0001-template-escape-substitution-variables-7860.patch
wcs/qommon/template.py | ||
---|---|---|
15 | 15 |
# along with this program; if not, see <http://www.gnu.org/licenses/>. |
16 | 16 | |
17 | 17 |
from cStringIO import StringIO |
18 |
import cgi |
|
18 | 19 |
import os |
19 | 20 |
import glob |
20 | 21 |
import xml.etree.ElementTree as ET |
... | ... | |
438 | 439 |
breadcrumb = ' <span class="separator">></span> '.join(s) |
439 | 440 | |
440 | 441 |
vars = response.filter.copy() |
441 |
vars.update(get_publisher().substitutions.get_context_variables()) |
|
442 |
for var_key, var_value in get_publisher().substitutions.get_context_variables().items(): |
|
443 |
if isinstance(var_value, basestring): |
|
444 |
vars[var_key] = cgi.escape(var_value) |
|
445 |
else: |
|
446 |
vars[var_key] = var_value |
|
442 | 447 |
vars.update(locals()) |
443 | 448 |
fd = StringIO() |
444 | 449 |
template.generate(fd, vars) |
445 |
- |