Attachment #217206 for bug #247597




# $FreeBSD$

PORTNAME=	cherrypy
PORTVERSION=	18.6.0
PORTREVISION=	4
CATEGORIES=	www python
MASTER_SITES=	CHEESESHOP
PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}


LICENSE=	BSD3CLAUSE

BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}pip>0:devel/py-pip \
		${PYTHON_PKGNAMEPREFIX}setuptools_scm>0:devel/py-setuptools_scm \

EXAMPLES_RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}cheetah3>=2.4.4:devel/py-cheetah3@${PY_FLAVOR} \
			${PYTHON_PKGNAMEPREFIX}sqlobject>=1.5.1:databases/py-sqlobject@${PY_FLAVOR}
EXAMPLESDIR=	${PREFIX}/share/examples/${PKGNAMEPREFIX}${PORTNAME}



PORTEXAMPLES=	*

USES=		python:3.5+
USE_PYTHON=	distutils autoplist concurrent
SHEBANG_FILES=	cherrypy/cherryd

.include <bsd.port.options.mk>

# handle tutorial separately, and remove cherrypy.process from data_files
# otherwise it confuses build_py.get_outputs() and breaks PYDISTUTILS_AUTOPLIST
#post-patch:
#	@${REINPLACE_CMD} -e '99,106d' -e '78s/"cherrypy.tutorial",//1' \
#		-e '88d' -i.bak ${WRKSRC}/${PYSETUP}

.if ${PORT_OPTIONS:MEXAMPLES}
post-install:


.include <bsd.port.pre.mk>

.if ${PYTHON_REL} >= 3000    # devel/py-cheetah doesn't yet build with Python 3
.undef EXAMPLES_RUN_DEPENDS
.endif

# The package cherrypy.wsgiserver includes both Python 2 and Python 3 modules,
# so it breaks PYDISTUTILS_AUTOPLIST.
# Instead of defining a cherrypy_build_py.get_outputs() method in setup.py
# we simply remove unwanted modules (see cherrypy_build_py() in setup.py)
post-extract:
.if ${PYTHON_REL} >= 3000
	@(cd ${WRKSRC}/cherrypy && ${RM} _cpcompat_subprocess.py && \
	cd wsgiserver && ${RM} ssl_pyopenssl.py wsgiserver2.py)
.else
	@${RM} ${WRKSRC}/cherrypy/wsgiserver/wsgiserver3.py
.endif

.include <bsd.port.post.mk>

Lines 1-3 Link Here

(-)www/py-cherrypy/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1464940005	1	TIMESTAMP = 1597375062
2	SHA256 (CherryPy-5.4.0.tar.gz) = bc8702099f6071ddd8b6404c110e22bb93e6a007fd9455e27f056be59a2ca801	2	SHA256 (CherryPy-18.6.0.tar.gz) = 56608edd831ad00991ae585625e0206ed61cf1a0850e4b2cc48489fb2308c499
3	SIZE (CherryPy-5.4.0.tar.gz) = 435759	3	SIZE (CherryPy-18.6.0.tar.gz) = 686804




https://github.com/cherrypy/cherrypy/commit/c65dc279d1d8

--- cherrypy/_cpcompat.py.orig	2016-05-11 00:35:35 UTC
+++ cherrypy/_cpcompat.py
@@ -357,3 +357,19 @@ class SetDaemonProperty:
 
     if sys.version_info < (2, 6):
         daemon = property(__get_daemon, __set_daemon)
+
+# html module come in 3.2 version
+try:
+    from html import escape
+except ImportError:
+    from cgi import escape
+
+# html module needed the argument quote=False because in cgi the default
+# is False. With quote=True the results differ.
+
+def escape_html(s, escape_quote=False):
+    """Replace special characters "&", "<" and ">" to HTML-safe sequences.
+
+    When escape_quote=True, escape (') and (") chars.
+    """
+    return escape(s, quote=escape_quote)
--- cherrypy/_cperror.py.orig	2016-05-11 00:35:35 UTC
+++ cherrypy/_cperror.py
@@ -115,9 +115,9 @@ Note that you have to explicitly set
 and not simply return an error message as a result.
 """
 
