- Merge CGI escapes from 2.6 / 2.7 audit.

zopefoundation · Jan 15, 2004 · 10f9bde · 10f9bde
1 parent 0e32def
commit 10f9bde
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/AcceleratedHTTPCacheManager.py b/AcceleratedHTTPCacheManager.py
@@ -24,6 +24,7 @@
 import Globals
 from Globals import DTMLFile
 import urlparse, httplib
+from cgi import escape
 from urllib import quote
 from App.Common import rfc1123_date
 
@@ -213,7 +214,7 @@ def sort_link(self, name, id):
         if sort_by == id:
             newsr = not sort_reverse
         url = url + '&sort_reverse=' + (newsr and '1' or '0')
-        return '<a href="%s">%s</a>' % (url, name)
+        return '<a href="%s">%s</a>' % (escape(url, 1), escape(name))
 
 
 Globals.default__class_init__(AcceleratedHTTPCacheManager)

diff --git a/RAMCacheManager.py b/RAMCacheManager.py
@@ -21,6 +21,7 @@
 from OFS.Cache import Cache, CacheManager
 from OFS.SimpleItem import SimpleItem
 from thread import allocate_lock
+from cgi import escape
 import time
 import Globals
 from Globals import DTMLFile
@@ -433,7 +434,7 @@ def sort_link(self, name, id):
         if sort_by == id:
             newsr = not sort_reverse
         url = url + '&sort_reverse=' + (newsr and '1' or '0')
-        return '<a href="%s">%s</a>' % (url, name)
+        return '<a href="%s">%s</a>' % (escape(url, 1), escape(name))
 
 Globals.default__class_init__(RAMCacheManager)