[Zope-Checkins] CVS: Zope/lib/python/ZPublisher - HTTPResponse.py:1.69.4.7

Brian Lloyd brian at zope.com
Mon Jan 19 14:32:26 EST 2004


Update of /cvs-repository/Zope/lib/python/ZPublisher
In directory cvs.zope.org:/tmp/cvs-serv11038/lib/python/ZPublisher

Modified Files:
      Tag: Zope-2_6-branch
	HTTPResponse.py 
Log Message:
apply missed 813 patches


=== Zope/lib/python/ZPublisher/HTTPResponse.py 1.69.4.6 => 1.69.4.7 ===
--- Zope/lib/python/ZPublisher/HTTPResponse.py:1.69.4.6	Thu Jan  8 16:13:13 2004
+++ Zope/lib/python/ZPublisher/HTTPResponse.py	Mon Jan 19 14:32:26 2004
@@ -22,6 +22,7 @@
 from BaseResponse import BaseResponse
 from zExceptions import Unauthorized
 from zExceptions.ExceptionFormatter import format_exception
+from cgi import escape
 
 nl2sp = maketrans('\n',' ')
 
@@ -453,7 +454,7 @@
                     ibase = base_re_search(body)
                     if ibase is None:
                         self.body = ('%s\n<base href="%s" />\n%s' %
-                                   (body[:index], self.quoteHTML(self.base),
+                                   (body[:index], escape(self.base, 1),
                                     body[index:]))
                         self.setHeader('content-length', len(self.body))
 
@@ -545,15 +546,9 @@
             return 1
         return 0
 
-    def quoteHTML(self,text,
-                  subs={'&':'&amp;', "<":'&lt;', ">":'&gt;', '\"':'&quot;'}
-                  ):
-        for ent in '&<>\"':
-            if text.find( ent) >= 0:
-                text = subs[ent].join(text.split(ent))
-
-        return text
-
+    # deprecated
+    def quoteHTML(self, text):
+        return escape(text, 1)
 
     def _traceback(self, t, v, tb, as_html=1):
         tb = format_exception(t, v, tb, as_html=as_html)
@@ -626,7 +621,7 @@
             "Resource not found",
             "Sorry, the requested resource does not exist." +
             "<p>Check the URL and try again.</p>" +
-            "<p><b>Resource:</b> %s</p>" % self.quoteHTML(entry))
+            "<p><b>Resource:</b> %s</p>" % escape(entry))
 
     forbiddenError = notFoundError  # If a resource is forbidden,
                                     # why reveal that it exists?




More information about the Zope-Checkins mailing list