Consolidate formatter functions, add a semitrusted function which keeps...

Consolidate formatter functions, add a semitrusted function which keeps newlines make it available to the templates

Consolidate formatter functions, add a semitrusted function which keeps...
Consolidate formatter functions, add a semitrusted function which keeps newlines make it available to the templates
9568f367 · Arno Töll · a46022f9 · 9568f367 · 9568f367 · 9568f367
Commit 9568f367 authored Sep 14, 2011 by Arno Töll
--- a/debexpo/config/environment.py
+++ b/debexpo/config/environment.py
@@ -89,7 +89,7 @@ def load_environment(global_conf, app_conf):
        error_handler=handle_mako_error,
        module_directory=os.path.join(app_conf['cache_dir'], 'templates'),
        input_encoding='utf-8', default_filters=['escape'],
-        imports=['from webhelpers.html import escape'])
+        imports=['from webhelpers.html import escape', 'from debexpo.lib.filters import semitrusted'])
    # CONFIGURATION OPTIONS HERE (note: all config options will override
    # any Pylons config options)

--- a/debexpo/lib/filters.py
+++ b/debexpo/lib/filters.py
+# -*- coding: utf-8 -*-
+#
+#   filter.py — Output filters for the template engine
+#
+#   This file is part of debexpo - http://debexpo.workaround.org
+#
+#   Copyright © 2011 Arno Töll <debian@toell.net>
+#
+#   Permission is hereby granted, free of charge, to any person
+#   obtaining a copy of this software and associated documentation
+#   files (the "Software"), to deal in the Software without
+#   restriction, including without limitation the rights to use,
+#   copy, modify, merge, publish, distribute, sublicense, and/or sell
+#   copies of the Software, and to permit persons to whom the
+#   Software is furnished to do so, subject to the following
+#   conditions:
+#
+#   The above copyright notice and this permission notice shall be
+#   included in all copies or substantial portions of the Software.
+#
+#   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+#   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+#   OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+#   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+#   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+#   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+#   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+#   OTHER DEALINGS IN THE SOFTWARE.
+"""
+Holds various output filters which can be applied to templates
+"""
+__author__ = 'Arno Töll'
+__copyright__ = 'Copyright © 2011 Arno Töll'
+__license__ = 'MIT'
+import cgi
+def semitrusted(input_filter):
+    """
+    This filter filters all input, but keeps formatting, e.g. newlines
+    ``input_filter`` The data to be filtered
+    """
+    escaped_filter = cgi.escape(input_filter, True)
+    escaped_filter = escaped_filter.replace('\n', '<br />')
+    return escaped_filter
--- a/debexpo/model/packages.py
+++ b/debexpo/model/packages.py
@@ -55,11 +55,8 @@ t_packages = sa.Table('packages', meta.metadata,
 class Package(OrmObject):
    foreign = ['user']
-    def get_description_nl2br(self):
+    def get_description(self):
-        s = self.description
+        return self.description
-        s = s.replace('<', '&lt;')
-        s = s.replace('\n', '<br />')
-        return s
 orm.mapper(Package, t_packages, properties={
    'user' : orm.relation(User, backref='packages')

--- a/debexpo/model/sponsor_metrics.py
+++ b/debexpo/model/sponsor_metrics.py
@@ -110,18 +110,7 @@ class SponsorMetrics(OrmObject):
        Return a formatted and sanitized string of the guidelines the sponsor
        configured
        """
+        return self.guidelines_text
-        if self.guidelines == constants.SPONSOR_GUIDELINES_TYPE_TEXT:
-            s = self.guidelines_text
-            s = s.replace('<', '&lt;')
-            s = s.replace('>', '&gt;')
-            s = s.replace('\n', '<br />')
-            return s
-        elif self.guidelines == constants.SPONSOR_GUIDELINES_TYPE_URL:
-            return "<a href=\"%s\">%s</a>" % (self.guidelines_text, self.guidelines_text)
-        else:
-            return ""
    def get_types(self):
        """
@@ -130,11 +119,7 @@ class SponsorMetrics(OrmObject):
        """
        if self.types:
-            s = self.types
+            return self.types
-            s = s.replace('<', '&lt;')
-            s = s.replace('>', '&gt;')
-            s = s.replace('\n', '<br />')
-            return s
        return ""
    def get_social_requirements(self):
@@ -144,11 +129,7 @@ class SponsorMetrics(OrmObject):
        """
        if self.social_requirements:
-            s = self.social_requirements
+            return self.social_requirements
-            s = s.replace('<', '&lt;')
-            s = s.replace('>', '&gt;')
-            s = s.replace('\n', '<br />')
-            return s
        else:
            return ""