-from cgi import escape as _escape
 from sys import exc_info as _exc_info
 from traceback import format_exception as _format_exception
+from cherrypy._cpcompat import escape_html
 from cherrypy._cpcompat import basestring, bytestr, iteritems, ntob
 from cherrypy._cpcompat import tonative, urljoin as _urljoin
 from cherrypy.lib import httputil as _httputil
@@ -489,7 +489,7 @@ def get_error_page(status, **kwargs):
         if v is None:
             kwargs[k] = ""
         else:
-            kwargs[k] = _escape(kwargs[k])
+            kwargs[k] = escape_html(kwargs[k])
 
     # Use a custom template or callable for the error page?
     pages = cherrypy.serving.request.error_page
--- cherrypy/test/test_compat.py.orig	2016-05-11 00:35:35 UTC
+++ cherrypy/test/test_compat.py
@@ -17,3 +17,11 @@ class StringTester(unittest.TestCase):
         if compat.py3k:
             raise nose.SkipTest("Only useful on Python 2")
         self.assertRaises(Exception, compat.ntob, unicode('fight'))
+
+
+class EscapeTester(unittest.TestCase):
+    """Class to test escape_html function from _cpcompat."""
+
+    def test_escape_quote(self):
+        """test_escape_quote - Verify the output for &<>"' chars."""
+        self.assertEqual("""xx&amp;&lt;&gt;"aa'""", compat.escape_html("""xx&<>"aa'"""))

Return to bug 247597

Lines 2-9 Link Here

(-)www/py-cherrypy/Makefile (-24 / +9 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= cherrypy	4	PORTNAME= cherrypy
5	PORTVERSION= 5.4.0	5	PORTVERSION= 18.6.0
6	PORTREVISION= 4
7	CATEGORIES= www python	6	CATEGORIES= www python
8	MASTER_SITES= CHEESESHOP	7	MASTER_SITES= CHEESESHOP
9	PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}	8	PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
Lines 14-20 COMMENT= Pythonic, object-oriented web development framework Link Here
14		13
15	LICENSE= BSD3CLAUSE	14	LICENSE= BSD3CLAUSE
16		15
17	EXAMPLES_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cheetah>=2.4.4:devel/py-cheetah@${PY_FLAVOR} \	16	BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pip>0:devel/py-pip \
		17	${PYTHON_PKGNAMEPREFIX}setuptools_scm>0:devel/py-setuptools_scm \
		18
		19	EXAMPLES_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cheetah3>=2.4.4:devel/py-cheetah3@${PY_FLAVOR} \
18	${PYTHON_PKGNAMEPREFIX}sqlobject>=1.5.1:databases/py-sqlobject@${PY_FLAVOR}	20	${PYTHON_PKGNAMEPREFIX}sqlobject>=1.5.1:databases/py-sqlobject@${PY_FLAVOR}
19	EXAMPLESDIR= ${PREFIX}/share/examples/${PKGNAMEPREFIX}${PORTNAME}	21	EXAMPLESDIR= ${PREFIX}/share/examples/${PKGNAMEPREFIX}${PORTNAME}
20		22
Lines 22-38 OPTIONS_DEFINE= EXAMPLES Link Here
22		24
23	PORTEXAMPLES= *	25	PORTEXAMPLES= *
24		26
25	USES= python shebangfix	27	USES= python:3.5+
26	USE_PYTHON= distutils autoplist concurrent	28	USE_PYTHON= distutils autoplist concurrent
27	SHEBANG_FILES= cherrypy/cherryd
28		29
29	.include <bsd.port.options.mk>	30	.include <bsd.port.options.mk>
30		31
31	# handle tutorial separately, and remove cherrypy.process from data_files	32	# handle tutorial separately, and remove cherrypy.process from data_files
32	# otherwise it confuses build_py.get_outputs() and breaks PYDISTUTILS_AUTOPLIST	33	# otherwise it confuses build_py.get_outputs() and breaks PYDISTUTILS_AUTOPLIST
33	post-patch:	34	#post-patch:
34	@${REINPLACE_CMD} -e '99,106d' -e '78s/"cherrypy.tutorial",//1' \	35	# @${REINPLACE_CMD} -e '99,106d' -e '78s/"cherrypy.tutorial",//1' \
35	-e '88d' -i.bak ${WRKSRC}/${PYSETUP}	36	# -e '88d' -i.bak ${WRKSRC}/${PYSETUP}
36		37
37	.if ${PORT_OPTIONS:MEXAMPLES}	38	.if ${PORT_OPTIONS:MEXAMPLES}
38	post-install:	39	post-install:
Lines 46-65 post-install: Link Here
46		47
47	.include <bsd.port.pre.mk>	48	.include <bsd.port.pre.mk>
48		49
49	.if ${PYTHON_REL} >= 3000 # devel/py-cheetah doesn't yet build with Python 3
50	.undef EXAMPLES_RUN_DEPENDS
51	.endif
52
53	# The package cherrypy.wsgiserver includes both Python 2 and Python 3 modules,
54	# so it breaks PYDISTUTILS_AUTOPLIST.
55	# Instead of defining a cherrypy_build_py.get_outputs() method in setup.py
56	# we simply remove unwanted modules (see cherrypy_build_py() in setup.py)
57	post-extract:
58	.if ${PYTHON_REL} >= 3000
59	@(cd ${WRKSRC}/cherrypy && ${RM} _cpcompat_subprocess.py && \
60	cd wsgiserver && ${RM} ssl_pyopenssl.py wsgiserver2.py)
61	.else
62	@${RM} ${WRKSRC}/cherrypy/wsgiserver/wsgiserver3.py
63	.endif
64
65	.include <bsd.port.post.mk>	50	.include <bsd.port.post.mk>

