revert StringHTMLProperty to not hyperlink text by default (added doc too)

Richard Jones · Richard Jones · commit 8972c5957f26 · 2003-01-13T04:24:54.000Z
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -6,6 +6,7 @@ are given with the most recent entry first.
 - fixed rdbms searching by ID (sf bug 666615)
 - detect corrupted index and raise semi-useful exception (sf bug 666767)
 - open server logfile unbuffered
+- revert StringHTMLProperty to not hyperlink text by default
 
 
 2003-01-10 0.5.4
diff --git a/doc/customizing.txt b/doc/customizing.txt
@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.68 $
+:Version: $Revision: 1.68.2.1 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -1219,32 +1219,55 @@ _value          the value of the property if any - this is the actual value
 
 There are several methods available on these wrapper objects:
 
-=========== =================================================================
-Method      Description
-=========== =================================================================
-plain       render a "plain" representation of the property
-field       render an appropriate form edit field for the property - for most
-            types this is a text entry box, but for Booleans it's a tri-state
-            yes/no/neither selection.
-stext       only on String properties - render the value of the
-            property as StructuredText (requires the StructureText module
-            to be installed separately)
-multiline   only on String properties - render a multiline form edit
-            field for the property
-email       only on String properties - render the value of the 
-            property as an obscured email address
-confirm     only on Password properties - render a second form edit field for
-            the property, used for confirmation that the user typed the
-            password correctly. Generates a field with name "name:confirm".
-reldate     only on Date properties - render the interval between the
-            date and now
-pretty      only on Interval properties - render the interval in a
-            pretty format (eg. "yesterday")
-menu        only on Link and Multilink properties - render a form select
-            list for this property
-reverse     only on Multilink properties - produce a list of the linked
-            items in reverse order
-=========== =================================================================
+========= =====================================================================
+Method    Description
+========= =====================================================================
+plain     render a "plain" representation of the property. This method may
+          take two arguments:
+
+          escape
+           If true, escape the text so it is HTML safe (default: no). The
+           reason this defaults to off is that text is usually escaped
+           at a later stage by the TAL commands, unless the "structure"
+           option is used in the template. The following are equivalent::
+
+            <p tal:content="structure python:msg.content.plain(escape=1)" />
+            <p tal:content="python:msg.content.plain()" />
+            <p tal:content="msg/content/plain" />
+            <p tal:content="msg/content" />
+
+          hyperlink
+           If true, turn URLs, email addresses and hyperdb item designators
+           in the text into hyperlinks (default: no). Note that you'll need
+           to use the "structure" TAL option if you want to use this::
+
+            <p tal:content="structure python:msg.content.plain(hyperlink=1)" />
+
+           Note also that the text is automatically HTML-escape before the
+           hyperlinking transformation.
+
+field     render an appropriate form edit field for the property - for most
+          types this is a text entry box, but for Booleans it's a tri-state
+          yes/no/neither selection.
+stext     only on String properties - render the value of the
+          property as StructuredText (requires the StructureText module
+          to be installed separately)
+multiline only on String properties - render a multiline form edit
+          field for the property
+email     only on String properties - render the value of the 
+          property as an obscured email address
+confirm   only on Password properties - render a second form edit field for
+          the property, used for confirmation that the user typed the
+          password correctly. Generates a field with name "name:confirm".
+reldate   only on Date properties - render the interval between the
+          date and now
+pretty    only on Interval properties - render the interval in a
+          pretty format (eg. "yesterday")
+menu      only on Link and Multilink properties - render a form select
+          list for this property
+reverse   only on Multilink properties - produce a list of the linked
+          items in reverse order
+========= =====================================================================
 
