--- a/utils.py Wed Sep 02 09:17:23 2009 +0200
+++ b/utils.py Wed Sep 02 09:31:22 2009 +0200
@@ -7,6 +7,8 @@
"""
__docformat__ = "restructuredtext en"
+from logilab.mtconverter import xml_escape
+
import locale
from md5 import md5
from datetime import datetime, timedelta, date
@@ -262,17 +264,18 @@
# 2/ css files
for cssfile, media in self.cssfiles:
w(u'<link rel="stylesheet" type="text/css" media="%s" href="%s"/>\n' %
- (media, cssfile))
+ (media, xml_escape(cssfile)))
# 3/ ie css if necessary
if self.ie_cssfiles:
w(u'<!--[if lt IE 8]>\n')
for cssfile, media in self.ie_cssfiles:
w(u'<link rel="stylesheet" type="text/css" media="%s" href="%s"/>\n' %
- (media, cssfile))
+ (media, xml_escape(cssfile)))
w(u'<![endif]--> \n')
# 4/ js files
for jsfile in self.jsfiles:
- w(u'<script type="text/javascript" src="%s"></script>\n' % jsfile)
+ w(u'<script type="text/javascript" src="%s"></script>\n' %
+ xml_escape(jsfile))
# 5/ post inlined scripts (i.e. scripts depending on other JS files)
if self.post_inlined_scripts:
w(u'<script type="text/javascript">\n')
--- a/web/views/editcontroller.py Wed Sep 02 09:17:23 2009 +0200
+++ b/web/views/editcontroller.py Wed Sep 02 09:31:22 2009 +0200
@@ -191,7 +191,22 @@
return
attrtype = rschema.objects(entity.e_schema)[0].type
# on checkbox or selection, the field may not be in params
- if attrtype == 'Boolean':
+ # NOTE: raising ValidationError here is not a good solution because
+ # we can't gather all errors at once. Hopefully, the new 3.6.x
+ # form handling will fix that
+ if attrtype == 'Int':
+ try:
+ value = int(value)
+ except ValueError:
+ raise ValidationError(entity.eid,
+ {attr: self.req._("invalid integer value")})
+ elif attrtype == 'Float':
+ try:
+ value = float(value)
+ except ValueError:
+ raise ValidationError(entity.eid,
+ {attr: self.req._("invalid float value")})
+ elif attrtype == 'Boolean':
value = bool(value)
elif attrtype == 'Decimal':
value = Decimal(value)