Merge branch 'issue-331' into 'master'

Encode url params in store #331 See merge request !250

Merge branch 'issue-331' into 'master'
Encode url params in store #331 See merge request !250
542bbd0a · Bach Dániel · 69fb6219 · 938f05dc · 542bbd0a · 542bbd0a
Commit 542bbd0a authored Oct 20, 2014 by Bach Dániel
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 20 deletions

circle/dashboard/templates/dashboard/store/_list-box.html
+16 -16

circle/dashboard/views/store.py
+5 -4

No files found.
--- a/circle/dashboard/templates/dashboard/store/_list-box.html
+++ b/circle/dashboard/templates/dashboard/store/_list-box.html
@@ -4,23 +4,23 @@
  <div class="list-group-item">
    <div class="row">
      <div class="col-sm-6">
-        <a href="{% url "dashboard.views.store-upload"%}?directory={{ current }}"
+        <a href="{% url "dashboard.views.store-upload"%}?directory={{ current|urlencode }}"
          class="btn btn-info btn-xs js-hidden">
          {% trans "Upload" %}
        </a>
-        <form action="" data-action="{% url "dashboard.views.store-upload-url" %}" 
+        <form action="" data-action="{% url "dashboard.views.store-upload-url" %}"
          method="POST" enctype="multipart/form-data" class="no-js-hidden"
          id="store-upload-form">
          {% csrf_token %}
-          <input type="hidden" name="current_dir" value="{{ current }}"/>
+          <input type="hidden" name="current_dir" value="{{ current|urlencode }}"/>
          <input type="hidden" name="next" value="{{ next_url }}"/>
          <div class="input-group" style="max-width: 350px;">
            <span class="input-group-btn" id="store-upload-browse">
              <span class="btn btn-primary btn-xs">
                {% trans "Browse..." %}
-              </span>     
+              </span>
            </span>
-            <input type="text" class="form-control input-tags" 
+            <input type="text" class="form-control input-tags"
             id="store-upload-filename"/>
            <span class="input-group-btn">
              <button type="submit" class="btn btn-primary btn-xs" disabled>
@@ -33,13 +33,13 @@
      </div><!-- .col-sm-6 upload -->

      <div class="col-sm-6">
-        <a href="{% url "dashboard.views.store-remove" %}?path={{ current }}" 
-          class="btn btn-danger btn-xs pull-right store-action-button" 
+        <a href="{% url "dashboard.views.store-remove" %}?path={{ current|urlencode }}"
+          class="btn btn-danger btn-xs pull-right store-action-button"
          title="{% trans "Remove directory" %}">
          <i class="fa fa-times"></i>
        </a>
-        <a href="{% url "dashboard.views.store-download" %}?path={{ current }}" 
-          class="btn btn-primary btn-xs pull-right store-action-button" 
+        <a href="{% url "dashboard.views.store-download" %}?path={{ current|urlencode }}"
+          class="btn btn-primary btn-xs pull-right store-action-button"
          title="{% trans "Download directory" %}">
          <i class="fa fa-cloud-download"></i>
        </a>
@@ -51,7 +51,7 @@
            <span class="input-group-addon input-tags" title="{% trans "New directory" %}">
              <i class="fa fa-folder-open"></i>
            </span>
-            <input type="text" class="form-control input-tags" name="name" 
+            <input type="text" class="form-control input-tags" name="name"
             placeholder="{% trans "Name "%}" required/>
            <span class="input-group-btn">
              <input type="submit" class="btn btn-success btn-xs" value="{% trans "Create" %}"/>
@@ -64,7 +64,7 @@
 </div><!-- .list-group -->

 <div class="list-group" id="store-list-list">
-  <a href="{% url "dashboard.views.store-list" %}?directory={{ up_url }}" 
+  <a href="{% url "dashboard.views.store-list" %}?directory={{ up_url|urlencode }}"
    class="list-group-item store-list-item" data-item-type="D">
    {% if current == "/" %}
      <div class="store-list-item-icon">
@@ -85,8 +85,8 @@

  {% for f in root %}
  <a class="list-group-item store-list-item" data-item-type="{{ f.TYPE }}"
-    href="{% if f.TYPE == "D" %}{% url "dashboard.views.store-list" %}?directory={{ f.path }}{% else %}
-    {% url "dashboard.views.store-download" %}?path={{ f.path }}{% endif %}"
+    href="{% if f.TYPE == "D" %}{% url "dashboard.views.store-list" %}?directory={{ f.path|urlencode }}{% else %}
+    {% url "dashboard.views.store-download" %}?path={{ f.path|urlencode }}{% endif %}"
    >
    <div class="store-list-item-icon">
      <i class="
@@ -101,7 +101,7 @@
        <span class="badge badge-pulse">{% trans "new" %}</span>
      {% endif %}
    </div>
-    
+
    <div class="store-list-item-size">
      {{ f.human_readable_size }}
    </div>
@@ -122,12 +122,12 @@
        </dl>
      </div>
      <div class="col-sm-2" style="text-align: right;">
-        <a href="{% url "dashboard.views.store-download" %}?path={{ f.path }}" 
+        <a href="{% url "dashboard.views.store-download" %}?path={{ f.path|urlencode }}"
          class="btn btn-primary btn-sm store-download-button">
          <i class="fa fa-download"></i>
          {% trans "Download" %}
        </a>
-        <a href="{% url "dashboard.views.store-remove" %}?path={{ f.path }}" 
+        <a href="{% url "dashboard.views.store-remove" %}?path={{ f.path|urlencode }}"
          class="btn btn-danger btn-xs store-remove-button">
          <i class="fa fa-times"></i>
          {% trans "Remove" %}

--- a/circle/dashboard/views/store.py
+++ b/circle/dashboard/views/store.py
@@ -23,6 +23,7 @@ from os.path import join, normpath, dirname, basename
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required
+from django.template.defaultfilters import urlencode
 from django.core.cache import get_cache
 from django.core.exceptions import SuspiciousOperation
 from django.core.urlresolvers import reverse
@@ -55,7 +56,7 @@ class StoreList(LoginRequiredMixin, TemplateView):
        context['current'] = directory
        context['next_url'] = "%s%s?directory=%s" % (
            settings.DJANGO_URL.rstrip("/"),
-            reverse("dashboard.views.store-list"), directory)
+            reverse("dashboard.views.store-list"), urlencode(directory))
        return context

    def get(self, *args, **kwargs):
@@ -112,7 +113,7 @@ def store_upload(request):

    next_url = "%s%s?directory=%s" % (
        settings.DJANGO_URL.rstrip("/"),
-        reverse("dashboard.views.store-list"), directory)
+        reverse("dashboard.views.store-list"), urlencode(directory))

    return render(request, "dashboard/store/upload.html",
                  {'directory': directory, 'action': action,
@@ -168,7 +169,7 @@ class StoreRemove(LoginRequiredMixin, TemplateView):

        return redirect("%s?directory=%s" % (
            reverse("dashboard.views.store-list"),
-            dirname(dirname(path)),
+            urlencode(dirname(dirname(path))),
        ))


@@ -185,7 +186,7 @@ def store_new_directory(request):
                         name, path, unicode(request.user))
        messages.error(request, _("Unable to create folder."))
    return redirect("%s?directory=%s" % (
-        reverse("dashboard.views.store-list"), path))
+        reverse("dashboard.views.store-list"), urlencode(path)))


 @require_POST