 The request variable
 ~~~~~~~~~~~~~~~~~~~~
diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
@@ -754,7 +754,7 @@ def _designator_repl(self, match):
         except KeyError:
             return '%s%s'%(s1, s2)
 
-    def plain(self, escape=0, hyperlink=1):
+    def plain(self, escape=0, hyperlink=0):
         ''' Render a "plain" representation of the property
             
             "escape" turns on/off HTML quoting
@@ -766,8 +766,10 @@ def plain(self, escape=0, hyperlink=1):
         if escape:
             s = cgi.escape(str(self._value))
         else:
-            s = self._value
+            s = str(self._value)
         if hyperlink:
+            if not escape:
+                s = cgi.escape(s)
             s = self.url_re.sub(self._url_repl, s)
             s = self.email_re.sub(self._email_repl, s)
             s = self.designator_re.sub(self._designator_repl, s)
diff --git a/roundup/templates/classic/html/issue.item b/roundup/templates/classic/html/issue.item
@@ -140,7 +140,7 @@ python:db.user.classhelp('username,realname,address,phone')" /><br>
    </tr>
    <tr>
     <td colspan="4" class="content">
-     <pre tal:content="structure msg/content">content</pre>
+     <pre tal:content="msg/content">content</pre>
     </td>
    </tr>
   </tal:block>
diff --git a/test/test_cgi.py b/test/test_cgi.py
@@ -0,0 +1,206 @@
+#
+# Copyright (c) 2003 Richard Jones, rjones@ekit-inc.com
+# This module is free software, and you may redistribute it and/or modify
+# under the same terms as Python, so long as this copyright message and
+# disclaimer are retained in their original form.
+#
+# This module is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# $Id: test_cgi.py,v 1.4 2003-01-15 11:14:01 richard Exp $
+
+import unittest, os, shutil, errno, sys, difflib, cgi
+
+from roundup.cgi import client
+from roundup import init, instance, password
+
+def makeForm(args):
+    form = cgi.FieldStorage()
+    for k,v in args.items():
+        if type(v) is type([]):
+            [form.list.append(cgi.MiniFieldStorage(k, x)) for x in v]
+        else:
+            form.list.append(cgi.MiniFieldStorage(k, v))
+    return form
+
+class FormTestCase(unittest.TestCase):
+    def setUp(self):
+        self.dirname = '_test_cgi_form'
+        try:
+            shutil.rmtree(self.dirname)
+        except OSError, error:
+            if error.errno not in (errno.ENOENT, errno.ESRCH): raise
+        # create the instance
+        init.install(self.dirname, 'classic', 'anydbm')
+        init.initialise(self.dirname, 'sekrit')
+        # check we can load the package
+        self.instance = instance.open(self.dirname)
+        # and open the database
+        self.db = self.instance.open('admin')
+        self.db.user.create(username='Chef', address='chef@bork.bork.bork',
+            realname='Bork, Chef', roles='User')
+        self.db.user.create(username='mary', address='mary@test',
+            roles='User', realname='Contrary, Mary')
+
+    def tearDown(self):
+        self.db.close()
+        try:
+            shutil.rmtree(self.dirname)
+        except OSError, error:
+            if error.errno not in (errno.ENOENT, errno.ESRCH): raise
+
+    #
+    # Empty form
+    #
+    def testNothing(self):
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({})), {})
+
+    def testNothingWithRequired(self):
+        form = makeForm({':required': 'title'})
+        self.assertRaises(ValueError, client.parsePropsFromForm, self.db,
+            self.db.issue, form)
+
+    #
+    # String
+    #
+    def testEmptyString(self):
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'title': ''})), {})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'title': ' '})), {})
+        self.assertRaises(ValueError, client.parsePropsFromForm, self.db,
+            self.db.issue, makeForm({'title': ['', '']}))
+
+    def testSetString(self):
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'title': 'foo'})), {'title': 'foo'})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'title': 'a\r\nb\r\n'})), {'title': 'a\nb'})
+
+    def testEmptyStringSet(self):
+        nodeid = self.db.issue.create(title='foo')
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'title': ''}), nodeid), {'title': ''})
+        nodeid = self.db.issue.create(title='foo')
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'title': ' '}), nodeid), {'title': ''})
+
+    #
+    # Multilink
+    #
+    def testEmptyMultilink(self):
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'nosy': ''})), {})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'nosy': ' '})), {})
+
