From 44832c681b0c8ee614f92a6e623c27a8cf538b4b Mon Sep 17 00:00:00 2001 From: Oleg Broytman Date: Tue, 18 Jun 2024 18:50:59 +0300 Subject: [PATCH] Refactor(web): Use `#filter WebSafe` instead of `cgi.escape` [skip ci] --- TODO | 3 -- m_librarian/web/views/list_authors.py | 43 ++++++++++++++----------- m_librarian/web/views/list_authors.tmpl | 7 ++-- m_librarian/web/views/list_books.py | 42 ++++++++++++++---------- m_librarian/web/views/list_books.tmpl | 9 +++--- 5 files changed, 59 insertions(+), 45 deletions(-) diff --git a/TODO b/TODO index f586739..ddfc80b 100644 --- a/TODO +++ b/TODO @@ -1,9 +1,6 @@ Next release ------------ -Get rid of ``import cgi``. - - List of authors, list of books - do not select when clicking on column/row titles. diff --git a/m_librarian/web/views/list_authors.py b/m_librarian/web/views/list_authors.py index 41fab34..dca1c40 100644 --- a/m_librarian/web/views/list_authors.py +++ b/m_librarian/web/views/list_authors.py @@ -25,7 +25,6 @@ from Cheetah.CacheRegion import CacheRegion import Cheetah.Filters as Filters import Cheetah.ErrorCatchers as ErrorCatchers from Cheetah.compat import unicode -import cgi from m_librarian.translations import translations from views.layout import layout from views.search_authors_form import search_authors_form @@ -36,12 +35,12 @@ VFFSL=valueFromFrameOrSearchList VFSL=valueFromSearchList VFN=valueForName currentTime=time.time -__CHEETAH_version__ = '3.1.0' -__CHEETAH_versionTuple__ = (3, 1, 0, 'final', 1) -__CHEETAH_genTime__ = 1528718535.495412 -__CHEETAH_genTimestamp__ = 'Mon Jun 11 15:02:15 2018' +__CHEETAH_version__ = '3.3.1' +__CHEETAH_versionTuple__ = (3, 3, 1, 'final', 0) +__CHEETAH_genTime__ = 1718725815.054143 +__CHEETAH_genTimestamp__ = 'Tue Jun 18 18:50:15 2024' __CHEETAH_src__ = 'list_authors.tmpl' -__CHEETAH_srcLastModified__ = 'Mon Jun 11 15:02:07 2018' +__CHEETAH_srcLastModified__ = 'Tue Jun 18 18:50:12 2024' __CHEETAH_docstring__ = 'Autogenerated by Cheetah: The Python-Powered Template Engine' if __CHEETAH_versionTuple__ < RequiredCheetahVersionTuple: @@ -74,7 +73,7 @@ class list_authors(layout): - ## CHEETAH: generated from #def body at line 6, col 1. + ## CHEETAH: generated from #def body at line 5, col 1. trans = KWS.get("trans") if (not trans and not self._CHEETAH__isBuffering and not callable(self.transaction)): trans = self.transaction # is None unless self.awake() was called @@ -91,17 +90,24 @@ class list_authors(layout): write(u'''

\u041f\u043e\u0438\u0441\u043a \u0430\u0432\u0442\u043e\u0440\u043e\u0432

''') - _v = VFFSL(SL,"search_authors_form",False)(searchList=VFFSL(SL,"searchList",True)) # u'$search_authors_form(searchList=$searchList)' on line 9, col 1 - if _v is not None: write(_filter(_v, rawExpr=u'$search_authors_form(searchList=$searchList)')) # from line 9, col 1. + _v = VFFSL(SL,"search_authors_form",False)(searchList=VFFSL(SL,"searchList",True)) # u'$search_authors_form(searchList=$searchList)' on line 8, col 1 + if _v is not None: write(_filter(_v, rawExpr=u'$search_authors_form(searchList=$searchList)')) # from line 8, col 1. write(u'''

''') - _v = VFFSL(SL,"title",True) # u'$title' on line 11, col 5 - if _v is not None: write(_filter(_v, rawExpr=u'$title')) # from line 11, col 5. + _v = VFFSL(SL,"title",True) # u'$title' on line 10, col 5 + if _v is not None: write(_filter(_v, rawExpr=u'$title')) # from line 10, col 5. write(u'''

''') - if VFFSL(SL,"authors",True): # generated from line 13, col 1 + if VFFSL(SL,"authors",True): # generated from line 12, col 1 + _orig_filter_63533534 = _filter + filterName = u'WebSafe' + if "WebSafe" in self._CHEETAH__filters: + _filter = self._CHEETAH__currentFilter = self._CHEETAH__filters[filterName] + else: + _filter = self._CHEETAH__currentFilter = \ + self._CHEETAH__filters[filterName] = getattr(self._CHEETAH__filtersLib, filterName)(self).filter write(u''' ''') @@ -112,8 +118,8 @@ class list_authors(layout): write(u''' ''') write(u''' @@ -134,8 +140,8 @@ class list_authors(layout): if _v is not None: write(_filter(_v, rawExpr=u'$author.id')) # from line 29, col 41. write(u'''/"> ''') - _v = VFN(VFFSL(SL,"cgi",True),"escape",False)(unicode(VFFSL(SL,"getattr",False)(VFFSL(SL,"author",True), VFFSL(SL,"column",True)) or '')) # u"$cgi.escape(unicode($getattr($author, $column) or ''))" on line 30, col 5 - if _v is not None: write(_filter(_v, rawExpr=u"$cgi.escape(unicode($getattr($author, $column) or ''))")) # from line 30, col 5. + _v = VFFSL(SL,"unicode",False)(VFFSL(SL,"getattr",False)(VFFSL(SL,"author",True), VFFSL(SL,"column",True)) or '') # u"$unicode($getattr($author, $column) or '')" on line 30, col 5 + if _v is not None: write(_filter(_v, rawExpr=u"$unicode($getattr($author, $column) or '')")) # from line 30, col 5. write(u''' ''') @@ -143,7 +149,8 @@ class list_authors(layout): ''') write(u'''
''') if False: _(VFFSL(SL,"column",True)) - _v = VFN(VFFSL(SL,"cgi",True),"escape",False)(VFFSL(SL,"_",False)(VFFSL(SL,"column",True))) # u'$cgi.escape($_($column))' on line 18, col 36 - if _v is not None: write(_filter(_v, rawExpr=u'$cgi.escape($_($column))')) # from line 18, col 36. + _v = VFFSL(SL,"_",False)(VFFSL(SL,"column",True)) # u'$_($column)' on line 18, col 36 + if _v is not None: write(_filter(_v, rawExpr=u'$_($column)')) # from line 18, col 36. write(u'''
''') - else: # generated from line 36, col 1 + _filter = self._CHEETAH__currentFilter = _orig_filter_63533534 + else: # generated from line 37, col 1 write(u'''

\u041d\u0435 \u043d\u0430\u0439\u0434\u0435\u043d\u043e \u043d\u0438 \u043e\u0434\u043d\u043e\u0433\u043e \u0430\u0432\u0442\u043e\u0440\u0430!

''') @@ -211,7 +218,7 @@ if not hasattr(list_authors, '_initCheetahAttributes'): # CHEETAH was developed by Tavis Rudd and Mike Orr # with code, advice and input from many other volunteers. -# For more information visit http://cheetahtemplate.org/ +# For more information visit https://cheetahtemplate.org/ ################################################## ## if run from command line: diff --git a/m_librarian/web/views/list_authors.tmpl b/m_librarian/web/views/list_authors.tmpl index bdfd9fd..a364eba 100644 --- a/m_librarian/web/views/list_authors.tmpl +++ b/m_librarian/web/views/list_authors.tmpl @@ -1,5 +1,4 @@ #encoding utf-8 -#import cgi #from m_librarian.translations import translations #extends views.layout #attr $title = 'Список авторов' @@ -11,11 +10,12 @@ $search_authors_form(searchList=$searchList)

$title

#if $authors +#filter WebSafe #set $_ = $getattr($translations, 'ugettext', None) or $translations.gettext #for $column in $columns - + #end for #for $author in $authors @@ -27,12 +27,13 @@ $search_authors_form(searchList=$searchList) #set $style = '' #end if - $cgi.escape(unicode($getattr($author, $column) or '')) + $unicode($getattr($author, $column) or '') #end for #end for
$cgi.escape($_($column))$_($column)
+#end filter WebSafe #else

Не найдено ни одного автора!

