From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-apps-cvs-return-1876-listarch-cygwin-apps-cvs=sourceware.org@sourceware.org>
Received: (qmail 86840 invoked by alias); 7 Jan 2017 18:01:52 -0000
Mailing-List: contact cygwin-apps-cvs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <cygwin-apps-cvs.sourceware.org>
List-Subscribe: <mailto:cygwin-apps-cvs-subscribe@sourceware.org>
List-Post: <mailto:cygwin-apps-cvs@sourceware.org>
List-Help: <mailto:cygwin-apps-cvs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: cygwin-apps-cvs-owner@sourceware.org
Received: (qmail 86741 invoked by uid 9795); 7 Jan 2017 18:01:51 -0000
Date: Sat, 07 Jan 2017 18:01:00 -0000
Message-ID: <20170107180151.86695.qmail@sourceware.org>
From: jturney@sourceware.org
To: cygwin-apps-cvs@sourceware.org
Subject: [calm - Cygwin server-side packaging maintenance script] branch master, updated. 20160705-42-g70e3f45
X-Git-Refname: refs/heads/master
X-Git-Reftype: branch
X-Git-Oldrev: f3e0b64f40dc1a29e138295ffba136eccc019df2
X-Git-Newrev: 70e3f457a7af2e1963bea5c1f7b09255847b42d9
X-SW-Source: 2017-q1/txt/msg00000.txt.bz2




https://sourceware.org/git/gitweb.cgi?p=cygwin-apps/calm.git;h=70e3f457a7af2e1963bea5c1f7b09255847b42d9

commit 70e3f457a7af2e1963bea5c1f7b09255847b42d9
Author: Jon Turney <jon.turney@dronecode.org.uk>
Date:   Fri Jan 6 18:24:53 2017 +0000

    Ensure that '&','<','>' in sdesc are escaped in HTML
    
    Rename variable used to hold html listing filename to avoid clash with html
    module
    
    Add test


Diff:
---
 calm/pkg2html.py                                   |   19 ++++++++++---------
 .../hints/x86/release/testpackage/expected         |    4 +++-
 test/testdata/htdocs.expected/x86/packages.inc     |    2 +-
 .../x86/testpackage/testpackage-0.1-1              |    2 +-
 test/testdata/inifile/setup.ini.expected           |    4 ++--
 .../relarea/x86/release/testpackage/setup.hint     |    4 ++--
 6 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/calm/pkg2html.py b/calm/pkg2html.py
index 57cc0ab..cbd653b 100755
--- a/calm/pkg2html.py
+++ b/calm/pkg2html.py
@@ -41,6 +41,7 @@
 from collections import defaultdict
 import argparse
 import glob
+import html
 import logging
 import os
 import re
@@ -125,15 +126,15 @@ def update_package_listings(args, packages, arch):
         for t in packages[p].tars:
 
             fver = re.sub(r'\.tar.*$', '', t)
-            html = os.path.join(dir, fver)
+            listing = os.path.join(dir, fver)
 
             # ... if it doesn't already exist, or force
-            if not os.path.exists(html) or args.force:
+            if not os.path.exists(listing) or args.force:
 
-                logging.debug('writing %s' % html)
+                logging.debug('writing %s' % listing)
 
                 if not args.dryrun:
-                    with open(html, 'w') as f:
+                    with open(listing, 'w') as f:
                         bv = packages[p].best_version
                         header = p + ": " + packages[p].version_hints[bv]['sdesc'].replace('"', '')
                         if fver.endswith('-src'):
@@ -147,7 +148,7 @@ def update_package_listings(args, packages, arch):
                         print(textwrap.dedent('''\
                                                  <html>
                                                  <h1>%s</h1>
-                                                 <tt><pre>''' % (header)), file=f)
+                                                 <tt><pre>''' % (html.escape(header, quote=False))), file=f)
 
                         tf = os.path.join(args.rel_area, packages[p].path, t)
                         if not os.path.exists(tf):
@@ -176,11 +177,11 @@ def update_package_listings(args, packages, arch):
                                                  </pre></tt>
                                                  </html>'''), file=f)
             else:
-                logging.log(5, 'not writing %s, already exists' % html)
+                logging.log(5, 'not writing %s, already exists' % listing)
 
             # this file should exist, so remove from the toremove list
-            if html in toremove:
-                toremove.remove(html)
+            if listing in toremove:
+                toremove.remove(listing)
 
