Mercurial > p > roundup > code
diff roundup/cgi/client.py @ 5802:0e6d45413e88
catching last couple of cgi.escape references.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 11 Jun 2019 22:37:22 -0400 |
| parents | 17e110426ad7 |
| children | 8f50e00532e7 |
line wrap: on
line diff
--- a/roundup/cgi/client.py Tue Jun 11 22:12:50 2019 -0400 +++ b/roundup/cgi/client.py Tue Jun 11 22:37:22 2019 -0400 @@ -23,6 +23,11 @@ class SysCallError(Exception): pass +try: + from html import escape as html_escape # python 3 +except ImportError: + from cgi import escape as html_escape # python 2 fallback + from roundup import roundupdb, date, hyperdb, password from roundup.cgi import templating, cgitb, TranslationService from roundup.cgi import actions @@ -68,7 +73,7 @@ def add_message(msg_list, msg, escape=True): if escape: - msg = cgi.escape(msg).replace('\n', '<br />\n') + msg = html_escape(msg).replace('\n', '<br />\n') else: msg = msg.replace('\n', '<br />\n') msg_list.append (msg) @@ -1767,9 +1772,9 @@ result = result.replace('</body>', s) return result except templating.NoTemplate as message: - return '<strong>%s</strong>'%cgi.escape(str(message)) + return '<strong>%s</strong>'%html_escape(str(message)) except templating.Unauthorised as message: - raise Unauthorised(cgi.escape(str(message))) + raise Unauthorised(html_escape(str(message))) except: # everything else if self.instance.config.WEB_DEBUG: @@ -1862,7 +1867,7 @@ if name == action_name: break else: - raise ValueError('No such action "%s"'%cgi.escape(action_name)) + raise ValueError('No such action "%s"'%html_escape(action_name)) return action_klass def _socket_op(self, call, *args, **kwargs):