Browse files

Changed tomster's support for statusmessages without a redirect to us…

…e annotations instead of direct values on the request, so we avoid the possibility of sneaking those in via query strings.

svn path=/statusmessages/trunk/; revision=39590
  • Loading branch information...
hannosch committed Mar 22, 2007
1 parent d6afedd commit 0036cc1c4d172a75183dc23d574530c737ab0e1c
@@ -2,6 +2,7 @@
from pickle import dumps, loads
import sys
from zope.annotation.interfaces import IAnnotations
from zope.i18n import translate
from zope.interface import implements
@@ -31,24 +32,25 @@ def addStatusMessage(self, text, type=''):
"""Add a status message.
text = translate(text, context=self.context)
old = self.context.get(STATUSMESSAGEKEY, self.context.cookies.get(STATUSMESSAGEKEY))
annotations = IAnnotations(self.context)
old = annotations.get(STATUSMESSAGEKEY, self.context.cookies.get(STATUSMESSAGEKEY))
value = _encodeCookieValue(text, type, old=old)
self.context.RESPONSE.setCookie(STATUSMESSAGEKEY, value, path='/')
self.context.set(STATUSMESSAGEKEY, value)
annotations[STATUSMESSAGEKEY] = value
def showStatusMessages(self):
"""Removes all status messages and returns them for display.
value = self.context.get(STATUSMESSAGEKEY, self.context.cookies.get(STATUSMESSAGEKEY))
annotations = IAnnotations(self.context)
value = annotations.get(STATUSMESSAGEKEY, self.context.cookies.get(STATUSMESSAGEKEY))
if value is None:
return []
value = _decodeCookieValue(value)
# clear the existing cookie entries
if self.context.cookies.has_key(STATUSMESSAGEKEY):
self.context.cookies[STATUSMESSAGEKEY] = None
self.context.cookies[STATUSMESSAGEKEY] = None
self.context.RESPONSE.expireCookie(STATUSMESSAGEKEY, path='/')
if self.context.has_key(STATUSMESSAGEKEY):
self.context.set(STATUSMESSAGEKEY, None)
annotations[STATUSMESSAGEKEY] = None
return value
def _encodeCookieValue(text, type, old=None):
@@ -6,4 +6,6 @@
<include package="zope.annotation" />
@@ -33,6 +33,12 @@ def test_directives():
>>> IStatusMessage.providedBy(status)
We also need the request to be annotatable:
>>> from zope.interface import directlyProvides
>>> from zope.annotation.interfaces import IAttributeAnnotatable
>>> directlyProvides(, IAttributeAnnotatable)
The dummy request we have is a bit limited, so we need a simple method
to fake a real request/response for the cookie handling. Basically it
puts all entries from RESPONSE.cookies into REQUEST.cookies but shifts

0 comments on commit 0036cc1

Please sign in to comment.