[Erp5-report] r19809 - /erp5/trunk/products/ERP5Form/ImageField.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Wed Mar 12 10:25:01 CET 2008
Author: fabien
Date: Wed Mar 12 10:25:01 2008
New Revision: 19809
URL: http://svn.erp5.org?rev=19809&view=rev
Log:
- use html_quote() function to escape caractere can't be displayed in html
- correct a mistake : replace with & (thx to Jerome)
Modified:
erp5/trunk/products/ERP5Form/ImageField.py
Modified: erp5/trunk/products/ERP5Form/ImageField.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Form/ImageField.py?rev=19809&r1=19808&r2=19809&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Form/ImageField.py (original)
+++ erp5/trunk/products/ERP5Form/ImageField.py Wed Mar 12 10:25:01 2008
@@ -29,6 +29,8 @@
from Products.Formulator import Widget, Validator
from Products.Formulator.Field import ZMIField
from Products.Formulator.DummyField import fields
+from DocumentTemplate.DT_Util import html_quote
+
class ImageFieldWidget(Widget.TextWidget):
"""ImageField widget.
@@ -74,13 +76,17 @@
"""
# Url is already defined in value
image = value
- description = field.get_value('description') or \
- field.get_value('title')
+ alt = field.get_value('description') or \
+ field.get_value('title')
display = field.get_value('image_display')
format = field.get_value('image_format')
resolution = field.get_value('image_resolution')
- html_string = """<img src="%s?display=%s format=%s resolution=%s" alt="%s"/>""" % \
- (image, display, format,resolution, description)
+ html_string = """<img src="%s?display=%s&format=%s&resolution=%s" alt="%s"/>""" % \
+ (html_quote(image),
+ html_quote(display),
+ html_quote(format),
+ html_quote(resolution),
+ html_quote(alt))
return html_string
ImageFieldWidgetInstance = ImageFieldWidget()
More information about the Erp5-report
mailing list