[Zope-Checkins] SVN: Zope/trunk/ - resolved a circular import issue by moving TaintedString out of ZPublisher

Yvo Schubbe y.2009 at wcm-solutions.de
Mon Dec 28 06:20:23 EST 2009


Log message for revision 107204:
  - resolved a circular import issue by moving TaintedString out of ZPublisher

Changed:
  U   Zope/trunk/doc/CHANGES.rst
  UU  Zope/trunk/src/DocumentTemplate/DT_Util.py
  UU  Zope/trunk/src/DocumentTemplate/DT_Var.py
  UU  Zope/trunk/src/DocumentTemplate/tests/test_DT_Var.py
  A   Zope/trunk/src/Shared/TaintedString/
  A   Zope/trunk/src/Shared/TaintedString/__init__.py
  A   Zope/trunk/src/Shared/TaintedString/tests.py
  U   Zope/trunk/src/ZPublisher/HTTPRequest.py
  UU  Zope/trunk/src/ZPublisher/TaintedString.py
  UU  Zope/trunk/src/ZPublisher/tests/testHTTPRequest.py
  D   Zope/trunk/src/ZPublisher/tests/testTaintedString.py

-=-
Modified: Zope/trunk/doc/CHANGES.rst
===================================================================
--- Zope/trunk/doc/CHANGES.rst	2009-12-28 11:02:24 UTC (rev 107203)
+++ Zope/trunk/doc/CHANGES.rst	2009-12-28 11:20:23 UTC (rev 107204)
@@ -11,6 +11,9 @@
 Restructuring
 +++++++++++++
 
+- Moved TaintedString from ZPublisher to Shared.
+  This resolves a circular import issue.
+
 - Moved zope.formlib / zope.app.form integration into a separate package
   called five.formlib.
 

Modified: Zope/trunk/src/DocumentTemplate/DT_Util.py
===================================================================
--- Zope/trunk/src/DocumentTemplate/DT_Util.py	2009-12-28 11:02:24 UTC (rev 107203)
+++ Zope/trunk/src/DocumentTemplate/DT_Util.py	2009-12-28 11:20:23 UTC (rev 107204)
@@ -12,9 +12,13 @@
 ##############################################################################
 """DTML Utilities
 
-$Id$"""
+$Id$
+"""
 
 import re
+import string
+from types import BuiltinFunctionType
+from types import FunctionType
 
 # for import by other modules, dont remove!
 from DocumentTemplate.html_quote import html_quote, ustr
@@ -27,6 +31,8 @@
 from RestrictedPython.Utilities import utility_builtins
 from RestrictedPython.Eval import RestrictionCapableEval
 
+from Shared.TaintedString import TaintedString
+
 test = utility_builtins['test'] # for backwards compatibility, dont remove!
 
 LIMITED_BUILTINS = 1
@@ -68,48 +74,41 @@
             f = NotBindable(f)
         setattr(TemplateDict, name, f)
 
-try:
-    # Wrap the string module so it can deal with TaintedString strings.
-    from ZPublisher.TaintedString import TaintedString
-    from types import FunctionType, BuiltinFunctionType, StringType
-    import string
+# Wrap the string module so it can deal with TaintedString strings.
+class StringModuleWrapper:
 
-    class StringModuleWrapper:
-        def __getattr__(self, key):
-            attr = getattr(string, key)
-            if (isinstance(attr, FunctionType) or
-                isinstance(attr, BuiltinFunctionType)):
-                return StringFunctionWrapper(attr)
-            else:
-                return attr
+    def __getattr__(self, key):
+        attr = getattr(string, key)
+        if (isinstance(attr, FunctionType) or
+            isinstance(attr, BuiltinFunctionType)):
+            return StringFunctionWrapper(attr)
+        else:
+            return attr
 
-    class StringFunctionWrapper:
-        def __init__(self, method):
-            self._method = method
+class StringFunctionWrapper:
 
-        def __call__(self, *args, **kw):
-            tainted = 0
-            args = list(args)
-            for i in range(len(args)):
-                if isinstance(args[i], TaintedString):
-                    tainted = 1
-                    args[i] = str(args[i])
-            for k, v in kw.items():
-                if isinstance(v, TaintedString):
-                    tainted = 1
-                    kw[k] = str(v)
-            args = tuple(args)
+    def __init__(self, method):
+        self._method = method
 
