klmp200
/
Sith
mirror of https://github.com/ae-utbm/sith3.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

core: fix special caracter in user and forum search

This commit is contained in:
Cyl 2019-05-09 19:51:55 +02:00
parent bf06aea680
commit 355a51d2ce
2 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/views/site.py
View File

@ -26,6 +26,7 @@ from django.shortcuts import render, redirect
from django.http import JsonResponse
from django.core import serializers
from django.contrib.auth.decorators import login_required
from django.utils import html
from django.views.generic import ListView, TemplateView
from django.conf import settings
@ -71,10 +72,11 @@ def notification(request, notif_id):
def search_user(query, as_json=False):
if query == "" or query.isspace():
return []
res = SearchQuerySet().models(User).autocomplete(auto=query)[:20]
try:
res = SearchQuerySet().models(User).autocomplete(auto=html.escape(query))[:20]
return [r.object for r in res]
except TypeError:
return []
def search_club(query, as_json=False):

13
forum/views.py
View File

@ -29,7 +29,7 @@ from django.views.generic.edit import UpdateView, CreateView, DeleteView
from django.views.generic.detail import SingleObjectMixin
from django.utils.translation import ugettext_lazy as _
from django.core.urlresolvers import reverse_lazy
from django.utils import timezone
from django.utils import timezone, html
from django.conf import settings
from django import forms
from django.core.exceptions import PermissionDenied
@ -56,11 +56,15 @@ class ForumSearchView(ListView):
query = self.request.GET.get("query", "")
order_by = self.request.GET.get("order", "")
if query == "" or query.isspace():
try:
queryset = (
RelatedSearchQuerySet()
.models(ForumMessage)
.autocomplete(auto=html.escape(query))
)
except TypeError:
return []
queryset = RelatedSearchQuerySet().models(ForumMessage).autocomplete(auto=query)
if order_by == "date":
queryset = queryset.order_by("-date")
@ -85,7 +89,6 @@ class ForumSearchView(ListView):
):
resp.append(r.object)
count += 1
return resp