Projet

Général

Profil

0001-template-escape-substitution-variables-7860.patch

Frédéric Péters, 16 juillet 2015 11:56

Télécharger (1,23 ko)

Voir les différences:

Subject: [PATCH] template: escape substitution variables (#7860)

 wcs/qommon/template.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
wcs/qommon/template.py
15 15
# along with this program; if not, see <http://www.gnu.org/licenses/>.
16 16

  
17 17
from cStringIO import StringIO
18
import cgi
18 19
import os
19 20
import glob
20 21
import xml.etree.ElementTree as ET
......
438 439
            breadcrumb = ' <span class="separator">&gt;</span> '.join(s)
439 440

  
440 441
    vars = response.filter.copy()
441
    vars.update(get_publisher().substitutions.get_context_variables())
442
    for var_key, var_value in get_publisher().substitutions.get_context_variables().items():
443
        if isinstance(var_value, basestring):
444
            vars[var_key] = cgi.escape(var_value)
445
        else:
446
            vars[var_key] = var_value
442 447
    vars.update(locals())
443 448
    fd = StringIO()
444 449
    template.generate(fd, vars)
445
-