issue2551136 - timezone extention crash on Python 3.8.

cgi.escape is used in some template to provide a select box of
timezones. It uses cgi.escape that is depricated and removed from 3.8
and newer. Use html.escape with fallback to cgi.escape.

Author: rouilj

CHANGES.txt

@@ -106,6 +106,10 @@ Fixed:
 - issue2550648 - keyword boolean search. Issue has multiple problems.
   Fix issue where saving the keyword boolean search would remove the
   link to open the editor.
+- issue2551136 - timezone extention crash on Python 3.8. cgi.escape
+  is used in some template to provide a select box of timezones. It
+  uses cgi.escape that is depricated and removed from 3.8 and newer.
+  Use html.escape with fallback to cgi.escape. (Cedric Krier)
 
 Features:
 - issue2550522 - Add 'filter' command to command-line

doc/upgrading.txt

@@ -73,6 +73,33 @@ property error. Now it stops after reporting the incorrect property.
 If run non-interactively, it exits with status 1. It can now be
 used in a startup script to detect permission errors.
 
+Futureproof devel and responsive timezone selection extension
+-------------------------------------------------------------
+
+The devel and responsive (derived from devel) templates use a select
+control to list all available timezones when pytz is used. It
+sanitizes the data using cgi.escape. Cgi.escape is deprecated and
+removed in newer pythons. Change your ``extensions/timezone.py``
+file by applying the following patch manually::
+
+
+    -import cgi
+    +try:
+    +    from html import escape
+    +except ImportError:
+    +    from cgi import escape
+
+     try:
+	 import pytz
+    @@ -25,7 +28,7 @@
+		 s = ' '
+		 if zone == value:
+		     s = 'selected=selected '
+    -            z = cgi.escape(zone)
+    +            z = escape(zone)
+
+See https://issues.roundup-tracker.org/issue2551136 for more details.
+
 .. index:: Upgrading; 1.6.x to 2.0.0
 
 Migrating from 1.6.X to 2.0.0

share/roundup/templates/devel/extensions/timezone.py

@@ -1,7 +1,10 @@
 # Utility for replacing the simple input field for the timezone with
 # a select-field that lists the available values.
 
-import cgi
+try:
+    from html import escape
+except ImportError:
+    from cgi import escape
 
 try:
     import pytz
@@ -25,7 +28,7 @@ def tzfield(prop, name, default):
             s = ' '
             if zone == value:
                 s = 'selected=selected '
-            z = cgi.escape(zone)
+            z = escape(zone)
             l.append('<option %svalue="%s">%s</option>' % (s, z, z))
         l.append('</select>')
         return '\n'.join(l)

share/roundup/templates/responsive/extensions/timezone.py

@@ -1,7 +1,10 @@
 # Utility for replacing the simple input field for the timezone with
 # a select-field that lists the available values.
 
-import cgi
+try:
+    from html import escape
+except ImportError:
+    from cgi import escape
 
 try:
     import pytz
@@ -25,7 +28,7 @@ def tzfield(prop, name, default):
             s = ' '
             if zone == value:
                 s = 'selected=selected '
-            z = cgi.escape(zone)
+            z = escape(zone)
             l.append('<option %svalue="%s">%s</option>' % (s, z, z))
         l.append('</select>')
         return '\n'.join(l)