-            retval = self._method(*args, **kw)
-            if tainted and isinstance(retval, StringType) and '<' in retval:
-                retval = TaintedString(retval)
-            return retval
+    def __call__(self, *args, **kw):
+        tainted = 0
+        args = list(args)
+        for i in range(len(args)):
+            if isinstance(args[i], TaintedString):
+                tainted = 1
+                args[i] = str(args[i])
+        for k, v in kw.items():
+            if isinstance(v, TaintedString):
+                tainted = 1
+                kw[k] = str(v)
+        args = tuple(args)
 
-    TemplateDict.string = StringModuleWrapper()
+        retval = self._method(*args, **kw)
+        if tainted and isinstance(retval, str) and '<' in retval:
+            retval = TaintedString(retval)
+        return retval
 
-except ImportError:
-    # Use the string module already defined in RestrictedPython.Utilities
-    pass
+TemplateDict.string = StringModuleWrapper()
 
 # The functions below are meant to bind to the TemplateDict.
 


Property changes on: Zope/trunk/src/DocumentTemplate/DT_Util.py
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
   - 1.92

Modified: Zope/trunk/src/DocumentTemplate/DT_Var.py
===================================================================
--- Zope/trunk/src/DocumentTemplate/DT_Var.py	2009-12-28 11:02:24 UTC (rev 107203)
+++ Zope/trunk/src/DocumentTemplate/DT_Var.py	2009-12-28 11:20:23 UTC (rev 107204)
@@ -7,10 +7,10 @@
 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE
+# FOR A PARTICULAR PURPOSE.
 #
 ##############################################################################
-__doc__='''Variable insertion parameters
+"""Variable insertion parameters
 
     When inserting variables, parameters may be specified to
     control how the data will be formatted.  In HTML source, the
@@ -149,14 +149,10 @@
    A 'call' tag is provided for evaluating named objects or expressions
    without rendering the result.
 
+$Id$
+"""
 
-''' # '
-
-__rcs_id__='$Id$'
-__version__='$Revision: 1.60 $'[11:-2]
-
 import string, re, sys
-from cgi import escape
 from urllib import quote, quote_plus, unquote, unquote_plus
 
 # for import by other modules, dont remove!
@@ -164,8 +160,8 @@
 from DocumentTemplate.DT_Util import parse_params, name_param, str, ustr
 
 from Acquisition import aq_base
-from ZPublisher.TaintedString import TaintedString
-from zope.structuredtext.html import HTMLWithImages, HTML
+from Shared.TaintedString import TaintedString
+from zope.structuredtext.html import HTML
 from zope.structuredtext.document import DocumentWithImages
 from App.config import getConfiguration
 


Property changes on: Zope/trunk/src/DocumentTemplate/DT_Var.py
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
   - 1.60

Modified: Zope/trunk/src/DocumentTemplate/tests/test_DT_Var.py
===================================================================
--- Zope/trunk/src/DocumentTemplate/tests/test_DT_Var.py	2009-12-28 11:02:24 UTC (rev 107203)
+++ Zope/trunk/src/DocumentTemplate/tests/test_DT_Var.py	2009-12-28 11:20:23 UTC (rev 107204)
@@ -44,14 +44,13 @@
         True
         """
 
-
     def test_newline_to_br_tainted(self):
         """
         >>> text = '''
         ... <li>line one</li>
         ... <li>line two</li>
         ... '''
-        >>> from ZPublisher.TaintedString import TaintedString
+        >>> from Shared.TaintedString import TaintedString
         >>> tainted = TaintedString(text)
         >>> print DT_Var.newline_to_br(tainted)
         <br />


Property changes on: Zope/trunk/src/DocumentTemplate/tests/test_DT_Var.py
___________________________________________________________________
Modified: svn:keywords
   - "Author Date Revision"
   + Id
Added: svn:eol-style
   + native

