Ticket #2359: rev5774-02-misc-contrib-changes.diff

File rev5774-02-misc-contrib-changes.diff, 11.9 KB (added by mir@…, 17 years ago)

updated patch

  • django/contrib/csrf/middleware.py

    From nobody Mon Sep 17 00:00:00 2001
    From: Michael Radziej <mir@noris.de>
    Date: Mon Jul 30 12:44:07 2007 +0200
    Subject: [PATCH] autoescape 2
    
    Refreshed patch autoescape-2.
    (Base: d477ce3e5467f90b1145c5dbe26537617ddb4e7e)
    (Last: ef0504fe444571fc542a2cee7ae9ca582d6938e2)
    
    ---
    
     django/contrib/csrf/middleware.py                |    7 +++--
     django/contrib/humanize/templatetags/humanize.py |    4 +++
     django/contrib/markup/templatetags/markup.py     |   10 +++++-
     django/views/debug.py                            |   34 ++++++++++++----------
     4 files changed, 34 insertions(+), 21 deletions(-)
    
    base f85821b7ba98b464a787255deeebcbe82c81fc71
    last f4b9e2411b164d8da7d19c722249b41133458baf
    diff --git a/django/contrib/csrf/middleware.py b/django/contrib/csrf/middleware.py
    index 93a9484ca655ef96032871ca1a6c5444c11daef2..15ff69a088b27edab7830edb1e833901edc45d87 100644
    a b against request forgeries from other sites.  
    77"""
    88from django.conf import settings
    99from django.http import HttpResponseForbidden
     10from django.utils.safestring import mark_safe
    1011import md5
    1112import re
    1213import itertools
    1314
    14 _ERROR_MSG = '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>'
     15_ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>')
    1516
    1617_POST_FORM_RE = \
    1718    re.compile(r'(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE)
    class CsrfMiddleware(object):  
    8283                                            itertools.repeat(''))
    8384            def add_csrf_field(match):
    8485                """Returns the matched <form> tag plus the added <input> element"""
    85                 return match.group() + "<div style='display:none;'>" + \
     86                return mark_safe(match.group() + "<div style='display:none;'>" + \
    8687                "<input type='hidden' " + idattributes.next() + \
    8788                " name='csrfmiddlewaretoken' value='" + csrf_token + \
    88                 "' /></div>"
     89                "' /></div>")
    8990
    9091            # Modify any POST forms
    9192            response.content = _POST_FORM_RE.sub(add_csrf_field, response.content)
  • django/contrib/humanize/templatetags/humanize.py

    diff --git a/django/contrib/humanize/templatetags/humanize.py b/django/contrib/humanize/templatetags/humanize.py
    index 699d9300b8ea478e82ec21da8913ecea4eaaf40b..c391ef2b3bb3ef1bd9d99c086b4bfb277cfce8fe 100644
    a b def ordinal(value):  
    1818    if value % 100 in (11, 12, 13): # special case
    1919        return u"%d%s" % (value, t[0])
    2020    return u'%d%s' % (value, t[value % 10])
     21ordinal.is_safe = True
    2122register.filter(ordinal)
    2223
    2324def intcomma(value):
    def intcomma(value):  
    3132        return new
    3233    else:
    3334        return intcomma(new)
     35intcomma.is_safe = True
    3436register.filter(intcomma)
    3537
    3638def intword(value):
    def intword(value):  
    5254        new_value = value / 1000000000000.0
    5355        return ungettext('%(value).1f trillion', '%(value).1f trillion', new_value) % {'value': new_value}
    5456    return value
     57intword.is_safe = False
    5558register.filter(intword)
    5659
    5760def apnumber(value):
    def apnumber(value):  
    6669    if not 0 < value < 10:
    6770        return value
    6871    return (_('one'), _('two'), _('three'), _('four'), _('five'), _('six'), _('seven'), _('eight'), _('nine'))[value-1]
     72apnumber.is_safe = True
    6973register.filter(apnumber)
  • django/contrib/markup/templatetags/markup.py