--- a/debexpo/templates/error.mako
+++ b/debexpo/templates/error.mako
@@ -30,6 +30,6 @@
 <p>
    ${ _('''If you have questions feel free to contact us
        at <a href="mailto:%s">%s</a>.'''
-        % (config['debexpo.email'], config['debexpo.email'])) }
+        % (config['debexpo.email'], config['debexpo.email'])) | n}
 </p>
 </div>
--- a/debexpo/templates/package/index.mako
+++ b/debexpo/templates/package/index.mako
@@ -24,7 +24,7 @@
  <tr>
    <th>${ _('Description') }:</th>
-    <td>${ c.package.get_description_nl2br() | n }</td>
+    <td>${ c.package.get_description() | semitrusted}</td>
  </tr>
 % if 'user_id' in c.session:

--- a/debexpo/templates/packages/list.mako
+++ b/debexpo/templates/packages/list.mako
@@ -19,7 +19,7 @@
                % for package in packagegroup.packages:
                      <tr class="pkg-list">
                        <td class="lines"><a href="${ h.url('package', packagename=package.name) }">${ package.name }</a></td>
-                        <td class="lines">${ package.get_description_nl2br() | n }</td>
+                        <td class="lines">${ package.get_description() | n,semitrusted }</td>
                        <td class="lines">${ package.package_versions[-1].version }</td>
                        <td class="lines"><a href="${ h.url('packages-uploader', id=package.user.email) }">${ package.user.name }</a></td>
                        <td class="lines">

--- a/debexpo/templates/sponsor/index.mako
+++ b/debexpo/templates/sponsor/index.mako
 # -*- coding: utf-8 -*-
 <%inherit file="/base.mako"/>
 ${ c.custom_html }
 <h1>The sponsoring process</h1>
@@ -106,6 +105,10 @@ To help you finding a sponsor interested in your package, they can formulate spo
        else:
            return ""
+    def put_s(name):
+        if name[-1] != 's':
+            return 's'
    sponsors_found = False
 %>
 % for sponsor in c.sponsors:
@@ -134,7 +137,7 @@ To help you finding a sponsor interested in your package, they can formulate spo
            % endif
            </ul>
            <strong>Personal interests</strong>
-            <p>${ sponsor.get_types() | n}</p>
+            <p>${ sponsor.get_types() | n,semitrusted}</p>
        </td>
        <td>
            <ul>
@@ -146,7 +149,13 @@ To help you finding a sponsor interested in your package, they can formulate spo
                % endif
            % endfor
            </ul>
-            <p>${ sponsor.get_guidelines() | n}</p>
+            <p>
+            % if sponsor.guidelines == c.constants.SPONSOR_GUIDELINES_TYPE_URL:
+                <a href="${ sponsor.get_guidelines()}">${ sponsor.user.name  }'${ put_s(sponsor.user.name) } personal guidelines</a>
+            % else:
+                ${ sponsor.get_guidelines() | semitrusted}
+            % endif
+            </p>
        </td>
        <td>
            <ul>
@@ -158,7 +167,7 @@ To help you finding a sponsor interested in your package, they can formulate spo
                % endif
            % endfor
            </ul>
-            ${ sponsor.get_social_requirements() | n}
+            ${ sponsor.get_social_requirements() | n,semitrusted}
        </td>
    </tr>
 % endfor