Bug#851296: [PATCH 2/3] Missing URL encoding fixes
---
.../accounts/templates/accounts/subscriptions.html | 6 +++---
.../accounts/templates/accounts/user-widget.html | 2 +-
.../core/templates/core/edit-team-membership.html | 6 +++---
distro_tracker/core/templates/core/news_list.html | 2 +-
distro_tracker/core/templates/core/package.html | 2 +-
distro_tracker/core/templates/core/team-list.html | 2 +-
distro_tracker/core/templates/core/team-manage.html | 2 +-
distro_tracker/core/templates/core/team.html | 2 +-
distro_tracker/vendor/debian/tracker_panels.py | 20 +++++++++++++-------
9 files changed, 25 insertions(+), 19 deletions(-)
diff --git a/distro_tracker/accounts/templates/accounts/subscriptions.html b/distro_tracker/accounts/templates/accounts/subscriptions.html
index cc0243d..02fab38 100644
--- a/distro_tracker/accounts/templates/accounts/subscriptions.html
+++ b/distro_tracker/accounts/templates/accounts/subscriptions.html
@@ -30,7 +30,7 @@
<button class='btn btn-sm btn-danger unsubscribe-all' data-email="{{ email }}">Unsubscribe all</button>
</form>
{% endif %}
- <a href="{% url 'dtracker-accounts-profile-keywords' %}?email={{ email }}">
+ <a href="{% url 'dtracker-accounts-profile-keywords' %}?email={{ email|urlencode:'' }}">
<button class="btn btn-sm btn-primary modify-default-keywords" data-email="{{ email }}">Modify keywords</button>
</a>
<div class="default-keywords" style="display: none;" id="default-keywords-{{ forloop.counter }}">
@@ -77,7 +77,7 @@
</div>
<div class="col-md-6">
<div class="pull-xs-right">
- <a href="{% url 'dtracker-accounts-profile-keywords' %}?package={{ subscription.package }}&email={{ email }}">
+ <a href="{% url 'dtracker-accounts-profile-keywords' %}?package={{ subscription.package|urlencode:'' }}&email={{ email|urlencode:'' }}">
<div class="btn btn-sm btn-primary modify-subscription-keywords" data-email="{{ email }}" data-package="{{ subscription.package }}">Modify keywords</div></a>
<form style="margin-bottom: 0px;display:inline;" action="{% url 'dtracker-api-accounts-unsubscribe' %}" method="POST">{% csrf_token %}
<input type="hidden" name="package" value="{{ subscription.package }}">
@@ -123,7 +123,7 @@
<div class="col-md-6">
<div class="pull-xs-right">
<div class="btn btn-sm btn-primary modify-membership-keywords" data-email="{{ email }}" data-href="{% url 'dtracker-team-set-keywords' membership.team.slug %}">Modify keywords</div>
- <a class="btn btn-sm btn-primary" href="{% url 'dtracker-team-manage-membership' membership.team.slug %}?email={{ email }}">Manage subscriptions</a>
+ <a class="btn btn-sm btn-primary" href="{% url 'dtracker-team-manage-membership' membership.team.slug %}?email={{ email|urlencode:'' }}">Manage subscriptions</a>
{% if membership.muted %}
<form style="margin-bottom: 0px;display:inline;" action="{% url 'dtracker-team-unmute' membership.team.slug %}" method="POST">{% csrf_token %}
{% else %}
diff --git a/distro_tracker/accounts/templates/accounts/user-widget.html b/distro_tracker/accounts/templates/accounts/user-widget.html
index a5b0247..5838afa 100644
--- a/distro_tracker/accounts/templates/accounts/user-widget.html
+++ b/distro_tracker/accounts/templates/accounts/user-widget.html
@@ -1,7 +1,7 @@
{% if user.is_authenticated %}
<span><a href="{% url 'dtracker-accounts-profile' %}">Profile</a></span>
<span>|</span>
- <span><a id="account-logout" href="{% url 'dtracker-accounts-logout' %}?next={{ logout_redirect }}">Log out</a></span>
+ <span><a id="account-logout" href="{% url 'dtracker-accounts-logout' %}?next={{ logout_redirect|urlencode:'' }}">Log out</a></span>
{% else %}
<span><a id="account-register" href="{% url 'dtracker-accounts-register' %}">Register</a></span>
<span>|</span>
diff --git a/distro_tracker/core/templates/core/edit-team-membership.html b/distro_tracker/core/templates/core/edit-team-membership.html
index 06125ed..745aed2 100644
--- a/distro_tracker/core/templates/core/edit-team-membership.html
+++ b/distro_tracker/core/templates/core/edit-team-membership.html
@@ -35,14 +35,14 @@
