hamster-applet r751 - branches/gnome-2-26/hamster

From: tbaugis svn gnome org
To: svn-commits-list gnome org
Subject: hamster-applet r751 - branches/gnome-2-26/hamster
Date: Thu, 19 Feb 2009 02:24:08 +0000 (UTC)

Author: tbaugis
Date: Thu Feb 19 02:24:08 2009
New Revision: 751
URL: http://svn.gnome.org/viewvc/hamster-applet?rev=751&view=rev

Log:
escaping user content where pango markup is used.
Noticed by Markus Brinkmann

Modified:
   branches/gnome-2-26/hamster/applet.py
   branches/gnome-2-26/hamster/stats.py
   branches/gnome-2-26/hamster/stuff.py

Modified: branches/gnome-2-26/hamster/applet.py
==============================================================================
--- branches/gnome-2-26/hamster/applet.py	(original)
+++ branches/gnome-2-26/hamster/applet.py	Thu Feb 19 02:24:08 2009
@@ -109,6 +109,7 @@
             else:
                 label = "%s %s" % (self.activity, self.duration)
         
+        label = escape_pango(label)
         label = '<span gravity=\"south\">' + label + '</span>'
         self.label.set_markup(label)
 

Modified: branches/gnome-2-26/hamster/stats.py
==============================================================================
--- branches/gnome-2-26/hamster/stats.py	(original)
+++ branches/gnome-2-26/hamster/stats.py	Thu Feb 19 02:24:08 2009
@@ -153,8 +153,8 @@
             cell.set_property('markup', text)
 
         else:
-            activity_name = cell_text
-            description = model.get_value(iter, 4)
+            activity_name = stuff.escape_pango(cell_text)
+            description = stuff.escape_pango(model.get_value(iter, 4))
     
             text = "   %s" % activity_name
             if description:

Modified: branches/gnome-2-26/hamster/stuff.py
==============================================================================
--- branches/gnome-2-26/hamster/stuff.py	(original)
+++ branches/gnome-2-26/hamster/stuff.py	Thu Feb 19 02:24:08 2009
@@ -115,6 +115,16 @@
 
     return res
 
+def escape_pango(text):
+    if not text:
+        return text
+    
+    text = text.replace ("&", "&amp;")
+    text = text.replace("<", "&lt;")
+    text = text.replace(">", "&gt;")
+    return text
+
+
 class DayStore(object):
     """A day view contains a treeview for facts of the day and another
        one for totals. It creates those widgets on init, use
@@ -149,9 +159,9 @@
 
             current_duration = format_duration(duration)
 
-            self.fact_store.append([fact['id'], fact['name'], 
+            self.fact_store.append([fact['id'], escape_pango(fact['name']), 
                                     fact["start_time"].strftime("%H:%M"), 
                                     current_duration,
                                     fact["start_time"].strftime("%Y%m%d"),
-                                    fact["description"]])
+                                    escape_pango(fact["description"])])

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]