    diff --git a/django/contrib/markup/templatetags/markup.py b/django/contrib/markup/templatetags/markup.py
    index 5d1f0ff1fb26564702822e57dc56f01970ae32b6..13708fd26df27cec10c45672f9cb9a6f15e7caf1 100644
    a b silently fail and return the un-marked-up text.  
    1717from django import template
    1818from django.conf import settings
    1919from django.utils.encoding import smart_str, force_unicode
     20from django.utils.safestring import mark_safe
    2021
    2122register = template.Library()
    2223
    def textile(value):  
    2829            raise template.TemplateSyntaxError, "Error in {% textile %} filter: The Python textile library isn't installed."
    2930        return force_unicode(value)
    3031    else:
    31         return force_unicode(textile.textile(smart_str(value), encoding='utf-8', output='utf-8'))
     32        return mark_safe(force_unicode(textile.textile(smart_str(value), encoding='utf-8', output='utf-8')))
     33textile.is_safe = True
    3234
    3335def markdown(value):
    3436    try:
    def markdown(value):  
    3840            raise template.TemplateSyntaxError, "Error in {% markdown %} filter: The Python markdown library isn't installed."
    3941        return force_unicode(value)
    4042    else:
    41         return force_unicode(markdown.markdown(smart_str(value)))
     43        return mark_safe(force_unicode(markdown.markdown(smart_str(value))))
     44markdown.is_safe = True
    4245
    4346def restructuredtext(value):
    4447    try:
    def restructuredtext(value):  
    5053    else:
    5154        docutils_settings = getattr(settings, "RESTRUCTUREDTEXT_FILTER_SETTINGS", {})
    5255        parts = publish_parts(source=smart_str(value), writer_name="html4css1", settings_overrides=docutils_settings)
    53         return force_unicode(parts["fragment"])
     56        return mark_safe(force_unicode(parts["fragment"]))
     57restructuredtext.is_safe = True
    5458
    5559register.filter(textile)
    5660register.filter(markdown)
  • django/views/debug.py

    diff --git a/django/views/debug.py b/django/views/debug.py
    index d2efe76072dd40a62efaf563d150ba0be0149ab6..ccf02c007aa39647555613089808151bd43eb95d 100644
    a b TECHNICAL_500_TEMPLATE = """  
    323323  </script>
    324324</head>
    325325<body>
    326 
     326{% autoescape %}
    327327<div id="summary">
    328328  <h1>{{ exception_type }} at {{ request.path|escape }}</h1>
    329329  <h2>{{ exception_value|escape }}</h2>
    TECHNICAL_500_TEMPLATE = """  
    379379<div id="template">
    380380   <h2>Template error</h2>
    381381   <p>In template <code>{{ template_info.name }}</code>, error at line <strong>{{ template_info.line }}</strong></p>
    382    <h3>{{ template_info.message|escape }}</h3>
     382   <h3>{{ template_info.message }}</h3>
    383383   <table class="source{% if template_info.top %} cut-top{% endif %}{% ifnotequal template_info.bottom template_info.total %} cut-bottom{% endifnotequal %}">
    384384   {% for source_line in template_info.source_lines %}
    385385   {% ifequal source_line.0 template_info.line %}
    TECHNICAL_500_TEMPLATE = """  
    406406          {% if frame.context_line %}
    407407            <div class="context" id="c{{ frame.id }}">
    408408              {% if frame.pre_context %}
    409                 <ol start="{{ frame.pre_context_lineno }}" class="pre-context" id="pre{{ frame.id }}">{% for line in frame.pre_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line|escape }}</li>{% endfor %}</ol>
     409                <ol start="{{ frame.pre_context_lineno }}" class="pre-context" id="pre{{ frame.id }}">{% for line in frame.pre_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line }}</li>{% endfor %}</ol>
    410410              {% endif %}
    411               <ol start="{{ frame.lineno }}" class="context-line"><li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ frame.context_line|escape }} <span>...</span></li></ol>
     411              <ol start="{{ frame.lineno }}" class="context-line"><li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ frame.context_line }} <span>...</span></li></ol>
    412412              {% if frame.post_context %}
    413                 <ol start='{{ frame.lineno|add:"1" }}' class="post-context" id="post{{ frame.id }}">{% for line in frame.post_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line|escape }}</li>{% endfor %}</ol>
     413                <ol start='{{ frame.lineno|add:"1" }}' class="post-context" id="post{{ frame.id }}">{% for line in frame.post_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line }}</li>{% endfor %}</ol>
    414414              {% endif %}
    415415            </div>
    416416          {% endif %}
    TECHNICAL_500_TEMPLATE = """  
    430430                {% for var in frame.vars|dictsort:"0" %}
    431431                  <tr>
    432432                    <td>{{ var.0 }}</td>
    433                     <td class="code"><div>{{ var.1|pprint|escape }}</div></td>
     433                    <td class="code"><div>{{ var.1|pprint }}</div></td>
    434434                  </tr>
    435435                {% endfor %}
    436436              </tbody>
    Traceback (most recent call last):<br/>  
    450450{% for frame in frames %}
    451451  File "{{ frame.filename }}" in {{ frame.function }}<br/>
    452452  {% if frame.context_line %}
    453     &nbsp;&nbsp;{{ frame.lineno }}. {{ frame.context_line|escape }}<br/>
     453    &nbsp;&nbsp;{{ frame.lineno }}. {{ frame.context_line }}<br/>
    454454  {% endif %}
    455455{% endfor %}<br/>
    456456&nbsp;&nbsp;{{ exception_type }} at {{ request.path|escape }}<br/>
    Traceback (most recent call last):<br/>  
    478478        {% for var in request.GET.items %}
    479479          <tr>
    480480            <td>{{ var.0 }}</td>
    481             <td class="code"><div>{{ var.1|pprint|escape }}</div></td>
     481            <td class="code"><div>{{ var.1|pprint }}</div></td>
    482482          </tr>
    483483        {% endfor %}
    484484      </tbody>
    Traceback (most recent call last):<br/>  
    500500        {% for var in request.POST.items %}
    501501          <tr>
    502502            <td>{{ var.0 }}</td>
    503             <td class="code"><div>{{ var.1|pprint|escape }}</div></td>
     503            <td class="code"><div>{{ var.1|pprint }}</div></td>
    504504          </tr>
    505505        {% endfor %}
    506506      </tbody>
    Traceback (most recent call last):<br/>  
    522522        {% for var in request.COOKIES.items %}
    523523          <tr>
    524524            <td>{{ var.0 }}</td>
    525             <td class="code"><div>{{ var.1|pprint|escape }}</div></td>
     525            <td class="code"><div>{{ var.1|pprint }}</div></td>
    526526          </tr>
    527527        {% endfor %}
    528528      </tbody>
    Traceback (most recent call last):<br/>  
    543543      {% for var in request.META.items|dictsort:"0" %}
    544544        <tr>
    545545          <td>{{ var.0 }}</td>
    546           <td class="code"><div>{{ var.1|pprint|escape }}</div></td>
     546          <td class="code"><div>{{ var.1|pprint }}</div></td>
    547547        </tr>
    548548      {% endfor %}
    549549    </tbody>
    Traceback (most recent call last):<br/>  
    562562      {% for var in settings.items|dictsort:"0" %}
    563563        <tr>
    564564          <td>{{ var.0 }}</td>
    565           <td class="code"><div>{{ var.1|pprint|escape }}</div></td>
     565          <td class="code"><div>{{ var.1|pprint }}</div></td>
    566566        </tr>
    567567      {% endfor %}
    568568    </tbody>
    Traceback (most recent call last):<br/>  
    577577    display a standard 500 page.
    578578  </p>
    579579</div>
    580 
     580{% endautoescape %}
    581581</body>
    582582</html>
    583583"""
    TECHNICAL_404_TEMPLATE = """  
    608608  </style>
    609609</head>
    610610<body>
     611{% autoescape %}
    611612  <div id="summary">
    612613    <h1>Page not found <span>(404)</span></h1>
    613614    <table class="meta">
    TECHNICAL_404_TEMPLATE = """  
    629630      </p>
    630631      <ol>
    631632        {% for pattern in urlpatterns %}
    632           <li>{{ pattern|escape }}</li>
     633          <li>{{ pattern }}</li>
    633634        {% endfor %}
    634635      </ol>
    635636      <p>The current URL, <code>{{ request_path|escape }}</code>, didn't match any of these.</p>
    636637    {% else %}
    637       <p>{{ reason|escape }}</p>
     638      <p>{{ reason }}</p>
    638639    {% endif %}
    639640  </div>
    640641
    TECHNICAL_404_TEMPLATE = """  
    645646      will display a standard 404 page.
    646647    </p>
    647648  </div>
     649{% endautoescape %}
    648650</body>
    649651</html>
    650652"""
    EMPTY_URLCONF_TEMPLATE = """  
    679681</head>
    680682
    681683<body>
     684{% autoescape %}
    682685<div id="summary">
    683686  <h1>It worked!</h1>
    684687  <h2>Congratulations on your first Django-powered page.</h2>
    EMPTY_URLCONF_TEMPLATE = """  
    698701    Django settings file and you haven't configured any URLs. Get to work!
    699702  </p>
    700703</div>
     704{% endautoescape %}
    701705</body></html>
    702706"""
Back to Top