Quote the value put in the text input value attribute.

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@21 57a73879-2fb5-44c3-a270-3262357dd7e2

diff --git a/template.py b/template.py
index cb0a3924f3491e5592f8764da96c5506615772da..85ddc719498a393b0f1eb537b441a257915d0fca 100644 (file)
--- a/template.py
+++ b/template.py
@@ -1,6 +1,6 @@
-# $Id: template.py,v 1.4 2001-07-19 06:27:07 anthonybaxter Exp $
+# $Id: template.py,v 1.5 2001-07-20 07:34:43 richard Exp $
 
-import os, re, StringIO, urllib
+import os, re, StringIO, urllib, cgi
 
 import hyperdb, date
 
@@ -68,6 +68,9 @@ class Field(Base):
             size = size or 30
             if value is None:
                 value = ''
+            else:
+                value = cgi.escape(value)
+                value = '"'.join(value.split('"'))
             s = '<input name="%s" value="%s" size="%s">'%(property, value, size)
         elif propclass.isLinkType:
             linkcl = self.db.classes[propclass.classname]
@@ -697,6 +700,13 @@ def newitem(fp, db, classname, form, replace=re.compile(
 
 #
 # $Log: not supported by cvs2svn $
+# Revision 1.4  2001/07/19 06:27:07  anthonybaxter
+# fixing (manually) the (dollarsign)Log(dollarsign) entries caused by
+# my using the magic (dollarsign)Id(dollarsign) and (dollarsign)Log(dollarsign)
+# strings in a commit message. I'm a twonk.
+#
+# Also broke the help string in two.
+#
 # Revision 1.3  2001/07/19 05:52:22  anthonybaxter
 # Added CVS keywords Id and Log to all python files.
 #