mirrors/github.com_openSUSE_osc
1
0
Fork 0
mirror of https://github.com/openSUSE/osc.git synced 2025-01-11 16:36:14 +01:00
Code

Replace arbitrary XML escaping code with xml_escape()

Browse Source
This commit is contained in:
Daniel Mach 2023-03-03 13:20:54 +01:00
parent bacaa29a78
commit e4723f7f74
3 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
osc/babysitter.py
View File

@ -16,6 +16,7 @@ from urllib.error import URLError, HTTPError
import urllib3.exceptions
from . import _private
from . import commandline
from . import oscerr
from .OscConfigParser import configparser
@ -112,7 +113,7 @@ def run(prg, argv=None):
if b'<summary>' in body:
msg = body.split(b'<summary>')[1]
msg = msg.split(b'</summary>')[0]
msg = msg.replace(b'&lt;', b'<').replace(b'&gt;', b'>').replace(b'&amp;', b'&')
msg = _private.api.xml_escape(msg)
print(decode_it(msg), file=sys.stderr)
if e.code >= 500 and e.code <= 599:
print('\nRequest: %s' % e.filename)

3
osc/commandline.py
View File

@ -1450,9 +1450,8 @@ class Osc(cmdln.Cmdln):
raise oscerr.WrongOptions('no attribute given to create')
values = ''
if opts.set:
opts.set = opts.set.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;')
for i in opts.set.split(','):
values += '<value>%s</value>' % i
values += '<value>%s</value>' % _private.api.xml_escape(i)
aname = opts.attribute.split(":")
if len(aname) != 2:
raise oscerr.WrongOptions('Given attribute is not in "NAMESPACE:NAME" style')

3
osc/core.py
View File

@ -7089,8 +7089,7 @@ def get_commitlog(
r.append('<author>%s</author>' % user)
r.append('<date>%s</date>' % t)
r.append('<requestid>%s</requestid>' % requestid)
r.append('<msg>%s</msg>' %
decode_it(comment).replace('&', '&amp;').replace('<', '&gt;').replace('>', '&lt;'))
r.append('<msg>%s</msg>' % _private.api.xml_escape(decode_it(comment)))
r.append('</logentry>')
else:
if requestid: