From bf06aea68008129cf2e730c6004ce00223fe4509 Mon Sep 17 00:00:00 2001 From: Cyl Date: Mon, 6 May 2019 20:11:49 +0200 Subject: [PATCH 1/2] core: fix whitespaces in user and forum search --- core/views/site.py | 2 +- forum/views.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core/views/site.py b/core/views/site.py index 3b75cdde..133f1647 100644 --- a/core/views/site.py +++ b/core/views/site.py @@ -71,7 +71,7 @@ def notification(request, notif_id): def search_user(query, as_json=False): - if query == "": + if query == "" or query.isspace(): return [] res = SearchQuerySet().models(User).autocomplete(auto=query)[:20] return [r.object for r in res] diff --git a/forum/views.py b/forum/views.py index 030f39ec..a89a547d 100644 --- a/forum/views.py +++ b/forum/views.py @@ -56,7 +56,7 @@ class ForumSearchView(ListView): query = self.request.GET.get("query", "") order_by = self.request.GET.get("order", "") - if query == "": + if query == "" or query.isspace(): return [] queryset = RelatedSearchQuerySet().models(ForumMessage).autocomplete(auto=query) From 355a51d2cecd806a8b008153f53f3050233e6e31 Mon Sep 17 00:00:00 2001 From: Cyl Date: Thu, 9 May 2019 19:51:55 +0200 Subject: [PATCH 2/2] core: fix special caracter in user and forum search --- core/views/site.py | 8 +++++--- forum/views.py | 13 ++++++++----- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/core/views/site.py b/core/views/site.py index 133f1647..05e85d9a 100644 --- a/core/views/site.py +++ b/core/views/site.py @@ -26,6 +26,7 @@ from django.shortcuts import render, redirect from django.http import JsonResponse from django.core import serializers from django.contrib.auth.decorators import login_required +from django.utils import html from django.views.generic import ListView, TemplateView from django.conf import settings @@ -71,10 +72,11 @@ def notification(request, notif_id): def search_user(query, as_json=False): - if query == "" or query.isspace(): + try: + res = SearchQuerySet().models(User).autocomplete(auto=html.escape(query))[:20] + return [r.object for r in res] + except TypeError: return [] - res = SearchQuerySet().models(User).autocomplete(auto=query)[:20] - return [r.object for r in res] def search_club(query, as_json=False): diff --git a/forum/views.py b/forum/views.py index a89a547d..5ffdfea8 100644 --- a/forum/views.py +++ b/forum/views.py @@ -29,7 +29,7 @@ from django.views.generic.edit import UpdateView, CreateView, DeleteView from django.views.generic.detail import SingleObjectMixin from django.utils.translation import ugettext_lazy as _ from django.core.urlresolvers import reverse_lazy -from django.utils import timezone +from django.utils import timezone, html from django.conf import settings from django import forms from django.core.exceptions import PermissionDenied @@ -56,11 +56,15 @@ class ForumSearchView(ListView): query = self.request.GET.get("query", "") order_by = self.request.GET.get("order", "") - if query == "" or query.isspace(): + try: + queryset = ( + RelatedSearchQuerySet() + .models(ForumMessage) + .autocomplete(auto=html.escape(query)) + ) + except TypeError: return [] - queryset = RelatedSearchQuerySet().models(ForumMessage).autocomplete(auto=query) - if order_by == "date": queryset = queryset.order_by("-date") @@ -85,7 +89,6 @@ class ForumSearchView(ListView): ): resp.append(r.object) count += 1 - return resp