<form style="margin-bottom: 0px;" action="{% url 'dtracker-team-unmute' team.slug %}" method="POST">{% csrf_token %}
<input type="hidden" name="package" value="{{ pkg }}">
<input type="hidden" name="email" value="{{ email }}">
- <input type="hidden" name="next" value="{% url 'dtracker-team-manage-membership' team.slug %}?page={{ page_obj.number }}&email={{ email }}">
+ <input type="hidden" name="next" value="{% url 'dtracker-team-manage-membership' team.slug %}?page={{ page_obj.number|urlencode:'' }}&email={{ email|urlencode:'' }}">
<button class="btn btn-primary toggle-package-mute" data-email="{{ email }}" data-package="{{ subscription.package }}">Unmute</button>
</form>
{% else %}
<form style="margin-bottom: 0px;" action="{% url 'dtracker-team-mute' team.slug %}" method="POST">{% csrf_token %}
<input type="hidden" name="package" value="{{ pkg }}">
<input type="hidden" name="email" value="{{ email }}">
- <input type="hidden" name="next" value="{% url 'dtracker-team-manage-membership' team.slug %}?page={{ page_obj.number }}&email={{ email }}">
+ <input type="hidden" name="next" value="{% url 'dtracker-team-manage-membership' team.slug %}?page={{ page_obj.number|urlencode:'' }}&email={{ email|urlencode:'' }}">
<button class="btn btn-danger toggle-package-mute" data-email="{{ email }}" data-package="{{ subscription.package }}">Mute</button>
</form>
{% endif %}
@@ -70,7 +70,7 @@
<div class="text-xs-center">
<ul class="pagination">
{% for page in page_obj.paginator.page_range %}
- <li class="page-item{% if page_obj.number == page %} active{% endif %}"><a class="page-link" href="?page={{ page }}&email={{ membership.user_email.email }}">{{ page }}</a></li>
+ <li class="page-item{% if page_obj.number == page %} active{% endif %}"><a class="page-link" href="?page={{ page|urlencode:'' }}&email={{ membership.user_email.email|urlencode:'' }}">{{ page }}</a></li>
{% endfor %}
</ul>
</div>
diff --git a/distro_tracker/core/templates/core/news_list.html b/distro_tracker/core/templates/core/news_list.html
index c13952d..4f139ab 100644
--- a/distro_tracker/core/templates/core/news_list.html
+++ b/distro_tracker/core/templates/core/news_list.html
@@ -25,7 +25,7 @@
<div class="text-xs-center">
<ul class="pagination">
{% for page in page_obj.paginator.page_range %}
- <li class="page-item{% if page_obj.number == page %} active{% endif %}"><a class="page-link" href="?page={{ page }}">{{ page }}</a></li>
+ <li class="page-item{% if page_obj.number == page %} active{% endif %}"><a class="page-link" href="?page={{ page|urlencode:'' }}">{{ page }}</a></li>
{% endfor %}
</ul>
</div>
diff --git a/distro_tracker/core/templates/core/package.html b/distro_tracker/core/templates/core/package.html
index 2253794..1f29d33 100644
--- a/distro_tracker/core/templates/core/package.html
+++ b/distro_tracker/core/templates/core/package.html
@@ -33,7 +33,7 @@
<input type="hidden" name="package" value="{{ package }}">
<input type="hidden" name="email" value="{{ request.user.emails.all.0 }}">
{% else %}
- <a href="{% url 'dtracker-accounts-choose-email' %}?package={{ package }}">
+ <a href="{% url 'dtracker-accounts-choose-email' %}?package={{ package|urlencode:'' }}">
{% endif %}
<button class="btn btn-default" id='subscribe-button' data-package="{{ package }}" data-get-emails="{% url 'dtracker-api-accounts-emails' %}" data-url="{% url 'dtracker-api-accounts-subscribe' %}">Subscribe</button>
diff --git a/distro_tracker/core/templates/core/team-list.html b/distro_tracker/core/templates/core/team-list.html
index ae1d1cc..4192515 100644
--- a/distro_tracker/core/templates/core/team-list.html
+++ b/distro_tracker/core/templates/core/team-list.html
@@ -27,7 +27,7 @@
<div class="text-xs-center">
<ul class="pagination">
{% for page in page_obj.paginator.page_range %}
- <li class="page-item{% if page_obj.number == page %} active{% endif %}"><a class="page-link" href="?page={{ page }}">{{ page }}</a></li>
+ <li class="page-item{% if page_obj.number == page %} active{% endif %}"><a class="page-link" href="?page={{ page|urlencode:'' }}">{{ page }}</a></li>
{% endfor %}
</ul>
</div>
