[Mpuls-commits] r2826 - in base/trunk: . mpulsweb/lib mpulsweb/model mpulsweb/templates/documents
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon May 31 12:04:13 CEST 2010
Author: torsten
Date: 2010-05-31 12:04:07 +0200 (Mon, 31 May 2010)
New Revision: 2826
Modified:
base/trunk/ChangeLog
base/trunk/mpulsweb/lib/validators.py
base/trunk/mpulsweb/model/document.py
base/trunk/mpulsweb/model/user.py
base/trunk/mpulsweb/templates/documents/case_overview.mako
base/trunk/mpulsweb/templates/documents/global_overview.mako
Log:
Merged
Modified: base/trunk/ChangeLog
===================================================================
--- base/trunk/ChangeLog 2010-05-31 10:03:49 UTC (rev 2825)
+++ base/trunk/ChangeLog 2010-05-31 10:04:07 UTC (rev 2826)
@@ -1,3 +1,29 @@
+2010-05-25 Bernhard Herzog <bh at intevation.de>
+
+ * mpulsweb/model/user.py (log): Add logger.
+
+2010-05-25 Bernhard Herzog <bh at intevation.de>
+
+ * mpulsweb/templates/documents/case_overview.mako,
+ mpulsweb/templates/documents/global_overview.mako: Avoid
+ unnecessary html-escaping.
+
+2010-05-25 Bernhard Herzog <bh at intevation.de>
+
+ * mpulsweb/model/document.py (Document.getName): Remove encoding
+ parameter. No caller used anything but the default value anyway.
+ Also, make non-ascii names actually work by using ensure_unicode
+ to convert the name to unicode instead of unconditionally
+ converting to byte-string first.
+
+2010-05-25 Bernhard Herzog <bh at intevation.de>
+
+ * mpulsweb/lib/validators.py (FileExistsChecker.casedoc_sql)
+ (FileExistsChecker.globaldoc_sql): Fix parameter markers so that
+ the normal DB-API parameter substitution can be used.
+ (FileExistsChecker.validate_python): Use the standard DB-API
+ parameter substitution mechanism. This avoids SQL-injections.
+
2010-05-21 Bernhard Herzog <bh at intevation.de>
* mpulsweb/lib/renderer.py (tag): Allow attribute names that
Modified: base/trunk/mpulsweb/lib/validators.py
===================================================================
--- base/trunk/mpulsweb/lib/validators.py 2010-05-31 10:03:49 UTC (rev 2825)
+++ base/trunk/mpulsweb/lib/validators.py 2010-05-31 10:04:07 UTC (rev 2826)
@@ -68,9 +68,9 @@
"""
casedoc_sql = ("SELECT id FROM ka_fall_dokumente_tbl_view"
- " WHERE name = '%(filename)s' and master_id = %(case)s")
+ " WHERE name = %(filename)s and master_id = %(case)s")
globaldoc_sql = ("SELECT id FROM ka_global_dokumente_tbl_view"
- " WHERE name = '%(filename)s'")
+ " WHERE name = %(filename)s")
field_names = None
validate_partial_form = True
__unpackargs__ = ('*', 'field_names')
@@ -124,7 +124,7 @@
conn = db.getConnection()
cur = conn.cursor()
fields = {'filename': name, 'case': case}
- cur.execute(sql % fields)
+ cur.execute(sql, fields)
result = cur.fetchone()
if result:
errors['name'] = self.message('fileexists', state)
Modified: base/trunk/mpulsweb/model/document.py
===================================================================
--- base/trunk/mpulsweb/model/document.py 2010-05-31 10:03:49 UTC (rev 2825)
+++ base/trunk/mpulsweb/model/document.py 2010-05-31 10:04:07 UTC (rev 2826)
@@ -159,13 +159,11 @@
def isCaseAttached(self):
return not self.case is None
- def getName(self, encoding="utf-8"):
+ def getName(self):
name = self.name
if name is None:
return None
- if encoding:
- return unicode(str(name), encoding)
- return name
+ return h.ensure_unicode(name)
def create(self, name, src, case=None, uuid=None):
name = name.strip().rsplit('\\', 1)[-1].rsplit('/', 1)[-1]
Modified: base/trunk/mpulsweb/model/user.py
===================================================================