Copied: Zope/trunk/src/Shared/TaintedString/__init__.py (from rev 107176, Zope/trunk/src/ZPublisher/TaintedString.py)
===================================================================
--- Zope/trunk/src/Shared/TaintedString/__init__.py	                        (rev 0)
+++ Zope/trunk/src/Shared/TaintedString/__init__.py	2009-12-28 11:20:23 UTC (rev 107204)
@@ -0,0 +1,155 @@
+##############################################################################
+#
+# Copyright (c) 2002 Zope Corporation and Contributors. All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" TaintedString implementation.
+
+TaintedStrings hold potentially dangerous untrusted data; anything that could
+possibly hold HTML is considered dangerous. DTML code will use the quoted
+value of this string, and raised exceptions in Zope will use the repr()
+conversion.
+
+$Id$
+"""
+
+from cgi import escape
+
+
+class TaintedString:
+
+    def __init__(self, value):
+        self._value = value
+
+    def __str__(self):
+        return self._value
+
+    def __repr__(self):
+        return repr(self.quoted())
+
+    def __cmp__(self, o):
+        return cmp(self._value, o)
+
+    def __hash__(self):
+        return hash(self._value)
+
+    def __len__(self):
+        return len(self._value)
+
+    def __getitem__(self, index):
+        v = self._value[index]
+        if '<' in v:
+            v = self.__class__(v)
+        return v
+
+    def __getslice__(self, i, j):
+        i = max(i, 0)
+        j = max(j, 0)
+        v = self._value[i:j]
+        if '<' in v:
+            v = self.__class__(v)
+        return v
+
+    def __add__(self, o):
+        return self.__class__(self._value + o)
+
+    def __radd__(self, o):
+        return self.__class__(o + self._value)
+
+    def __mul__(self, o):
+        return self.__class__(self._value * o)
+
+    def __rmul__(self, o):
+        return self.__class__(o * self._value)
+
+    def __mod__(self, o):
+        return self.__class__(self._value % o)
+
+    def __int__(self):
+        return int(self._value)
+
+    def __float__(self):
+        return float(self._value)
+
+    def __long__(self):
+        return long(self._value)
+
+    def __getstate__(self):
+        # If an object tries to store a TaintedString, it obviously wasn't aware
+        # that it was playing with untrusted data. Complain acordingly.
+        raise SystemError("A TaintedString cannot be pickled. Code that "
+            "caused this TaintedString to be stored should be more careful "
+            "with untrusted data from the REQUEST.")
+
+    def __getattr__(self, a):
+        # for string methods support other than those defined below
+        return getattr(self._value, a)
+
+    # Python 2.2 only.
+    def decode(self, *args):
+        return self.__class__(self._value.decode(*args))
+
+    def encode(self, *args):
+        return self.__class__(self._value.encode(*args))
+
+    def expandtabs(self, *args):
+        return self.__class__(self._value.expandtabs(*args))
+
+    def replace(self, *args):
+        v = self._value.replace(*args)
+        if '<' in v:
+            v = self.__class__(v)
+        return v
+
+    def split(self, *args):
+        r = self._value.split(*args)
+        return map(lambda v, c=self.__class__: '<' in v and c(v) or v, r)
+
+    def splitlines(self, *args):
+        r = self._value.splitlines(*args)
+        return map(lambda v, c=self.__class__: '<' in v and c(v) or v, r)
+
+    def translate(self, *args):
+        v = self._value.translate(*args)
+        if '<' in v:
+            v = self.__class__(v)
+        return v
+
+    def quoted(self):
+        return escape(self._value, 1)
+
+    # As called by cDocumentTemplate
+    __untaint__ = quoted
+
+
+def createSimpleWrapper(func):
+    return lambda s, f=func: s.__class__(getattr(s._value, f)())
+
+def createOneArgWrapper(func):
+    return lambda s, a, f=func: s.__class__(getattr(s._value, f)(a))
+
+def createOneOptArgWrapper(func):
+    return lambda s, a=None, f=func: s.__class__(getattr(s._value, f)(a))
+    
+simpleWrappedMethods = \
+    "capitalize lower swapcase title upper".split()
+
+oneArgWrappedMethods = "center join ljust rjust".split()
+
+oneOptArgWrappedMethods = "lstrip rstrip strip".split()
+
+for f in simpleWrappedMethods:
+    setattr(TaintedString, f, createSimpleWrapper(f))
+
+for f in oneArgWrappedMethods:
+    setattr(TaintedString, f, createOneArgWrapper(f))
+
+for f in oneOptArgWrappedMethods:
+    setattr(TaintedString, f, createOneOptArgWrapper(f))


Property changes on: Zope/trunk/src/Shared/TaintedString/__init__.py
___________________________________________________________________
Added: cvs2svn:cvs-rev
   + 1.2
Added: svn:keywords
   + Id
Added: svn:eol-style
   + native