Removed Link Here

(-)www/py-cherrypy/files/patch-python38 (-60 lines)
1	https://github.com/cherrypy/cherrypy/commit/c65dc279d1d8
2
3	--- cherrypy/_cpcompat.py.orig 2016-05-11 00:35:35 UTC
4	+++ cherrypy/_cpcompat.py
5	@@ -357,3 +357,19 @@ class SetDaemonProperty:
6
7	if sys.version_info < (2, 6):
8	daemon = property(__get_daemon, __set_daemon)
9	+
10	+# html module come in 3.2 version
11	+try:
12	+ from html import escape
13	+except ImportError:
14	+ from cgi import escape
15	+
16	+# html module needed the argument quote=False because in cgi the default
17	+# is False. With quote=True the results differ.
18	+
19	+def escape_html(s, escape_quote=False):
20	+ """Replace special characters "&", "<" and ">" to HTML-safe sequences.
21	+
22	+ When escape_quote=True, escape (') and (") chars.
23	+ """
24	+ return escape(s, quote=escape_quote)
25	--- cherrypy/_cperror.py.orig 2016-05-11 00:35:35 UTC
26	+++ cherrypy/_cperror.py
27	@@ -115,9 +115,9 @@ Note that you have to explicitly set
28	and not simply return an error message as a result.
29	"""
30
31	-from cgi import escape as _escape
32	from sys import exc_info as _exc_info
33	from traceback import format_exception as _format_exception
34	+from cherrypy._cpcompat import escape_html
35	from cherrypy._cpcompat import basestring, bytestr, iteritems, ntob
36	from cherrypy._cpcompat import tonative, urljoin as _urljoin
37	from cherrypy.lib import httputil as _httputil
38	@@ -489,7 +489,7 @@ def get_error_page(status, **kwargs):
39	if v is None:
40	kwargs[k] = ""
41	else:
42	- kwargs[k] = _escape(kwargs[k])
43	+ kwargs[k] = escape_html(kwargs[k])
44
45	# Use a custom template or callable for the error page?
46	pages = cherrypy.serving.request.error_page
47	--- cherrypy/test/test_compat.py.orig 2016-05-11 00:35:35 UTC
48	+++ cherrypy/test/test_compat.py
49	@@ -17,3 +17,11 @@ class StringTester(unittest.TestCase):
50	if compat.py3k:
51	raise nose.SkipTest("Only useful on Python 2")
52	self.assertRaises(Exception, compat.ntob, unicode('fight'))
53	+
54	+
55	+class EscapeTester(unittest.TestCase):
56	+ """Class to test escape_html function from _cpcompat."""
57	+
58	+ def test_escape_quote(self):
59	+ """test_escape_quote - Verify the output for &<>"' chars."""
60	+ self.assertEqual("""xx&<>"aa'""", compat.escape_html("""xx&<>"aa'"""))