diff --git a/core/views/site.py b/core/views/site.py index 133f1647..05e85d9a 100644 --- a/core/views/site.py +++ b/core/views/site.py @@ -26,6 +26,7 @@ from django.shortcuts import render, redirect from django.http import JsonResponse from django.core import serializers from django.contrib.auth.decorators import login_required +from django.utils import html from django.views.generic import ListView, TemplateView from django.conf import settings @@ -71,10 +72,11 @@ def notification(request, notif_id): def search_user(query, as_json=False): - if query == "" or query.isspace(): + try: + res = SearchQuerySet().models(User).autocomplete(auto=html.escape(query))[:20] + return [r.object for r in res] + except TypeError: return [] - res = SearchQuerySet().models(User).autocomplete(auto=query)[:20] - return [r.object for r in res] def search_club(query, as_json=False): diff --git a/forum/views.py b/forum/views.py index a89a547d..5ffdfea8 100644 --- a/forum/views.py +++ b/forum/views.py @@ -29,7 +29,7 @@ from django.views.generic.edit import UpdateView, CreateView, DeleteView from django.views.generic.detail import SingleObjectMixin from django.utils.translation import ugettext_lazy as _ from django.core.urlresolvers import reverse_lazy -from django.utils import timezone +from django.utils import timezone, html from django.conf import settings from django import forms from django.core.exceptions import PermissionDenied @@ -56,11 +56,15 @@ class ForumSearchView(ListView): query = self.request.GET.get("query", "") order_by = self.request.GET.get("order", "") - if query == "" or query.isspace(): + try: + queryset = ( + RelatedSearchQuerySet() + .models(ForumMessage) + .autocomplete(auto=html.escape(query)) + ) + except TypeError: return [] - queryset = RelatedSearchQuerySet().models(ForumMessage).autocomplete(auto=query) - if order_by == "date": queryset = queryset.order_by("-date") @@ -85,7 +89,6 @@ class ForumSearchView(ListView): ): resp.append(r.object) count += 1 - return resp