#end if diff --git a/m_librarian/web/views/list_books.py b/m_librarian/web/views/list_books.py index 346f125..7a327ed 100644 --- a/m_librarian/web/views/list_books.py +++ b/m_librarian/web/views/list_books.py @@ -25,7 +25,6 @@ from Cheetah.CacheRegion import CacheRegion import Cheetah.Filters as Filters import Cheetah.ErrorCatchers as ErrorCatchers from Cheetah.compat import unicode -import cgi from m_librarian.translations import translations from views.layout import layout @@ -35,12 +34,12 @@ VFFSL=valueFromFrameOrSearchList VFSL=valueFromSearchList VFN=valueForName currentTime=time.time -__CHEETAH_version__ = '3.2.6' -__CHEETAH_versionTuple__ = (3, 2, 6, 'final', 0) -__CHEETAH_genTime__ = 1671305495.844598 -__CHEETAH_genTimestamp__ = 'Sat Dec 17 22:31:35 2022' +__CHEETAH_version__ = '3.3.1' +__CHEETAH_versionTuple__ = (3, 3, 1, 'final', 0) +__CHEETAH_genTime__ = 1718725757.733093 +__CHEETAH_genTimestamp__ = 'Tue Jun 18 18:49:17 2024' __CHEETAH_src__ = 'list_books.tmpl' -__CHEETAH_srcLastModified__ = 'Sat Dec 17 22:31:33 2022' +__CHEETAH_srcLastModified__ = 'Tue Jun 18 18:49:15 2024' __CHEETAH_docstring__ = 'Autogenerated by Cheetah: The Python-Powered Template Engine' if __CHEETAH_versionTuple__ < RequiredCheetahVersionTuple: @@ -73,7 +72,7 @@ class list_books(layout): - ## CHEETAH: generated from #def body at line 6, col 1. + ## CHEETAH: generated from #def body at line 5, col 1. trans = KWS.get("trans") if (not trans and not self._CHEETAH__isBuffering and not callable(self.transaction)): trans = self.transaction # is None unless self.awake() was called @@ -89,8 +88,8 @@ class list_books(layout): ## START - generated method body write(u'''

''') - _v = VFFSL(SL,"title",True) # u'$title' on line 7, col 5 - if _v is not None: write(_filter(_v, rawExpr=u'$title')) # from line 7, col 5. + _v = VFFSL(SL,"title",True) # u'$title' on line 6, col 5 + if _v is not None: write(_filter(_v, rawExpr=u'$title')) # from line 6, col 5. write(u'''

