Mercurial > p > roundup > code

comparison roundup/cgi/actions.py @ 5800:1a835db41674

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Call cgi.escape only on python 2. Replace with html.escapeif it can be found.
author John Rouillard <rouilj@ieee.org>
date Tue, 11 Jun 2019 21:29:24 -0400
parents 8dbe307bdb57
children bd6d41f21a5a
comparison
equal deleted inserted replaced
5799:7ba0ee980fc7 5800:1a835db41674
8 from roundup.rate_limit import Gcra, RateLimit 8 from roundup.rate_limit import Gcra, RateLimit
9 from roundup.exceptions import Reject, RejectRaw 9 from roundup.exceptions import Reject, RejectRaw
10 from roundup.anypy import urllib_ 10 from roundup.anypy import urllib_
11 from roundup.anypy.strings import StringIO 11 from roundup.anypy.strings import StringIO
12 import roundup.anypy.random_ as random_ 12 import roundup.anypy.random_ as random_
13
14 try:
15 from html import escape as html_escape # python 3
16 except ImportError:
17 from cgi import escape as html_escape # python 2 fallback
13 18
14 import time 19 import time
15 from datetime import timedelta 20 from datetime import timedelta
16 21
17 # Also add action to client.py::Client.actions property 22 # Also add action to client.py::Client.actions property
1349 # use error code 400: Bad Request. Do not use 1354 # use error code 400: Bad Request. Do not use
1350 # error code 404: Not Found. 1355 # error code 404: Not Found.
1351 self.client.response_code = 400 1356 self.client.response_code = 400
1352 raise exceptions.NotFound( 1357 raise exceptions.NotFound(
1353 self._('Column "%(column)s" not found in %(class)s') 1358 self._('Column "%(column)s" not found in %(class)s')
1354 % {'column': cgi.escape(cname), 'class': request.classname}) 1359 % {'column': html_escape(cname), 'class': request.classname})
1355 1360
1356 # full-text search 1361 # full-text search
1357 if request.search_text: 1362 if request.search_text:
1358 matches = self.db.indexer.search( 1363 matches = self.db.indexer.search(
1359 re.findall(r'\b\w{2,25}\b', request.search_text), klass) 1364 re.findall(r'\b\w{2,25}\b', request.search_text), klass)
1504 # use error code 400: Bad Request. Do not use 1509 # use error code 400: Bad Request. Do not use
1505 # error code 404: Not Found. 1510 # error code 404: Not Found.
1506 self.client.response_code = 400 1511 self.client.response_code = 400
1507 raise exceptions.NotFound( 1512 raise exceptions.NotFound(
1508 self._('Column "%(column)s" not found in %(class)s') 1513 self._('Column "%(column)s" not found in %(class)s')
1509 % {'column': cgi.escape(cname), 'class': request.classname}) 1514 % {'column': html_escape(cname), 'class': request.classname})
1510 1515
1511 # full-text search 1516 # full-text search
1512 if request.search_text: 1517 if request.search_text:
1513 matches = self.db.indexer.search( 1518 matches = self.db.indexer.search(
1514 re.findall(r'\b\w{2,25}\b', request.search_text), klass) 1519 re.findall(r'\b\w{2,25}\b', request.search_text), klass)
Roundup Issue Tracker: http://roundup-tracker.org/