     #
     # write packages.inc
@@ -208,7 +209,7 @@ def update_package_listings(args, packages, arch):
                 bv = packages[p].best_version
                 header = packages[p].version_hints[bv]['sdesc'].replace('"', '')
 
-                print('<tr><td><a href="' + arch + '/' + p + '">' + p + '</a></td><td>' + header + '</td></tr>', file=index)
+                print('<tr><td><a href="' + arch + '/' + p + '">' + p + '</a></td><td>' + html.escape(header, quote=False) + '</td></tr>', file=index)
 
             print(textwrap.dedent('''\
                                      </table>
diff --git a/test/testdata/hints/x86/release/testpackage/expected b/test/testdata/hints/x86/release/testpackage/expected
index de11656..aa3c772 100644
--- a/test/testdata/hints/x86/release/testpackage/expected
+++ b/test/testdata/hints/x86/release/testpackage/expected
@@ -1 +1,3 @@
-OrderedDict([('sdesc', '"A test package"'), ('ldesc', '"A test package"'), ('category', 'Devel')])
+{'sdesc': '"A test package (stuff & other stuff)"',
+ 'ldesc': '"A test package (stuff & other stuff)"',
+ 'category': 'Devel'}
diff --git a/test/testdata/htdocs.expected/x86/packages.inc b/test/testdata/htdocs.expected/x86/packages.inc
index 1f443bd..346b7f6 100755
--- a/test/testdata/htdocs.expected/x86/packages.inc
+++ b/test/testdata/htdocs.expected/x86/packages.inc
@@ -21,6 +21,6 @@
 <tr><td><a href="x86/perl-Net-SMTP-SSL">perl-Net-SMTP-SSL</a></td><td>Perl distribution Net-SMTP-SSL</td></tr>
 <tr><td><a href="x86/rpm-doc">rpm-doc</a></td><td>Obsolete package for RPM package management system manual pages</td></tr>
 <tr><td><a href="x86/staleversion">staleversion</a></td><td>Test package for stale version removal</td></tr>
-<tr><td><a href="x86/testpackage">testpackage</a></td><td>A test package</td></tr>
+<tr><td><a href="x86/testpackage">testpackage</a></td><td>A test package (stuff &amp; other stuff)</td></tr>
 </table>
 </div>
diff --git a/test/testdata/htdocs.expected/x86/testpackage/testpackage-0.1-1 b/test/testdata/htdocs.expected/x86/testpackage/testpackage-0.1-1
index 76208aa..d8ae218 100644
--- a/test/testdata/htdocs.expected/x86/testpackage/testpackage-0.1-1
+++ b/test/testdata/htdocs.expected/x86/testpackage/testpackage-0.1-1
@@ -1,5 +1,5 @@
 <html>
-<h1>testpackage: A test package (installed binaries and support files)</h1>
+<h1>testpackage: A test package (stuff &amp; other stuff) (installed binaries and support files)</h1>
 <tt><pre>
 </pre></tt>
 </html>
diff --git a/test/testdata/inifile/setup.ini.expected b/test/testdata/inifile/setup.ini.expected
index ea351c1..97ddfd0 100644
--- a/test/testdata/inifile/setup.ini.expected
+++ b/test/testdata/inifile/setup.ini.expected
@@ -267,8 +267,8 @@
  'e675b0ac4bc2c3e1c4971bc56d77b0cd53a9bdf5632873a235d7582e29dfd3e8a7bb04b28f6cdee3e6b3d14c25ed39392538e3f628a9bfda6c905646ebc3c225\n'
  '\n'
  '@ testpackage\n'
- 'sdesc: "A test package"\n'
- 'ldesc: "A test package"\n'
+ 'sdesc: "A test package (stuff & other stuff)"\n'
+ 'ldesc: "A test package (stuff & other stuff)"\n'
  'category: Devel\n'
  'version: 0.1-1\n'
  'install: x86/release/testpackage/testpackage-0.1-1.tar.bz2 0 '
diff --git a/test/testdata/relarea/x86/release/testpackage/setup.hint b/test/testdata/relarea/x86/release/testpackage/setup.hint
index 10ee390..abfbfd5 100644
--- a/test/testdata/relarea/x86/release/testpackage/setup.hint
+++ b/test/testdata/relarea/x86/release/testpackage/setup.hint
@@ -1,3 +1,3 @@
-sdesc: "A test package"
-ldesc: "A test package"
+sdesc: "A test package (stuff & other stuff)"
+ldesc: "A test package (stuff & other stuff)"
 category: Devel