Changeset 1034
- Timestamp:
- 07/17/06 15:58:39 (2 years ago)
- Files:
-
- discussionplugin/0.9/tracdiscussion/admin.py (modified) (4 diffs)
- discussionplugin/0.9/tracdiscussion/api.py (modified) (5 diffs)
- discussionplugin/0.9/tracdiscussion/core.py (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
discussionplugin/0.9/tracdiscussion/admin.py
r1016 r1034 75 75 elif mode == 'group-post-add': 76 76 # Get form values 77 name = req.args.get('name')78 description = req.args.get('description')77 name = Markup(req.args.get('name')) 78 description = Markup(req.args.get('description')) 79 79 80 80 # Add new group … … 88 88 # Get form values 89 89 group = req.args.get('group') 90 name = req.args.get('name')91 description = req.args.get('description')90 name = Markup(req.args.get('name')) 91 description = Markup(req.args.get('description')) 92 92 93 93 # Add new group … … 126 126 elif mode == 'forum-post-add': 127 127 # Get form values 128 name = req.args.get('name')128 name = Markup(req.args.get('name')) 129 129 author = req.authname 130 subject = req.args.get('subject')131 description = req.args.get('description')132 moderators = req.args.get('moderators')130 subject = Markup(req.args.get('subject')) 131 description = Markup(req.args.get('description')) 132 moderators = Markup(req.args.get('moderators')) 133 133 group = req.args.get('group') 134 134 … … 151 151 # Get form values 152 152 forum = req.args.get('forum') 153 name = req.args.get('name')154 subject = req.args.get('subject')155 description = req.args.get('description')156 moderators = req.args.get('moderators')153 name = Markup(req.args.get('name')) 154 subject = Markup(req.args.get('subject')) 155 description = Markup(req.args.get('description')) 156 moderators = Markup(req.args.get('moderators')) 157 157 group = req.args.get('group') 158 158 discussionplugin/0.9/tracdiscussion/api.py
r1016 r1034 1 1 from trac.core import * 2 2 from trac.wiki import wiki_to_html, wiki_to_oneliner 3 from trac.util import format_datetime, pretty_timedelta, escape, unescape 3 from trac.util import format_datetime, pretty_timedelta, escape, unescape, Markup 4 4 import time 5 5 … … 224 224 sql = "INSERT INTO forum_group (name, description) VALUES (%s, %s)" 225 225 log.debug(sql) 226 cursor.execute(sql, ( name, description))226 cursor.execute(sql, (escape(name), escape(description))) 227 227 228 228 … … 235 235 " description, forum_group) VALUES (%s, %s, %s, %s, %s, %s, %s)" 236 236 log.debug(sql) 237 cursor.execute(sql, ( name, author, str(int(time.time())), moderators,238 subject, description, group))237 cursor.execute(sql, (escape(name), escape(author), str(int(time.time())), 238 escape(moderators), escape(subject), escape(description), group)) 239 239 240 240 def add_topic(cursor, log, forum, subject, author, body): … … 242 242 " (%s, %s, %s, %s, %s)" 243 243 log.debug(sql) 244 cursor.execute(sql, (forum, str(int(time.time())), author, subject, body)) 244 cursor.execute(sql, (forum, int(time.time()), escape(author), 245 escape(subject), escape(body))) 245 246 246 247 def add_message(cursor, log, forum, topic, replyto, author, body): … … 248 249 " VALUES (%s, %s, %s, %s, %s, %s)" 249 250 log.debug(sql) 250 cursor.execute(sql, (forum, topic, replyto, str(int(time.time())), 251 escape(author), escape(body))) 251 log.debug(body) 252 cursor.execute(sql, (forum, topic, replyto, int(time.time()), 253 escape(author), escape(Markup(body)))) 252 254 253 255 # Delete items functions discussionplugin/0.9/tracdiscussion/core.py
r1016 r1034 170 170 171 171 # Get form values 172 name = req.args.get('name')172 name = Markup(req.args.get('name')) 173 173 author = req.authname 174 subject = req.args.get('subject')175 description = req.args.get('description')176 moderators = req.args.get('moderators')174 subject = Markup(req.args.get('subject')) 175 description = Markup(req.args.get('description')) 176 moderators = Markup(req.args.get('moderators')) 177 177 group = req.args.get('group') 178 178 if not moderators: … … 219 219 220 220 # Get form values 221 author = req.args.get('author')222 body = req.args.get('body')221 author = Markup(req.args.get('author')) 222 body = Markup(req.args.get('body')) 223 223 224 224 req.hdf['discussion.href'] = self.env.href.discussion(forum['id']) … … 232 232 233 233 # Get from values 234 subject = req.args.get('subject')235 author = req.args.get('author')236 body = req.args.get('body')234 subject = Markup(req.args.get('subject')) 235 author = Markup(req.args.get('author')) 236 body = Markup(req.args.get('body')) 237 237 238 238 # Add new topic and display topic list … … 294 294 295 295 # Get form values 296 author = req.args.get('author')297 body = req.args.get('body')296 author = Markup(req.args.get('author')) 297 body = Markup(req.args.get('body')) 298 298 299 299 # Display messages … … 311 311 312 312 # Get form values 313 author = req.args.get('author')314 body = req.args.get('body')313 author = Markup(req.args.get('author')) 314 body = Markup(req.args.get('body')) 315 315 316 316 # Add new message