diff --git a/distro_tracker/core/templates/core/team-manage.html b/distro_tracker/core/templates/core/team-manage.html
index c61eb8b..4cf0f7b 100644
--- a/distro_tracker/core/templates/core/team-manage.html
+++ b/distro_tracker/core/templates/core/team-manage.html
@@ -31,7 +31,7 @@
<div class="text-xs-center">
<ul class="pagination">
{% for page in page_obj.paginator.page_range %}
- <li class="page-item{% if page_obj.number == page %} active{% endif %}"><a class="page-link" href="?page={{ page }}">{{ page }}</a></li>
+ <li class="page-item{% if page_obj.number == page %} active{% endif %}"><a class="page-link" href="?page={{ page|urlencode:'' }}">{{ page }}</a></li>
{% endfor %}
</ul>
</div>
diff --git a/distro_tracker/core/templates/core/team.html b/distro_tracker/core/templates/core/team.html
index 722e243..de338de 100644
--- a/distro_tracker/core/templates/core/team.html
+++ b/distro_tracker/core/templates/core/team.html
@@ -116,7 +116,7 @@
{% endif %}
{% if user_member_of_team %}
<div class="pull-xs-right">
- <a href="{% url 'dtracker-team-remove-package' team.slug %}?package={{ package }}"><span data-package="{{ package }}" class="remove-package-from-team-button">{% octicon 'trashcan' 'remove package from team' %}</span></a>
+ <a href="{% url 'dtracker-team-remove-package' team.slug %}?package={{ package|urlencode:'' }}"><span data-package="{{ package }}" class="remove-package-from-team-button">{% octicon 'trashcan' 'remove package from team' %}</span></a>
</div>
{% endif %}
</div>
diff --git a/distro_tracker/vendor/debian/tracker_panels.py b/distro_tracker/vendor/debian/tracker_panels.py
index 2d48fb6..9569969 100644
--- a/distro_tracker/vendor/debian/tracker_panels.py
+++ b/distro_tracker/vendor/debian/tracker_panels.py
@@ -15,7 +15,7 @@ from __future__ import unicode_literals
from django.core.urlresolvers import reverse
from django.utils.encoding import force_text
from django.utils.functional import cached_property
-from django.utils.http import urlencode, urlquote
+from django.utils.http import urlencode, urlquote, urlquote_plus
from django.utils.safestring import mark_safe
from distro_tracker.core.utils import get_or_none
@@ -80,7 +80,8 @@ class BuildLogCheckLinks(LinksPanel.ItemProvider):
has_checks = False
logcheck_url = \
"https://qa.debian.org/bls/packages/{hash}/{pkg}.html".format(
- hash=self.package.name[0], pkg=self.package.name)
+ hash=urlquote(self.package.name[0], safe=""),
+ pkg=urlquote(self.package.name, safe=""))
try:
infos = self.package.packageextractedinfo_set.get(
key='reproducibility')
@@ -91,7 +92,8 @@ class BuildLogCheckLinks(LinksPanel.ItemProvider):
reproducibility_status = None
reproducibility_url = \
"https://tests.reproducible-builds.org/debian/rb-pkg/{}.html"
- reproducibility_url = reproducibility_url.format(self.package.name)
+ reproducibility_url = reproducibility_url.format(
+ urlquote(self.package.name, safe=""))
return [
TemplatePanelItem('debian/logcheck-links.html', {
@@ -116,7 +118,8 @@ class PopconLink(LinksPanel.ItemProvider):
return [
LinksPanel.SimpleLinkItem(
'popcon',
- self.POPCON_URL.format(package=self.package.name))
+ self.POPCON_URL.format(
+ package=urlquote_plus(self.package.name)))
]
@@ -156,7 +159,8 @@ class SourceCodeSearchLinks(LinksPanel.ItemProvider):
links.append(LinksPanel.SimpleLinkItem(
'browse source code',
self.SOURCES_URL_TEMPLATE.format(
- package=self.package.name, suite=allowed_repo)))
+ package=urlquote(self.package.name, safe=""),
+ suite=urlquote(allowed_repo, safe=""))))
break
if 'unstable' in repositories:
@@ -186,7 +190,8 @@ class DebtagsLink(LinksPanel.ItemProvider):
LinksPanel.SimpleLinkItem(
'edit tags',
self.SOURCES_URL_TEMPLATE.format(
- package=self.package.name, maint=maintainer)
+ package=urlquote(self.package.name, safe=""),
+ maint=urlquote(maintainer, safe=""))
)
]
@@ -228,7 +233,8 @@ class ScreenshotsLink(LinksPanel.ItemProvider):
return [
LinksPanel.SimpleLinkItem(
'screenshots',
- self.SOURCES_URL_TEMPLATE.format(package=self.package.name)
+ self.SOURCES_URL_TEMPLATE.format(
+ package=urlquote(self.package.name, safe=""))
)
]
else:
--
2.14.1
Reply to: