From cfd17a2e71d5c66e2a94123b2e189d06125f637d Mon Sep 17 00:00:00 2001 From: Satoshi Fukutomi Date: Wed, 22 Jan 2020 12:16:06 +0900 Subject: [PATCH] replace cgi.escape with html.escape --- LICENSE | 2 +- shingetsu/admin_cgi.py | 13 +++++++------ shingetsu/gateway.py | 5 +++-- shingetsu/gateway_cgi.py | 9 +++++---- shingetsu/rss.py | 5 +++-- shingetsu/thread_cgi.py | 5 +++-- 6 files changed, 22 insertions(+), 17 deletions(-) diff --git a/LICENSE b/LICENSE index 0ded9a5..7f63864 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2005-2019 shinGETsu Project. +Copyright (c) 2005-2020 shinGETsu Project. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/shingetsu/admin_cgi.py b/shingetsu/admin_cgi.py index 47c7eb7..2b3b9e0 100644 --- a/shingetsu/admin_cgi.py +++ b/shingetsu/admin_cgi.py @@ -1,7 +1,7 @@ """Saku Admin CGI methods. """ # -# Copyright (c) 2005-2014 shinGETsu Project. +# Copyright (c) 2005-2020 shinGETsu Project. # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -26,6 +26,7 @@ # SUCH DAMAGE. # +import html import os import cgi import re @@ -128,7 +129,7 @@ def print_delete_record(self, datfile, records): recs = [Record(datfile=datfile, idstr=r) for r in records] def getbody(rec): rec.load_body() - recstr = cgi.escape(rec.recstr) + recstr = html.escape(rec.recstr) rec.free() return recstr var = { @@ -202,7 +203,7 @@ def getcontents(cache): contents = [] for rec in cache: rec.load_body() - contents.append(cgi.escape(rec.recstr)) + contents.append(html.escape(rec.recstr)) rec.free() if (len(contents) > 2): return contents @@ -230,13 +231,13 @@ def print_search_form(self, query=''): self.stdout.write(self.template('search_form', var)) def print_search_result(self, query): - str_query = cgi.escape(query, True) + str_query = html.escape(query, True) title = '%s : %s' % (self.message['search'], str_query) self.header(title, deny_robot=True) self.print_paragraph(self.message['desc_search']) self.print_search_form(str_query) try: - query = re.compile(cgi.escape(query), re.I) + query = re.compile(html.escape(query), re.I) cachelist = CacheList() result = cachelist.search(query) for i in cachelist: @@ -297,7 +298,7 @@ def print_status(self): def print_edittag(self, datfile): str_title = self.file_decode(datfile) cache = Cache(datfile) - datfile = cgi.escape(datfile) + datfile = html.escape(datfile) if not cache.exists(): print404() return diff --git a/shingetsu/gateway.py b/shingetsu/gateway.py index c128ac1..99defb3 100644 --- a/shingetsu/gateway.py +++ b/shingetsu/gateway.py @@ -1,7 +1,7 @@ """Saku Gateway base module. """ # -# Copyright (c) 2005-2018 shinGETsu Project. +# Copyright (c) 2005-2020 shinGETsu Project. # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -26,6 +26,7 @@ # SUCH DAMAGE. # +import html import cgi import os import re @@ -165,7 +166,7 @@ def __init__(self, 'str_encode': self.str_encode, 'file_decode': self.file_decode, 'escape': self.escape, - 'escape_simple': lambda s: cgi.escape(s, True), + 'escape_simple': lambda s: html.escape(s, True), 'escape_space': self.escape_space, 'escape_js': self.escape_js, 'make_list_item': self.make_list_item, diff --git a/shingetsu/gateway_cgi.py b/shingetsu/gateway_cgi.py index a5231ba..485bd1e 100644 --- a/shingetsu/gateway_cgi.py +++ b/shingetsu/gateway_cgi.py @@ -1,7 +1,7 @@ """Gateway CGI methods. """ # -# Copyright (c) 2005-2015 shinGETsu Project. +# Copyright (c) 2005-2020 shinGETsu Project. # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -26,6 +26,7 @@ # SUCH DAMAGE. # +import html import re import cgi import csv @@ -52,10 +53,10 @@ def run(self): tag = self.form.getfirst('tag', '') if filter: self.filter = filter.lower() - self.str_filter = cgi.escape(filter, True) + self.str_filter = html.escape(filter, True) elif tag: self.tag = tag.lower() - self.str_tag = cgi.escape(tag, True) + self.str_tag = html.escape(tag, True) except (re.error, UnicodeDecodeError): self.header(self.message['regexp_error'], deny_robot=True) self.footer() @@ -367,7 +368,7 @@ def print_recent_rss(self): date = cache.recent_stamp, title = title, subject = tags, - content = cgi.escape(title)) + content = html.escape(title)) self.stdout.write('Content-Type: text/xml; charset=UTF-8\n') try: diff --git a/shingetsu/rss.py b/shingetsu/rss.py index 2d651c2..f7042c2 100644 --- a/shingetsu/rss.py +++ b/shingetsu/rss.py @@ -1,7 +1,7 @@ """Data structure of RSS and useful functions. """ # -# Copyright (c) 2005-2014 shinGETsu Project. +# Copyright (c) 2005-2020 shinGETsu Project. # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -26,6 +26,7 @@ # SUCH DAMAGE. # +import html import re import cgi @@ -134,6 +135,6 @@ def w3cdate(date): 'rss': rss, 'feed': [rss[uri] for uri in rss], 'w3cdate': w3cdate, - 'escape': cgi.escape, + 'escape': html.escape, } return Template().display('rss1', var) diff --git a/shingetsu/thread_cgi.py b/shingetsu/thread_cgi.py index 84abc52..de80d9e 100644 --- a/shingetsu/thread_cgi.py +++ b/shingetsu/thread_cgi.py @@ -1,7 +1,7 @@ '''Saku Thread CGI methods. ''' # -# Copyright (c) 2005-2019 shinGETsu Project. +# Copyright (c) 2005-2020 shinGETsu Project. # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -27,6 +27,7 @@ # import cgi +import html import mimetypes import re import time @@ -189,7 +190,7 @@ def print_thread(self, path, id='', page=0): printed = True rec.free() self.stdout.write("\n") - escaped_path = cgi.escape(path) + escaped_path = html.escape(path) escaped_path = re.sub(r' ', '  ', escaped_path) var = { 'cache': cache,