Copied: Zope/trunk/src/Shared/TaintedString/tests.py (from rev 107176, Zope/trunk/src/ZPublisher/tests/testTaintedString.py)
===================================================================
--- Zope/trunk/src/Shared/TaintedString/tests.py	                        (rev 0)
+++ Zope/trunk/src/Shared/TaintedString/tests.py	2009-12-28 11:20:23 UTC (rev 107204)
@@ -0,0 +1,164 @@
+##############################################################################
+#
+# Copyright (c) 2002 Zope Corporation and Contributors. All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" TaintedString tests.
+
+$Id$
+"""
+
+import unittest
+
+class TestTaintedString(unittest.TestCase):
+
+    def setUp(self):
+        self.unquoted = '<test attr="&">'
+        self.quoted = '&lt;test attr=&quot;&amp;&quot;&gt;'
+        self.tainted = self._getClass()(self.unquoted)
+
+    def _getClass(self):
+        from Shared.TaintedString import TaintedString
+        return TaintedString
+
+    def testStr(self):
+        self.assertEquals(str(self.tainted), self.unquoted)
+
+    def testRepr(self):
+        self.assertEquals(repr(self.tainted), repr(self.quoted))
+
+    def testCmp(self):
+        self.assertEquals(cmp(self.tainted, self.unquoted), 0)
+        self.assertEquals(cmp(self.tainted, 'a'), -1)
+        self.assertEquals(cmp(self.tainted, '.'), 1)
+
+    def testHash(self):
+        hash = {}
+        hash[self.tainted] = self.quoted
+        hash[self.unquoted] = self.unquoted
+        self.assertEquals(hash[self.tainted], self.unquoted)
+
+    def testLen(self):
+        self.assertEquals(len(self.tainted), len(self.unquoted))
+
+    def testGetItem(self):
+        self.assert_(isinstance(self.tainted[0], self._getClass()))
+        self.assertEquals(self.tainted[0], '<')
+        self.failIf(isinstance(self.tainted[-1], self._getClass()))
+        self.assertEquals(self.tainted[-1], '>')
+
+    def testGetSlice(self):
+        self.assert_(isinstance(self.tainted[0:1], self._getClass()))
+        self.assertEquals(self.tainted[0:1], '<')
+        self.failIf(isinstance(self.tainted[1:], self._getClass()))
+        self.assertEquals(self.tainted[1:], self.unquoted[1:])
+
+    def testConcat(self):
+        self.assert_(isinstance(self.tainted + 'test', self._getClass()))
+        self.assertEquals(self.tainted + 'test', self.unquoted + 'test')
+        self.assert_(isinstance('test' + self.tainted, self._getClass()))
+        self.assertEquals('test' + self.tainted, 'test' + self.unquoted)
+
+    def testMultiply(self):
+        self.assert_(isinstance(2 * self.tainted, self._getClass()))
+        self.assertEquals(2 * self.tainted, 2 * self.unquoted)
+        self.assert_(isinstance(self.tainted * 2, self._getClass()))
+        self.assertEquals(self.tainted * 2, self.unquoted * 2)
+
+    def testInterpolate(self):
+        tainted = self._getClass()('<%s>')
+        self.assert_(isinstance(tainted % 'foo', self._getClass()))
+        self.assertEquals(tainted % 'foo', '<foo>')
+        tainted = self._getClass()('<%s attr="%s">')
+        self.assert_(isinstance(tainted % ('foo', 'bar'), self._getClass()))
+        self.assertEquals(tainted % ('foo', 'bar'), '<foo attr="bar">')
+
+    def testStringMethods(self):
+        simple = "capitalize isalpha isdigit islower isspace istitle isupper" \
+            " lower lstrip rstrip strip swapcase upper".split()
+        returnsTainted = "capitalize lower lstrip rstrip strip swapcase upper"
+        returnsTainted = returnsTainted.split()
+        unquoted = '\tThis is a test  '
+        tainted = self._getClass()(unquoted)
+        for f in simple:
+            v = getattr(tainted, f)()
+            self.assertEquals(v, getattr(unquoted, f)())
+            if f in returnsTainted:
+                self.assert_(isinstance(v, self._getClass()))
+            else:
+                self.failIf(isinstance(v, self._getClass()))
+
+        optArg = "lstrip rstrip strip".split()
+        for f in optArg:
+            v = getattr(tainted, f)(" ")
+            self.assertEquals(v, getattr(unquoted, f)(" "))
+            self.assert_(isinstance(v, self._getClass()))        
+
+        justify = "center ljust rjust".split()
+        for f in justify:
+            v = getattr(tainted, f)(30)
+            self.assertEquals(v, getattr(unquoted, f)(30))
+            self.assert_(isinstance(v, self._getClass()))
+
+        searches = "find index rfind rindex endswith startswith".split()
+        searchraises = "index rindex".split()
+        for f in searches:
+            v = getattr(tainted, f)('test')
+            self.assertEquals(v, getattr(unquoted, f)('test'))
+            if f in searchraises:
+                self.assertRaises(ValueError, getattr(tainted, f), 'nada')
+
+        self.assertEquals(tainted.count('test', 1, -1),
+            unquoted.count('test', 1, -1))
+
+        self.assertEquals(tainted.encode(), unquoted.encode())
+        self.assert_(isinstance(tainted.encode(), self._getClass()))
+
+        self.assertEquals(tainted.expandtabs(10),
+            unquoted.expandtabs(10))
+        self.assert_(isinstance(tainted.expandtabs(), self._getClass()))
+
+        self.assertEquals(tainted.replace('test', 'spam'),
+            unquoted.replace('test', 'spam'))
+        self.assert_(isinstance(tainted.replace('test', '<'), self._getClass()))
+        self.failIf(isinstance(tainted.replace('test', 'spam'),
+            self._getClass()))
+
+        self.assertEquals(tainted.split(), unquoted.split())
+        for part in self._getClass()('< < <').split():
+            self.assert_(isinstance(part, self._getClass()))
+        for part in tainted.split():
+            self.failIf(isinstance(part, self._getClass()))
+
+        multiline = 'test\n<tainted>'
+        lines = self._getClass()(multiline).split()
+        self.assertEquals(lines, multiline.split())
+        self.assert_(isinstance(lines[1], self._getClass()))
+        self.failIf(isinstance(lines[0], self._getClass()))
+
+        transtable = ''.join(map(chr, range(256)))
+        self.assertEquals(tainted.translate(transtable),
+            unquoted.translate(transtable))
+        self.assert_(isinstance(self._getClass()('<').translate(transtable),
+            self._getClass()))
+        self.failIf(isinstance(self._getClass()('<').translate(transtable, '<'),
+            self._getClass()))
+
+    def testQuoted(self):
+        self.assertEquals(self.tainted.quoted(), self.quoted)
+
+
+def test_suite():
+    suite = unittest.TestSuite()
+    suite.addTest(unittest.makeSuite(TestTaintedString))
+    return suite
+
+if __name__ == '__main__':
+    unittest.main(defaultTest='test_suite')