+    def testSetMultilink(self):
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'nosy': '1'})), {'nosy': ['1']})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'nosy': 'admin'})), {'nosy': ['1']})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'nosy': ['1','2']})), {'nosy': ['1','2']})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'nosy': '1,2'})), {'nosy': ['1','2']})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'nosy': 'admin,2'})), {'nosy': ['1','2']})
+
+    def testEmptyMultilinkSet(self):
+        nodeid = self.db.issue.create(nosy=['1','2'])
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'nosy': ''}), nodeid), {'nosy': []})
+        nodeid = self.db.issue.create(nosy=['1','2'])
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({'nosy': ' '}), nodeid), {'nosy': []})
+
+    def testInvalidMultilinkValue(self):
+# XXX This is not the current behaviour - should we enforce this?
+#        self.assertRaises(IndexError, client.parsePropsFromForm, self.db,
+#            self.db.issue, makeForm({'nosy': '4'}))
+        self.assertRaises(ValueError, client.parsePropsFromForm, self.db,
+            self.db.issue, makeForm({'nosy': 'frozzle'}))
+        self.assertRaises(ValueError, client.parsePropsFromForm, self.db,
+            self.db.issue, makeForm({'nosy': '1,frozzle'}))
+# XXX need a test for the TypeError (where the ML class doesn't define a key
+
+    def testMultilinkAdd(self):
+        nodeid = self.db.issue.create(nosy=['1'])
+        # do nothing
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({':add:nosy': ''}), nodeid), {})
+
+        # do something ;)
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({':add:nosy': '2'}), nodeid), {'nosy': ['1','2']})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({':add:nosy': '2,mary'}), nodeid), {'nosy': ['1','2','4']})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({':add:nosy': ['2','3']}), nodeid), {'nosy': ['1','2','3']})
+
+    def testMultilinkAddNew(self):
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({':add:nosy': ['2','3']})), {'nosy': ['2','3']})
+
+    def testMultilinkRemove(self):
+        nodeid = self.db.issue.create(nosy=['1','2'])
+        # do nothing
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({':remove:nosy': ''}), nodeid), {})
+
+        # do something ;)
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({':remove:nosy': '1'}), nodeid), {'nosy': ['2']})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({':remove:nosy': 'admin,2'}), nodeid), {'nosy': []})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.issue,
+            makeForm({':remove:nosy': ['1','2']}), nodeid), {'nosy': []})
+
+        # remove one that doesn't exist?
+        self.assertRaises(ValueError, client.parsePropsFromForm, self.db,
+            self.db.issue, makeForm({':remove:nosy': '4'}), nodeid)
+
+    #
+    # Password
+    #
+    def testEmptyPassword(self):
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.user,
+            makeForm({'password': ''})), {})
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.user,
+            makeForm({'password': ''})), {})
+        self.assertRaises(ValueError, client.parsePropsFromForm, self.db,
+            self.db.user, makeForm({'password': ['', '']}))
+        self.assertRaises(ValueError, client.parsePropsFromForm, self.db,
+            self.db.user, makeForm({'password': 'foo',
+            'password:confirm': ['', '']}))
+
+    def testSetPassword(self):
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.user,
+            makeForm({'password': 'foo', 'password:confirm': 'foo'})),
+            {'password': 'foo'})
+
+    def testSetPasswordConfirmBad(self):
+        self.assertRaises(ValueError, client.parsePropsFromForm, self.db,
+            self.db.user, makeForm({'password': 'foo'}))
+        self.assertRaises(ValueError, client.parsePropsFromForm, self.db,
+            self.db.user, makeForm({'password': 'foo',
+            'password:confirm': 'bar'}))
+
+    def testEmptyPasswordNOTSet(self):
+        nodeid = self.db.user.create(username='1', password=password.Password('foo'))
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.user,
+            makeForm({'password': ''}), nodeid), {})
+        nodeid = self.db.user.create(username='2', password=password.Password('foo'))
+        self.assertEqual(client.parsePropsFromForm(self.db, self.db.user,
+            makeForm({'password': '', 'password:confirm': ''}), nodeid), {})
+
+
+def suite():
+    l = [unittest.makeSuite(FormTestCase),
+    ]
+    return unittest.TestSuite(l)
+
+
+# vim: set filetype=python ts=4 sw=4 et si