--- base/trunk/mpulsweb/model/user.py 2010-05-31 10:03:49 UTC (rev 2825)
+++ base/trunk/mpulsweb/model/user.py 2010-05-31 10:04:07 UTC (rev 2826)
@@ -24,6 +24,7 @@
import sys
import datetime
+import logging
from pylons import session
@@ -32,6 +33,9 @@
from mpulsweb.lib.db import db
+log = logging.getLogger(__name__)
+
+
MARK_NEWS_AS_READ_SQL = """SELECT markNewsAsRead(%(user_id)s, %(news_id)s)"""
FETCH_USER_LIST_SQL = """\
SELECT id, vorname, nachname, rolle, login, gid
Modified: base/trunk/mpulsweb/templates/documents/case_overview.mako
===================================================================
--- base/trunk/mpulsweb/templates/documents/case_overview.mako 2010-05-31 10:03:49 UTC (rev 2825)
+++ base/trunk/mpulsweb/templates/documents/case_overview.mako 2010-05-31 10:04:07 UTC (rev 2826)
@@ -48,10 +48,10 @@
%>
% for num, f in enumerate(c.files):
<tr class="${num%2 and 'hl' or ''}">
- <td>${ f.getName() | F.shorten, h}</td>
+ <td>${ f.getName() | F.shorten}</td>
<td class="number_field">${kb(f.size)} KB</td>
<td class="actions">
- <a href="/casedocument/show/${f.id}/${f.getName() | F.H}"
+ <a href="/casedocument/show/${f.id}/${f.getName()}"
target="_blank">
<img src="/images/icons/open_active_22.png" border="0"
alt="${_('cm_overview_a_show')}" title="${_('cm_overview_a_show')}"></a>
Modified: base/trunk/mpulsweb/templates/documents/global_overview.mako
===================================================================
--- base/trunk/mpulsweb/templates/documents/global_overview.mako 2010-05-31 10:03:49 UTC (rev 2825)
+++ base/trunk/mpulsweb/templates/documents/global_overview.mako 2010-05-31 10:04:07 UTC (rev 2826)
@@ -34,13 +34,13 @@
% if idset==0:
<tr>
<td>
- <a href="/document/globalShow/${f.id}/${f.getName() | F.H}" target="_blank">${ f.getName() | F.shorten, h}</a>
+ <a href="/document/globalShow/${f.id}/${f.getName()}" target="_blank">${ f.getName() | F.shorten}</a>
</td>
<td class="number_field">
${kb(f.size)} KB
</td>
<td class="table_action">
- <a href="/document/globalShow/${f.id}/${f.getName() | F.H}" target="_blank"><img src="/images/icons/open_active_22.png" border="0" alt="${_('cm_overview_a_show')}"
+ <a href="/document/globalShow/${f.id}/${f.getName()}" target="_blank"><img src="/images/icons/open_active_22.png" border="0" alt="${_('cm_overview_a_show')}"
title="${_('cm_overview_a_show')}" title="${_('cm_overview_a_show')}"></a>
% if h.hasRole(['admin_ka']):
<a href="/document/globalDelete/${f.id}"><img src="/images/icons/delete_active_22.png" border="0" alt="${_('cm_overview_a_delete')}" title="${_('cm_overview_a_delete')}"></a>
@@ -51,13 +51,13 @@
% else:
<tr class="table_row_h">
<td>
- <a href="/document/globalShow/${f.id}/${f.getName() | F.H}" target="_blank">${ f.getName() | F.shorten, h}</a>
+ <a href="/document/globalShow/${f.id}/${f.getName()}" target="_blank">${ f.getName() | F.shorten}</a>
</td>
<td class="number_field">
${kb(f.size)} KB
</td>
<td class="table_action">
- <a href="/document/globalShow/${f.id}/${f.getName() | F.H}" target="_blank"><img src="/images/icons/open_active_22.png" border="0" alt="${_('cm_overview_a_show')}"
+ <a href="/document/globalShow/${f.id}/${f.getName()}" target="_blank"><img src="/images/icons/open_active_22.png" border="0" alt="${_('cm_overview_a_show')}"
title="${_('cm_overview_a_show')}" title="${_('cm_overview_a_show')}"></a>
% if h.hasRole(['admin_ka']):
<a href="/document/globalDelete/${f.id}"><img src="/images/icons/delete_active_22.png" border="0" alt="${_('cm_overview_a_delete')}" title="${_('cm_overview_a_delete')}"></a>
More information about the Mpuls-commits
mailing list