Property changes on: Zope/trunk/src/Shared/TaintedString/tests.py
___________________________________________________________________
Added: cvs2svn:cvs-rev
   + 1.2
Added: svn:keywords
   + Id
Added: svn:eol-style
   + native

Modified: Zope/trunk/src/ZPublisher/HTTPRequest.py
===================================================================
--- Zope/trunk/src/ZPublisher/HTTPRequest.py	2009-12-28 11:02:24 UTC (rev 107203)
+++ Zope/trunk/src/ZPublisher/HTTPRequest.py	2009-12-28 11:20:23 UTC (rev 107204)
@@ -38,12 +38,12 @@
 from zope.publisher.base import DebugFlags
 from zope.publisher.interfaces.browser import IBrowserRequest
 
+from Shared.TaintedString import TaintedString
 from ZPublisher.BaseRequest import BaseRequest
 from ZPublisher.BaseRequest import quote
 from ZPublisher.Converters import get_converter
 from ZPublisher.HTTPResponse import HTTPResponse
 from ZPublisher.maybe_lock import allocate_lock
-from ZPublisher.TaintedString import TaintedString
 
 # Flags
 SEQUENCE = 1

Modified: Zope/trunk/src/ZPublisher/TaintedString.py
===================================================================
--- Zope/trunk/src/ZPublisher/TaintedString.py	2009-12-28 11:02:24 UTC (rev 107203)
+++ Zope/trunk/src/ZPublisher/TaintedString.py	2009-12-28 11:20:23 UTC (rev 107204)
@@ -7,145 +7,16 @@
 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE
+# FOR A PARTICULAR PURPOSE.
 #
 ##############################################################################
+"""TaintedString legacy module.
 
