replace cgi.escape with html.escape

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2005-2019 shinGETsu Project.
+Copyright (c) 2005-2020 shinGETsu Project.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

shingetsu/admin_cgi.py

@@ -1,7 +1,7 @@
 """Saku Admin CGI methods.
 """
 #
-# Copyright (c) 2005-2014 shinGETsu Project.
+# Copyright (c) 2005-2020 shinGETsu Project.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -26,6 +26,7 @@
 # SUCH DAMAGE.
 #
 
+import html
 import os
 import cgi
 import re
@@ -128,7 +129,7 @@ def print_delete_record(self, datfile, records):
         recs = [Record(datfile=datfile, idstr=r) for r in records]
         def getbody(rec):
             rec.load_body()
-            recstr = cgi.escape(rec.recstr)
+            recstr = html.escape(rec.recstr)
             rec.free()
             return recstr
         var = {
@@ -202,7 +203,7 @@ def getcontents(cache):
             contents = []
             for rec in cache:
                 rec.load_body()
-                contents.append(cgi.escape(rec.recstr))
+                contents.append(html.escape(rec.recstr))
                 rec.free()
                 if (len(contents) > 2):
                     return contents
@@ -230,13 +231,13 @@ def print_search_form(self, query=''):
         self.stdout.write(self.template('search_form', var))
 
     def print_search_result(self, query):
-        str_query = cgi.escape(query, True)
+        str_query = html.escape(query, True)
         title = '%s : %s' % (self.message['search'], str_query)
         self.header(title, deny_robot=True)
         self.print_paragraph(self.message['desc_search'])
         self.print_search_form(str_query)
         try:
-            query = re.compile(cgi.escape(query), re.I)
+            query = re.compile(html.escape(query), re.I)
             cachelist = CacheList()
             result = cachelist.search(query)
             for i in cachelist:
@@ -297,7 +298,7 @@ def print_status(self):
     def print_edittag(self, datfile):
         str_title = self.file_decode(datfile)
         cache = Cache(datfile)
-        datfile = cgi.escape(datfile)
+        datfile = html.escape(datfile)
         if not cache.exists():
             print404()
             return

shingetsu/gateway.py

@@ -1,7 +1,7 @@
 """Saku Gateway base module.
 """
 #
-# Copyright (c) 2005-2018 shinGETsu Project.
+# Copyright (c) 2005-2020 shinGETsu Project.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -26,6 +26,7 @@
 # SUCH DAMAGE.
 #
 
+import html
 import cgi
 import os
 import re
@@ -165,7 +166,7 @@ def __init__(self,
             'str_encode': self.str_encode,
             'file_decode': self.file_decode,
             'escape': self.escape,
-            'escape_simple': lambda s: cgi.escape(s, True),
+            'escape_simple': lambda s: html.escape(s, True),
             'escape_space': self.escape_space,
             'escape_js': self.escape_js,
             'make_list_item': self.make_list_item,

shingetsu/gateway_cgi.py

@@ -1,7 +1,7 @@
 """Gateway CGI methods.
 """
 #
-# Copyright (c) 2005-2015 shinGETsu Project.
+# Copyright (c) 2005-2020 shinGETsu Project.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -26,6 +26,7 @@
 # SUCH DAMAGE.
 #
 
+import html
 import re
 import cgi
 import csv
@@ -52,10 +53,10 @@ def run(self):
             tag = self.form.getfirst('tag', '')
             if filter:
                 self.filter = filter.lower()
-                self.str_filter = cgi.escape(filter, True)
+                self.str_filter = html.escape(filter, True)
             elif tag:
                 self.tag = tag.lower()
-                self.str_tag = cgi.escape(tag, True)
+                self.str_tag = html.escape(tag, True)
         except (re.error, UnicodeDecodeError):
             self.header(self.message['regexp_error'], deny_robot=True)
             self.footer()
@@ -367,7 +368,7 @@ def print_recent_rss(self):
                 date = cache.recent_stamp,
                 title = title,
                 subject = tags,
-                content = cgi.escape(title))
+                content = html.escape(title))
 
         self.stdout.write('Content-Type: text/xml; charset=UTF-8\n')
         try:

shingetsu/rss.py

@@ -1,7 +1,7 @@
 """Data structure of RSS and useful functions.
 """
 #
-# Copyright (c) 2005-2014 shinGETsu Project.
+# Copyright (c) 2005-2020 shinGETsu Project.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -26,6 +26,7 @@
 # SUCH DAMAGE.
 #
 
+import html
 import re
 import cgi
 
@@ -134,6 +135,6 @@ def w3cdate(date):
         'rss': rss,
         'feed': [rss[uri] for uri in rss],
         'w3cdate': w3cdate,
-        'escape': cgi.escape,
+        'escape': html.escape,
     }
     return Template().display('rss1', var)

shingetsu/thread_cgi.py

@@ -1,7 +1,7 @@
 '''Saku Thread CGI methods.
 '''
 #
-# Copyright (c) 2005-2019 shinGETsu Project.
+# Copyright (c) 2005-2020 shinGETsu Project.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -27,6 +27,7 @@
 #
 
 import cgi
+import html
 import mimetypes
 import re
 import time
@@ -189,7 +190,7 @@ def print_thread(self, path, id='', page=0):
                 printed = True
             rec.free()
         self.stdout.write("</dl>\n")
-        escaped_path = cgi.escape(path)
+        escaped_path = html.escape(path)
         escaped_path = re.sub(r'  ', '&nbsp;&nbsp;', escaped_path)
         var = {
             'cache': cache,