Sanitize page name

2024-11-22 14:13:21 +00:00 · 2017-02-24 04:36:36 +01:00 · 2017-02-24 04:36:36 +01:00 · d6b5db4a4b
commit d6b5db4a4b
parent 4d6c4314e2
2 changed files with 10 additions and 2 deletions
--- a/core/models.py
+++ b/core/models.py
@ -732,7 +732,15 @@ class Page(models.Model):
    Be careful with the _full_name attribute: this field may not be valid until you call save(). It's made for fast
    query, but don't rely on it when playing with a Page object, use get_full_name() instead!
    """
-    name = models.CharField(_('page name'), max_length=30, blank=False)
+    name = models.CharField(_('page unix name'), max_length=30,
            validators=[
                validators.RegexValidator(
                    r'^[\w.+-]+$',
                    _('Enter a valid page name. This value may contain only '
                      'letters, numbers ' 'and ./+/-/_ characters.')
                ),
            ],
            blank=False)
    parent = models.ForeignKey('self', related_name="children", verbose_name=_("parent"), null=True, blank=True, on_delete=models.SET_NULL)
    # Attention: this field may not be valid until you call save(). It's made for fast query, but don't rely on it when
    # playing with a Page object, use get_full_name() instead!
--- a/core/templates/core/page_list.jinja
+++ b/core/templates/core/page_list.jinja
@ -9,7 +9,7 @@
 <h3>{% trans %}Page list{% endtrans %}</h3>
 <ul>
    {% for p in page_list %}
-    <li><a href="{{ url('core:page', page_name=p.get_full_name()) }}">{{ p.get_display_name() }}</a></li>
+    <li><a href="{{ p.get_absolute_url() }}">{{ p.get_display_name() }}</a></li>
    {% endfor %}
 </ul>
 {% else %}