[CMF-checkins] CVS: CMF/CMFDefault/skins/content - document_edit.py:1.4 newsitem_edit.py:1.4

Tres Seaver tseaver@zope.com
Sun, 21 Jul 2002 20:01:56 -0400


Update of /cvs-repository/CMF/CMFDefault/skins/content
In directory cvs.zope.org:/tmp/cvs-serv462/CMFDefault/skins/content

Modified Files:
	document_edit.py newsitem_edit.py 
Log Message:



  - Merge 'utils' fixes (including 'scrubHTML' integration) from 1.3 branch.


=== CMF/CMFDefault/skins/content/document_edit.py 1.3 => 1.4 ===
 ##parameters=text_format, text, file='', SafetyBelt='', choice=' Change '
 ##title=Edit a document
 try:
+    from Products.CMFDefault.utils import scrubHTML
+    text = scrubHTML( text ) # Strip Javascript, etc.
     context.edit( text_format
                 , text
                 , file
@@ -20,8 +22,8 @@
                                                 ) )
 except Exception, msg:
     target_action = context.getTypeInfo().getActionById( 'edit' )
-    context.REQUEST.RESPONSE.redirect('%s/%s?portal_status_message=%s' % (
-                                                                       context.absolute_url()
-                                                                     , target_action
-                                                                     , msg
-                                                                     ))
+    context.REQUEST.RESPONSE.redirect(
+        '%s/%s?portal_status_message=%s' % ( context.absolute_url()
+                                           , target_action
+                                           , msg
+                                           ) )


=== CMF/CMFDefault/skins/content/newsitem_edit.py 1.3 => 1.4 ===
 ## Script (Python) "newsitem_edit"
 ##parameters=text, description, text_format=None, choice=' Change '
 ##title=Edit a news item
+try:
+    from Products.CMFDefault.utils import scrubHTML
+    text = scrubHTML( text ) # Strip Javascript, etc.
+    description = scrubHTML( description )
  
-context.edit(text=text, description=description, text_format=text_format)
+    context.edit(text=text, description=description, text_format=text_format)
 
-qst='portal_status_message=News+Item+changed.'
+    qst='portal_status_message=News+Item+changed.'
 
-if choice == ' Change and View ':
-    target_action = context.getTypeInfo().getActionById( 'view' )
-else:
-    target_action = context.getTypeInfo().getActionById( 'edit' )
+    if choice == ' Change and View ':
+        target_action = context.getTypeInfo().getActionById( 'view' )
+    else:
+        target_action = context.getTypeInfo().getActionById( 'edit' )
 
-context.REQUEST.RESPONSE.redirect( '%s/%s?%s' % ( context.absolute_url()
-                                                , target_action
-                                                , qst
-                                                ) )
+    context.REQUEST.RESPONSE.redirect( '%s/%s?%s' % ( context.absolute_url()
+                                                    , target_action
+                                                    , qst
+                                                    ) )
+except Exception, msg:
+    target_action = context.getTypeInfo().getActionById( 'edit' )
+    context.REQUEST.RESPONSE.redirect(
+        '%s/%s?portal_status_message=%s' % ( context.absolute_url()
+                                           , target_action
+                                           , msg
+                                           ) )