-__version__='$Revision: 1.2 $'[11:-2]
+$Id$
+"""
 
-from cgi import escape
-
-
-# TaintedStrings hold potentially dangerous untrusted data; anything that could
-# possibly hold HTML is considered dangerous. DTML code will use the quoted
-# value of this tring, and raised exceptions in Zope will use the repr()
-# conversion.
-class TaintedString:
-    def __init__(self, value):
-        self._value = value
-
-    def __str__(self):
-        return self._value
-
-    def __repr__(self):
-        return repr(self.quoted())
-
-    def __cmp__(self, o):
-        return cmp(self._value, o)
-
-    def __hash__(self):
-        return hash(self._value)
-
-    def __len__(self):
-        return len(self._value)
-
-    def __getitem__(self, index):
-        v = self._value[index]
-        if '<' in v:
-            v = self.__class__(v)
-        return v
-
-    def __getslice__(self, i, j):
-        i = max(i, 0)
-        j = max(j, 0)
-        v = self._value[i:j]
-        if '<' in v:
-            v = self.__class__(v)
-        return v
-
-    def __add__(self, o):
-        return self.__class__(self._value + o)
-
-    def __radd__(self, o):
-        return self.__class__(o + self._value)
-
-    def __mul__(self, o):
-        return self.__class__(self._value * o)
-
-    def __rmul__(self, o):
-        return self.__class__(o * self._value)
-
-    def __mod__(self, o):
-        return self.__class__(self._value % o)
-
-    def __int__(self):
-        return int(self._value)
-
-    def __float__(self):
-        return float(self._value)
-
-    def __long__(self):
-        return long(self._value)
-
-    def __getstate__(self):
-        # If an object tries to store a TaintedString, it obviously wasn't aware
-        # that it was playing with untrusted data. Complain acordingly.
-        raise SystemError("A TaintedString cannot be pickled. Code that "
-            "caused this TaintedString to be stored should be more careful "
-            "with untrusted data from the REQUEST.")
-
-    def __getattr__(self, a):
-        # for string methods support other than those defined below
-        return getattr(self._value, a)
-
-    # Python 2.2 only.
-    def decode(self, *args):
-        return self.__class__(self._value.decode(*args))
-
-    def encode(self, *args):
-        return self.__class__(self._value.encode(*args))
-
-    def expandtabs(self, *args):
-        return self.__class__(self._value.expandtabs(*args))
-
-    def replace(self, *args):
-        v = self._value.replace(*args)
-        if '<' in v:
-            v = self.__class__(v)
-        return v
-
-    def split(self, *args):
-        r = self._value.split(*args)
-        return map(lambda v, c=self.__class__: '<' in v and c(v) or v, r)
-
-    def splitlines(self, *args):
-        r = self._value.splitlines(*args)
-        return map(lambda v, c=self.__class__: '<' in v and c(v) or v, r)
-
-    def translate(self, *args):
-        v = self._value.translate(*args)
-        if '<' in v:
-            v = self.__class__(v)
-        return v
-
-    def quoted(self):
-        return escape(self._value, 1)
-
-    # As called by cDocumentTemplate
-    __untaint__ = quoted
-
-
-def createSimpleWrapper(func):
-    return lambda s, f=func: s.__class__(getattr(s._value, f)())
-
-def createOneArgWrapper(func):
-    return lambda s, a, f=func: s.__class__(getattr(s._value, f)(a))
-
-def createOneOptArgWrapper(func):
-    return lambda s, a=None, f=func: s.__class__(getattr(s._value, f)(a))
-    
-simpleWrappedMethods = \
-    "capitalize lower swapcase title upper".split()
-
-oneArgWrappedMethods = "center join ljust rjust".split()
-
-oneOptArgWrappedMethods = "lstrip rstrip strip".split()
-
-for f in simpleWrappedMethods:
-    setattr(TaintedString, f, createSimpleWrapper(f))
-
-for f in oneArgWrappedMethods:
-    setattr(TaintedString, f, createOneArgWrapper(f))
-
-for f in oneOptArgWrappedMethods:
-    setattr(TaintedString, f, createOneOptArgWrapper(f))
+from zope.deferredimport import deprecated
+deprecated('ZPublisher.TaintedString will be removed in Zope 2.14. Please '
+           'import from Shared.TaintedString instead.',
+           TaintedString = 'Shared.TaintedString:TaintedString',
+          )


Property changes on: Zope/trunk/src/ZPublisher/TaintedString.py
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
   - 1.2
Added: svn:keywords
   + Id

