235 # XXX can't add 'eid' for instance since it may be multivalued |
235 # XXX can't add 'eid' for instance since it may be multivalued |
236 # dont put rql as well, if query contains < and > it will be corrupted! |
236 # dont put rql as well, if query contains < and > it will be corrupted! |
237 no_script_form_params = set(('vid', |
237 no_script_form_params = set(('vid', |
238 'etype', |
238 'etype', |
239 'vtitle', 'title', |
239 'vtitle', 'title', |
240 '__message', |
|
241 '__redirectvid', '__redirectrql')) |
240 '__redirectvid', '__redirectrql')) |
242 |
241 |
243 def setup_params(self, params): |
242 def setup_params(self, params): |
244 """WARNING: we're intentionaly leaving INTERNAL_FIELD_VALUE here |
243 """WARNING: we're intentionaly leaving INTERNAL_FIELD_VALUE here |
245 |
244 |
258 val = unicode(val, encoding) |
257 val = unicode(val, encoding) |
259 if param in self.no_script_form_params and val: |
258 if param in self.no_script_form_params and val: |
260 val = self.no_script_form_param(param, val) |
259 val = self.no_script_form_param(param, val) |
261 if param == '_cwmsgid': |
260 if param == '_cwmsgid': |
262 self.set_message_id(val) |
261 self.set_message_id(val) |
263 elif param == '__message': |
|
264 warn('[3.13] __message in request parameter is deprecated (may ' |
|
265 'only be given to .build_url). Seeing this message usualy ' |
|
266 'means your application hold some <form> where you should ' |
|
267 'replace use of __message hidden input by form.set_message, ' |
|
268 'so new _cwmsgid mechanism is properly used', |
|
269 DeprecationWarning) |
|
270 self.set_message(val) |
|
271 else: |
262 else: |
272 self.form[param] = val |
263 self.form[param] = val |
273 |
264 |
274 def no_script_form_param(self, param, value): |
265 def no_script_form_param(self, param, value): |
275 """ensure there is no script in a user form param |
266 """ensure there is no script in a user form param |