You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by ag...@apache.org on 2007/07/12 23:25:54 UTC
svn commit: r555772 - in /roller/trunk/apps/weblogger: src/java/org/apache/roller/weblogger/ui/rendering/util/WeblogEntryCommentForm.java web/WEB-INF/velocity/weblog.vm

Author: agilliland
Date: Thu Jul 12 14:25:53 2007
New Revision: 555772

URL: http://svn.apache.org/viewvc?view=rev&rev=555772
Log:
escape submitted comment data in the comment form object, not in the comment form macros.

Modified:
    roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/ui/rendering/util/WeblogEntryCommentForm.java
    roller/trunk/apps/weblogger/web/WEB-INF/velocity/weblog.vm

Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/ui/rendering/util/WeblogEntryCommentForm.java
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/ui/rendering/util/WeblogEntryCommentForm.java?view=diff&rev=555772&r1=555771&r2=555772
==============================================================================
--- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/ui/rendering/util/WeblogEntryCommentForm.java (original)
+++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/ui/rendering/util/WeblogEntryCommentForm.java Thu Jul 12 14:25:53 2007
@@ -18,6 +18,7 @@
 
 package org.apache.roller.weblogger.ui.rendering.util;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.roller.weblogger.pojos.WeblogEntryComment;
 import org.apache.roller.weblogger.pojos.wrapper.WeblogEntryCommentWrapper;
 
@@ -71,7 +72,7 @@
     }
     
     public String getName() {
-        return name;
+        return StringEscapeUtils.escapeHtml(name);
     }
 
     public void setName(String name) {
@@ -79,7 +80,7 @@
     }
 
     public String getEmail() {
-        return email;
+        return StringEscapeUtils.escapeHtml(email);
     }
 
     public void setEmail(String email) {
@@ -87,7 +88,7 @@
     }
 
     public String getUrl() {
-        return url;
+        return StringEscapeUtils.escapeHtml(url);
     }
 
     public void setUrl(String url) {
@@ -95,7 +96,7 @@
     }
 
     public String getContent() {
-        return content;
+        return StringEscapeUtils.escapeHtml(content);
     }
 
     public void setContent(String content) {

Modified: roller/trunk/apps/weblogger/web/WEB-INF/velocity/weblog.vm
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/web/WEB-INF/velocity/weblog.vm?view=diff&rev=555772&r1=555771&r2=555772
==============================================================================
--- roller/trunk/apps/weblogger/web/WEB-INF/velocity/weblog.vm (original)
+++ roller/trunk/apps/weblogger/web/WEB-INF/velocity/weblog.vm Thu Jul 12 14:25:53 2007
@@ -235,15 +235,15 @@
         <ul>
             <li>
                 <label class="desc">$text.get( "macro.weblog.name" )</label>
-                <input type="text" name="name" class="text large" value="$utils.escapeHTML($cform.name)" size="50" maxlength="255" />
+                <input type="text" name="name" class="text large" value="$cform.name" size="50" maxlength="255" />
             </li>
 
             <li><label class="desc">$text.get( "macro.weblog.email" )</label>
-                <input type="text" name="email" class="text large" value="$utils.escapeHTML($cform.email)" size="50" maxlength="255" />
+                <input type="text" name="email" class="text large" value="$cform.email" size="50" maxlength="255" />
             </li>
 
             <li><label class="desc">$text.get( "macro.weblog.url" )</label>
-                <input type="text" name="url" class="text large" value="$utils.escapeHTML($cform.url)" size="50" maxlength="255" />
+                <input type="text" name="url" class="text large" value="$cform.url" size="50" maxlength="255" />
             </li>
 
         #if ($config.commentEmailNotify)
@@ -257,13 +257,8 @@
             </li>
             <li>
                 <label class="desc">$text.get( "macro.weblog.yourcomment" )</label>
-
-            #if($config.commentEscapeHtml)
-                #set($content = $utils.escapeHTML($cform.content))
-            #else 
-                #set($content = $utils.transformToHTMLSubset($utils.escapeHTML($cform.content)))
-            #end               
-            <textarea name="content" class="textarea large" cols="40" rows="10">$utils.escapeHTML($content)</textarea>
+             
+            <textarea name="content" class="textarea large" cols="40" rows="10">$cform.content</textarea>
 
             </li>
             <li class="info">