[Python-modules-commits] [python-django-treebeard] 01/12: Import python-django-treebeard_4.0.1+dfsg.orig.tar.gz

Michael Fladischer fladi at moszumanska.debian.org
Thu May 5 13:11:24 UTC 2016 

This is an automated email from the git hooks/post-receive script.

fladi pushed a commit to branch master
in repository python-django-treebeard.

commit 764fc8eb98e339e3e9582755ef459ea340088584
Author: Michael Fladischer <fladi at debian.org>
Date:   Thu May 5 12:39:01 2016 +0200

    Import python-django-treebeard_4.0.1+dfsg.orig.tar.gz
---
 CHANGES                            |  6 ++++++
 PKG-INFO                           |  2 +-
 django_treebeard.egg-info/PKG-INFO |  2 +-
 docs/admin.rst                     | 15 +++++++++++++++
 docs/conf.py                       |  6 +++---
 setup.py                           |  2 +-
 treebeard/forms.py                 |  3 ++-
 treebeard/tests/test_treebeard.py  | 13 +++++++++++++
 8 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 718cb0c..f6b1409 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+Release 4.0.1 (May 1, 2016)
+---------------------------
+
+* Escape input in forms (Martin Koistinen / Divio)
+* Clarification on model detail pages (Michael Huang)
+
 Release 4.0 (Dec 28, 2015)
 --------------------------
 
diff --git a/PKG-INFO b/PKG-INFO
index 1409f51..76d5194 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: django-treebeard
-Version: 4.0
+Version: 4.0.1
 Summary: Efficient tree implementations for Django 1.7+
 Home-page: https://tabo.pe/projects/django-treebeard/
 Author: Gustavo Picon
diff --git a/django_treebeard.egg-info/PKG-INFO b/django_treebeard.egg-info/PKG-INFO
index 1409f51..76d5194 100644
--- a/django_treebeard.egg-info/PKG-INFO
+++ b/django_treebeard.egg-info/PKG-INFO
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: django-treebeard
-Version: 4.0
+Version: 4.0.1
 Summary: Efficient tree implementations for Django 1.7+
 Home-page: https://tabo.pe/projects/django-treebeard/
 Author: Gustavo Picon
diff --git a/docs/admin.rst b/docs/admin.rst
index 7398310..22896ab 100644
--- a/docs/admin.rst
+++ b/docs/admin.rst
@@ -50,3 +50,18 @@ Basic Interface
 
 
 .. _FeinCMS: http://www.feincms.org
+
+Model Detail Pages
+~~~~~~~~~~~~~~~~~~
+
+If a model's field values are modified, then it is necessary to add the fields '_position' and '_ref_node_id'. Otherwise, it is not possible to create instances of the model.
+
+Example:
+
+   .. code-block:: python
+
+        class MyAdmin(TreeAdmin):
+            fields = ('title', 'body', 'is_edited', 'timestamp', '_position', '_ref_node_id',)
+            form = movenodeform_factory(MyNode)
+
+        admin.site.register(MyNode, MyAdmin)
diff --git a/docs/conf.py b/docs/conf.py
index 689155d..8b7e369 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -36,9 +36,9 @@ templates_path = ['_templates']
 source_suffix = '.rst'
 master_doc = 'index'
 project = 'django-treebeard'
-copyright = '2008-2015, Gustavo Picon'
-version = '4.0'
-release = '4.0'
+copyright = '2008-2016, Gustavo Picon'
+version = '4.0.1'
+release = '4.0.1'
 exclude_trees = ['_build']
 pygments_style = 'sphinx'
 html_theme = 'default'
diff --git a/setup.py b/setup.py
index 808a2b7..9d77587 100644
--- a/setup.py
+++ b/setup.py
@@ -26,7 +26,7 @@ class pytest_test(test):
 
 setup_args = dict(
     name='django-treebeard',
-    version='4.0',
+    version='4.0.1',
     url='https://tabo.pe/projects/django-treebeard/',
     author='Gustavo Picon',
     author_email='tabo at tabo.pe',
diff --git a/treebeard/forms.py b/treebeard/forms.py
index 1e6ac06..f4d378f 100644
--- a/treebeard/forms.py
+++ b/treebeard/forms.py
@@ -4,6 +4,7 @@ from django import forms
 from django.db.models.query import QuerySet
 from django.forms.models import BaseModelForm, ErrorList, model_to_dict
 from django.forms.models import modelform_factory as django_modelform_factory
+from django.utils.html import escape
 from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext_lazy as _
 
@@ -177,7 +178,7 @@ class MoveNodeForm(forms.ModelForm):
         if cls.is_loop_safe(for_node, node):
             options.append(
                 (node.pk,
-                 mark_safe(cls.mk_indent(node.get_depth()) + str(node))))
+                 mark_safe(cls.mk_indent(node.get_depth()) + escape(node))))
             for subnode in node.get_children():
                 cls.add_subtree(for_node, subnode, options)
 
diff --git a/treebeard/tests/test_treebeard.py b/treebeard/tests/test_treebeard.py
index 65c9bb5..0817848 100644
--- a/treebeard/tests/test_treebeard.py
+++ b/treebeard/tests/test_treebeard.py
@@ -2211,6 +2211,19 @@ class TestForm(TestNonEmptyTree):
         assert 'id__position' in str(form)
         assert 'id__ref_node_id' in str(form)
 
+    def test_move_node_form(self, model):
+        form_class = movenodeform_factory(model)
+
+        bad_node = model.objects.get(desc='1').add_child(
+            desc='Benign<script>alert("Compromised");</script>'
+        )
+
+        form = form_class(instance=bad_node)
+        rendered_html = form.as_p()
+        assert "Benign" in rendered_html
+        assert "<script>" not in rendered_html
+        assert "<script>" in rendered_html
+
     def test_get_position_ref_node(self, model):
         form_class = movenodeform_factory(model)
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-django-treebeard.git

More information about the Python-modules-commits mailing list