Modified: Zope/trunk/src/ZPublisher/tests/testHTTPRequest.py
===================================================================
--- Zope/trunk/src/ZPublisher/tests/testHTTPRequest.py	2009-12-28 11:02:24 UTC (rev 107203)
+++ Zope/trunk/src/ZPublisher/tests/testHTTPRequest.py	2009-12-28 11:20:23 UTC (rev 107204)
@@ -71,7 +71,7 @@
         # Also raises an Assertion if a string which *should* have been
         # tainted is found, or when a tainted string is not deemed dangerous.
         from ZPublisher.HTTPRequest import record
-        from ZPublisher.TaintedString import TaintedString
+        from Shared.TaintedString import TaintedString
 
         retval = 0
 
@@ -1015,8 +1015,12 @@
 
 ''' % ('test' * 1000)
 
+
 def test_suite():
     suite = unittest.TestSuite()
-    suite.addTest(unittest.makeSuite(RecordTests, 'test'))
-    suite.addTest(unittest.makeSuite(HTTPRequestTests, 'test'))
+    suite.addTest(unittest.makeSuite(RecordTests))
+    suite.addTest(unittest.makeSuite(HTTPRequestTests))
     return suite
+
+if __name__ == '__main__':
+    unittest.main(defaultTest='test_suite')


Property changes on: Zope/trunk/src/ZPublisher/tests/testHTTPRequest.py
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
   - 1.10
Added: svn:keywords
   + Id

