|
1 | | -# $Id: client.py,v 1.118 2003-06-09 23:17:23 richard Exp $ |
| 1 | +# $Id: client.py,v 1.119 2003-06-10 22:55:30 richard Exp $ |
2 | 2 |
|
3 | 3 | __doc__ = """ |
4 | 4 | WWW request handler (also used in the stand-alone server). |
@@ -68,6 +68,13 @@ def initialiseSecurity(security): |
68 | 68 | description="User may manipulate user Roles through the web") |
69 | 69 | security.addPermissionToRole('Admin', p) |
70 | 70 |
|
| 71 | +def clean_message(match, ok={'a':1,'i':1,'b':1,'br':1}): |
| 72 | + ''' Strip all non <a>,<i>,<b> and <br> tags from a string |
| 73 | + ''' |
| 74 | + if ok.has_key(match.group(2)): |
| 75 | + return match.group(1) |
| 76 | + return '<%s>'%match.group(2) |
| 77 | + |
71 | 78 | class Client: |
72 | 79 | ''' Instantiate to handle one CGI request. |
73 | 80 |
|
@@ -341,7 +348,8 @@ def determine_user(self): |
341 | 348 | # reopen the database as the correct user |
342 | 349 | self.opendb(self.user) |
343 | 350 |
|
344 | | - def determine_context(self, dre=re.compile(r'([^\d]+)(\d+)')): |
| 351 | + def determine_context(self, dre=re.compile(r'([^\d]+)(\d+)'), |
| 352 | + mc=re.compile(r'(</?(.*?)>)')): |
345 | 353 | ''' Determine the context of this page from the URL: |
346 | 354 |
|
347 | 355 | The URL path after the instance identifier is examined. The path |
@@ -389,8 +397,10 @@ def determine_context(self, dre=re.compile(r'([^\d]+)(\d+)')): |
389 | 397 | template_override = self.form[key].value |
390 | 398 | elif self.FV_OK_MESSAGE.match(key): |
391 | 399 | ok_message = self.form[key].value |
| 400 | + ok_message = mc.sub(clean_message, ok_message) |
392 | 401 | elif self.FV_ERROR_MESSAGE.match(key): |
393 | 402 | error_message = self.form[key].value |
| 403 | + error_message = mc.sub(clean_message, error_message) |
394 | 404 |
|
395 | 405 | # determine the classname and possibly nodeid |
396 | 406 | path = self.path.split('/') |
|
0 commit comments