets"),
1.73 - "show_regime_label" : _("Specify location"),
1.74 - "hide_zone_label" : _("Make times apply everywhere"),
1.75 + "show_offsets_label" : escape(_("Specify UTC offsets")),
1.76 + "show_regime_label" : escape(_("Specify location")),
1.77 + "hide_zone_label" : escape(_("Make times apply everywhere")),
1.78
1.79 - "start_label" : _("Start date (day, month, year)"),
1.80 - "start_day_default" : form.get("start-day", [""])[0],
1.81 - "start_year_default" : start_year_default,
1.82 - "start_time_label" : _("Start time (hour, minute, second)"),
1.83 - "start_hour_default" : form.get("start-hour", [""])[0],
1.84 - "start_minute_default" : form.get("start-minute", [""])[0],
1.85 - "start_second_default" : form.get("start-second", [""])[0],
1.86 - "start_offset_default" : form.get("start-offset", [""])[0],
1.87 + "start_label" : escape(_("Start date (day, month, year)")),
1.88 + "start_day_default" : escattr(form.get("start-day", [""])[0]),
1.89 + "start_year_default" : escattr(start_year_default),
1.90 + "start_time_label" : escape(_("Start time (hour, minute, second)")),
1.91 + "start_hour_default" : escattr(form.get("start-hour", [""])[0]),
1.92 + "start_minute_default" : escattr(form.get("start-minute", [""])[0]),
1.93 + "start_second_default" : escattr(form.get("start-second", [""])[0]),
1.94 + "start_offset_default" : escattr(form.get("start-offset", [""])[0]),
1.95
1.96 - "end_label" : _("End date (day, month, year) - if different"),
1.97 - "end_day_default" : form.get("end-day", [""])[0] or form.get("start-day", [""])[0],
1.98 - "end_year_default" : end_year_default,
1.99 - "end_time_label" : _("End time (hour, minute, second)"),
1.100 - "end_hour_default" : form.get("end-hour", [""])[0],
1.101 - "end_minute_default" : form.get("end-minute", [""])[0],
1.102 - "end_second_default" : form.get("end-second", [""])[0],
1.103 - "end_offset_default" : form.get("end-offset", [""])[0] or form.get("start-offset", [""])[0],
1.104 + "end_label" : escape(_("End date (day, month, year) - if different")),
1.105 + "end_day_default" : escattr(form.get("end-day", [""])[0] or form.get("start-day", [""])[0]),
1.106 + "end_year_default" : escattr(end_year_default),
1.107 + "end_time_label" : escape(_("End time (hour, minute, second)")),
1.108 + "end_hour_default" : escattr(form.get("end-hour", [""])[0]),
1.109 + "end_minute_default" : escattr(form.get("end-minute", [""])[0]),
1.110 + "end_second_default" : escattr(form.get("end-second", [""])[0]),
1.111 + "end_offset_default" : escattr(form.get("end-offset", [""])[0] or form.get("start-offset", [""])[0]),
1.112
1.113 - "title_label" : _("Event title/summary"),
1.114 - "title_default" : form.get("title", [""])[0],
1.115 - "description_label" : _("Event description"),
1.116 - "description_default" : form.get("description", [""])[0],
1.117 - "location_label" : _("Event location"),
1.118 - "location_default" : form.get("location", [""])[0],
1.119 - "link_label" : _("Event URL"),
1.120 - "link_default" : form.get("link", [""])[0],
1.121 + "title_label" : escape(_("Event title/summary")),
1.122 + "title_default" : escattr(form.get("title", [""])[0]),
1.123 + "description_label" : escape(_("Event description")),
1.124 + "description_default" : escattr(form.get("description", [""])[0]),
1.125 + "location_label" : escape(_("Event location")),
1.126 + "location_default" : escattr(form.get("location", [""])[0]),
1.127 + "link_label" : escape(_("Event URL")),
1.128 + "link_default" : escattr(form.get("link", [""])[0]),
1.129
1.130 - "topics_label" : _("Topics"),
1.131 - "add_topic_label" : _("Add topic"),
1.132 - "remove_topic_label" : _("Remove topic"),
1.133 + "topics_label" : escape(_("Topics")),
1.134 + "add_topic_label" : escape(_("Add topic")),
1.135 + "remove_topic_label" : escape(_("Remove topic")),
1.136
1.137 - "template_label" : _("Event template"),
1.138 - "template_default" : form.get("template", [""])[0] or template_default,
1.139 - "parent_label" : _("Parent page"),
1.140 - "parent_default" : form.get("parent", [""])[0],
1.141 + "template_label" : escape(_("Event template")),
1.142 + "template_default" : escattr(form.get("template", [""])[0] or template_default),
1.143 + "parent_label" : escape(_("Parent page")),
1.144 + "parent_default" : escattr(form.get("parent", [""])[0]),
1.145
1.146 - "advanced_label" : _("Show advanced options"),
1.147 - "basic_label" : _("Hide advanced options"),
1.148 + "advanced_label" : escape(_("Show advanced options")),
1.149 + "basic_label" : escape(_("Hide advanced options")),
1.150 }
1.151
1.152 # Prepare the output HTML.
1.153 @@ -357,7 +361,7 @@
1.154 # Topics.
1.155
1.156 for i, topic in enumerate(topics):
1.157 - d["topic"] = topic
1.158 + d["topic"] = escattr(topic)
1.159 d["topic_number"] = i
1.160 html += '''
1.161 <tr>