''') - if VFFSL(SL,"books_by_author",True): # generated from line 32, col 1 + if VFFSL(SL,"books_by_author",True): # generated from line 31, col 1 + _orig_filter_17563757 = _filter + filterName = u'WebSafe' + if "WebSafe" in self._CHEETAH__filters: + _filter = self._CHEETAH__currentFilter = self._CHEETAH__filters[filterName] + else: + _filter = self._CHEETAH__currentFilter = \ + self._CHEETAH__filters[filterName] = getattr(self._CHEETAH__filtersLib, filterName)(self).filter write(u'''
@@ -131,8 +137,8 @@ function toggleSeries(name, value) { write(u''' ''') write(u''' @@ -180,8 +186,9 @@ function toggleSeries(name, value) { write(u''' \u2014 ''') if VFFSL(SL,"book.series",True): # generated from line 62, col 3 - _v = VFN(VFFSL(SL,"cgi",True),"escape",False)(VFFSL(SL,"series",True), 1) # u'$cgi.escape($series, 1)' on line 63, col 1 - if _v is not None: write(_filter(_v, rawExpr=u'$cgi.escape($series, 1)')) # from line 63, col 1. + _v = VFFSL(SL,"series",True) # u'$series' on line 63, col 1 + if _v is not None: write(_filter(_v, rawExpr=u'$series')) # from line 63, col 1. + write(u''', 1''') else: # generated from line 64, col 3 write(u'''\u0412\u043d\u0435 \u0441\u0435\u0440\u0438\u0439''') write(u''' @@ -208,8 +215,8 @@ function toggleSeries(name, value) { _v = VFFSL(SL,"style",True) # u'$style' on line 78, col 6 if _v is not None: write(_filter(_v, rawExpr=u'$style')) # from line 78, col 6. write(u'''>''') - _v = VFN(VFFSL(SL,"cgi",True),"escape",False)(unicode(VFFSL(SL,"getattr",False)(VFFSL(SL,"book",True), VFFSL(SL,"column",True)) or '')) # u"$cgi.escape(unicode($getattr($book, $column) or ''))" on line 78, col 13 - if _v is not None: write(_filter(_v, rawExpr=u"$cgi.escape(unicode($getattr($book, $column) or ''))")) # from line 78, col 13. + _v = VFFSL(SL,"unicode",False)(VFFSL(SL,"getattr",False)(VFFSL(SL,"book",True), VFFSL(SL,"column",True)) or '') # u"$unicode($getattr($book, $column) or '')" on line 78, col 13 + if _v is not None: write(_filter(_v, rawExpr=u"$unicode($getattr($book, $column) or '')")) # from line 78, col 13. write(u''' ''') write(u''' @@ -223,7 +230,8 @@ function toggleSeries(name, value) {
''') if False: _(VFFSL(SL,"column",True)) - _v = VFN(VFFSL(SL,"cgi",True),"escape",False)(VFFSL(SL,"_",False)(VFFSL(SL,"column",True))) # u'$cgi.escape($_($column))' on line 40, col 36 - if _v is not None: write(_filter(_v, rawExpr=u'$cgi.escape($_($column))')) # from line 40, col 36. + _v = VFFSL(SL,"_",False)(VFFSL(SL,"column",True)) # u'$_($column)' on line 40, col 36 + if _v is not None: write(_filter(_v, rawExpr=u'$_($column)')) # from line 40, col 36. write(u'''
''') - else: # generated from line 88, col 1 + _filter = self._CHEETAH__currentFilter = _orig_filter_17563757 + else: # generated from line 89, col 1 write(u'''

\u041d\u0435 \u043d\u0430\u0439\u0434\u0435\u043d\u043e \u043d\u0438 \u043e\u0434\u043d\u043e\u0439 \u043a\u043d\u0438\u0433\u0438!

''') diff --git a/m_librarian/web/views/list_books.tmpl b/m_librarian/web/views/list_books.tmpl index 3fa406a..3127fec 100644 --- a/m_librarian/web/views/list_books.tmpl +++ b/m_librarian/web/views/list_books.tmpl @@ -1,5 +1,4 @@ #encoding utf-8 -#import cgi #from m_librarian.translations import translations #extends views.layout #attr $title = 'Список книг' @@ -30,6 +29,7 @@ function toggleSeries(name, value) { #if $books_by_author +#filter WebSafe
@@ -37,7 +37,7 @@ function toggleSeries(name, value) { onClick="toggleAll(this.checked)"> #set $_ = $getattr($translations, 'ugettext', None) or $translations.gettext #for $column in $columns - + #end for #set $columns1 = $len($columns)+1 @@ -60,7 +60,7 @@ function toggleSeries(name, value) { + $unicode($getattr($book, $column) or '') #end for #end for @@ -85,6 +85,7 @@ $cgi.escape($series, 1)#slurp
$cgi.escape($_($column))$_($column)
$author — #if $book.series -$cgi.escape($series, 1)#slurp +$series, 1#slurp #else Вне серий#slurp #end if @@ -75,7 +75,7 @@ $cgi.escape($series, 1)#slurp #else #set $style = '' #end if - $cgi.escape(unicode($getattr($book, $column) or ''))
+#end filter WebSafe #else

Не найдено ни одной книги!

#end if -- 2.39.5