[Python-checkins] r54579 - in tracker/instances/python-dev: detectors/no_texthtml.py html/file.item.html
erik.forsberg
python-checkins at python.org
Mon Mar 26 20:55:42 CEST 2007
Author: erik.forsberg
Date: Mon Mar 26 20:55:38 2007
New Revision: 54579
Added:
tracker/instances/python-dev/detectors/no_texthtml.py
Modified:
tracker/instances/python-dev/html/file.item.html
Log:
Audit file instances and set content type to text/plain if user
submitted text/html. Mention this on file editing page.
Resolves http://psf.upfronthosting.co.za/roundup/meta/issue109.
Added: tracker/instances/python-dev/detectors/no_texthtml.py
==============================================================================
--- (empty file)
+++ tracker/instances/python-dev/detectors/no_texthtml.py Mon Mar 26 20:55:38 2007
@@ -0,0 +1,9 @@
+
+def audit_html_files(db, cl, nodeid, newvalues):
+ if newvalues['type'] == 'text/html':
+ newvalues['type'] = 'text/plain'
+
+
+def init(db):
+ db.file.audit('set', audit_html_files)
+ db.file.audit('create', audit_html_files)
Modified: tracker/instances/python-dev/html/file.item.html
==============================================================================
--- tracker/instances/python-dev/html/file.item.html (original)
+++ tracker/instances/python-dev/html/file.item.html Mon Mar 26 20:55:38 2007
@@ -25,7 +25,9 @@
</tr>
<tr>
<th i18n:translate="">Content Type</th>
- <td tal:content="structure context/type/field"></td>
+ <td tal:content="structure context/type/field"/>
+ <td style="border: none" tal:condition="python: context.is_edit_ok()">Please note that
+ for security reasons, it's not permitted to set content type to <i>text/html</i>.</td>
</tr>
<tr>
More information about the Python-checkins
mailing list