The last PR changed the use of cgi.escape() to html.escape(). Apparently the old (now gone) cgi.escape() was more forgiving of mixed/wrong string types being thrown around.
This PR takes the most likely places for problems (text chunk reads from sql) and checks that they are str (converts if needed).
This is intentionally not an exhaustive scan of all pandokia code because:
1) we don't use it all and we don't support it all
2) we don't have time for this
This PR SHOULD get us back up and running for all of our standard pdk uses.
The last PR changed the use of
cgi.escape()tohtml.escape(). Apparently the old (now gone)cgi.escape()was more forgiving of mixed/wrong string types being thrown around.This PR takes the most likely places for problems (text chunk reads from sql) and checks that they are
str(converts if needed).This is intentionally not an exhaustive scan of all pandokia code because:
This PR SHOULD get us back up and running for all of our standard pdk uses.