Deleted: Zope/trunk/src/ZPublisher/tests/testTaintedString.py
===================================================================
--- Zope/trunk/src/ZPublisher/tests/testTaintedString.py	2009-12-28 11:02:24 UTC (rev 107203)
+++ Zope/trunk/src/ZPublisher/tests/testTaintedString.py	2009-12-28 11:20:23 UTC (rev 107204)
@@ -1,172 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2002 Zope Corporation and Contributors. All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE
-#
-##############################################################################
-
-import unittest
-
-class TestTaintedString(unittest.TestCase):
-    def setUp(self):
-        self.unquoted = '<test attr="&">'
-        self.quoted = '&lt;test attr=&quot;&amp;&quot;&gt;'
-        self.tainted = self._getClass()(self.unquoted)
-
-    def _getClass(self):
-        from ZPublisher.TaintedString import TaintedString
-        return TaintedString
-
-    def testStr(self):
-        self.assertEquals(str(self.tainted), self.unquoted)
-
-    def testRepr(self):
-        self.assertEquals(repr(self.tainted), repr(self.quoted))
-
-    def testCmp(self):
-        self.assertEquals(cmp(self.tainted, self.unquoted), 0)
-        self.assertEquals(cmp(self.tainted, 'a'), -1)
-        self.assertEquals(cmp(self.tainted, '.'), 1)
-
-    def testHash(self):
-        hash = {}
-        hash[self.tainted] = self.quoted
-        hash[self.unquoted] = self.unquoted
-        self.assertEquals(hash[self.tainted], self.unquoted)
-
-    def testLen(self):
-        self.assertEquals(len(self.tainted), len(self.unquoted))
-
-    def testGetItem(self):
-        self.assert_(isinstance(self.tainted[0], self._getClass()))
-        self.assertEquals(self.tainted[0], '<')
-        self.failIf(isinstance(self.tainted[-1], self._getClass()))
-        self.assertEquals(self.tainted[-1], '>')
-
-    def testGetSlice(self):
-        self.assert_(isinstance(self.tainted[0:1], self._getClass()))
-        self.assertEquals(self.tainted[0:1], '<')
-        self.failIf(isinstance(self.tainted[1:], self._getClass()))
-        self.assertEquals(self.tainted[1:], self.unquoted[1:])
-
-    def testConcat(self):
-        self.assert_(isinstance(self.tainted + 'test', self._getClass()))
-        self.assertEquals(self.tainted + 'test', self.unquoted + 'test')
-        self.assert_(isinstance('test' + self.tainted, self._getClass()))
-        self.assertEquals('test' + self.tainted, 'test' + self.unquoted)
-
-    def testMultiply(self):
-        self.assert_(isinstance(2 * self.tainted, self._getClass()))
-        self.assertEquals(2 * self.tainted, 2 * self.unquoted)
-        self.assert_(isinstance(self.tainted * 2, self._getClass()))
-        self.assertEquals(self.tainted * 2, self.unquoted * 2)
-
-    def testInterpolate(self):
-        tainted = self._getClass()('<%s>')
-        self.assert_(isinstance(tainted % 'foo', self._getClass()))
-        self.assertEquals(tainted % 'foo', '<foo>')
-        tainted = self._getClass()('<%s attr="%s">')
-        self.assert_(isinstance(tainted % ('foo', 'bar'), self._getClass()))
-        self.assertEquals(tainted % ('foo', 'bar'), '<foo attr="bar">')
-
-    def testStringMethods(self):
-        simple = "capitalize isalpha isdigit islower isspace istitle isupper" \
-            " lower lstrip rstrip strip swapcase upper".split()
-        returnsTainted = "capitalize lower lstrip rstrip strip swapcase upper"
-        returnsTainted = returnsTainted.split()
-        unquoted = '\tThis is a test  '
-        tainted = self._getClass()(unquoted)
-        for f in simple:
-            v = getattr(tainted, f)()
-            self.assertEquals(v, getattr(unquoted, f)())
-            if f in returnsTainted:
-                self.assert_(isinstance(v, self._getClass()))
-            else:
-                self.failIf(isinstance(v, self._getClass()))
-
-        optArg = "lstrip rstrip strip".split()
-        for f in optArg:
-            v = getattr(tainted, f)(" ")
-            self.assertEquals(v, getattr(unquoted, f)(" "))
-            self.assert_(isinstance(v, self._getClass()))        
-
-        justify = "center ljust rjust".split()
-        for f in justify:
-            v = getattr(tainted, f)(30)
-            self.assertEquals(v, getattr(unquoted, f)(30))
-            self.assert_(isinstance(v, self._getClass()))
-
-        searches = "find index rfind rindex endswith startswith".split()
-        searchraises = "index rindex".split()
-        for f in searches:
-            v = getattr(tainted, f)('test')
-            self.assertEquals(v, getattr(unquoted, f)('test'))
-            if f in searchraises:
-                self.assertRaises(ValueError, getattr(tainted, f), 'nada')
-
-        self.assertEquals(tainted.count('test', 1, -1),
-            unquoted.count('test', 1, -1))
-
-        self.assertEquals(tainted.encode(), unquoted.encode())
-        self.assert_(isinstance(tainted.encode(), self._getClass()))
-
-        self.assertEquals(tainted.expandtabs(10),
-            unquoted.expandtabs(10))
-        self.assert_(isinstance(tainted.expandtabs(), self._getClass()))
-
-        self.assertEquals(tainted.replace('test', 'spam'),
-            unquoted.replace('test', 'spam'))
-        self.assert_(isinstance(tainted.replace('test', '<'), self._getClass()))
-        self.failIf(isinstance(tainted.replace('test', 'spam'),
-            self._getClass()))
-
-        self.assertEquals(tainted.split(), unquoted.split())
-        for part in self._getClass()('< < <').split():
-            self.assert_(isinstance(part, self._getClass()))
-        for part in tainted.split():
-            self.failIf(isinstance(part, self._getClass()))
-
-        multiline = 'test\n<tainted>'
-        lines = self._getClass()(multiline).split()
-        self.assertEquals(lines, multiline.split())
-        self.assert_(isinstance(lines[1], self._getClass()))
-        self.failIf(isinstance(lines[0], self._getClass()))
-
-        transtable = ''.join(map(chr, range(256)))
-        self.assertEquals(tainted.translate(transtable),
-            unquoted.translate(transtable))
-        self.assert_(isinstance(self._getClass()('<').translate(transtable),
-            self._getClass()))
-        self.failIf(isinstance(self._getClass()('<').translate(transtable, '<'),
-            self._getClass()))
-
-    def testQuoted(self):
-        self.assertEquals(self.tainted.quoted(), self.quoted)
-
-
-def test_suite():
-    suite = unittest.TestSuite()
-    suite.addTest(unittest.makeSuite(TestTaintedString, 'test'))
-    return suite
-
-def main():
-    unittest.TextTestRunner().run(test_suite())
-
-def debug():
-    test_suite().debug()
-
-def pdebug():
-    import pdb
-    pdb.run('debug()')
-
-if __name__=='__main__':
-    if len(sys.argv) > 1:
-        globals()[sys.argv[1]]()
-    else:
-        main()



More information about the Zope-Checkins mailing list