From 30acd5c81689545ba02dfa392b118f262f3511b8 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Sun, 12 Feb 2012 21:54:05 -0600 Subject: Protect urlencode calls against Unicode data These would cause page errors if passed anything not in the ASCII character set. This change allows for packages to have names composed of any Unicode characters, not just those in the ASCII set. Signed-off-by: Dan McGee --- packages/templatetags/package_extras.py | 7 +++++-- packages/urls.py | 2 +- packages/views/__init__.py | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) (limited to 'packages') diff --git a/packages/templatetags/package_extras.py b/packages/templatetags/package_extras.py index 25e943ff..5cc826ed 100644 --- a/packages/templatetags/package_extras.py +++ b/packages/templatetags/package_extras.py @@ -9,8 +9,11 @@ register = template.Library() -def link_encode(url, query, doseq=False): - data = urlencode(query, doseq).replace('&', '&') +def link_encode(url, query): + # massage the data into all utf-8 encoded strings first, so urlencode + # doesn't barf at the data we pass it + query = dict((k, unicode(v).encode('utf-8')) for k, v in query.items()) + data = urlencode(query).replace('&', '&') return "%s?%s" % (url, data) @register.filter diff --git a/packages/urls.py b/packages/urls.py index 6c616297..52b09d2c 100644 --- a/packages/urls.py +++ b/packages/urls.py @@ -28,7 +28,7 @@ (r'^stale_relations/$', 'stale_relations'), (r'^stale_relations/update/$','stale_relations_update'), - (r'^(?P[A-z0-9\-+.]+)/$', + (r'^(?P[^ /]+)/$', 'details'), (r'^(?P[A-z0-9\-]+)/(?P[^ /]+)/$', 'details'), diff --git a/packages/views/__init__.py b/packages/views/__init__.py index 63942474..8f22a8a1 100644 --- a/packages/views/__init__.py +++ b/packages/views/__init__.py @@ -142,7 +142,7 @@ def details(request, name='', repo='', arch=''): ('q', name), ] # only include non-blank values in the query we generate - pkg_data = [(x, y) for x, y in pkg_data if y] + pkg_data = [(x, y.encode('utf-8')) for x, y in pkg_data if y] return redirect("/packages/?%s" % urlencode(pkg_data)) def groups(request, arch=None): -- cgit v1.2.3-54-g00ecf From ef9d1c1ea2dce131ffd63730a5cd2df1744ff018 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Tue, 14 Feb 2012 10:32:01 -0600 Subject: Require message when flagging package out of date This is not a very high bar to meet, and should cut down on at least a few bogus or spam requests. Signed-off-by: Dan McGee --- packages/views/flag.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'packages') diff --git a/packages/views/flag.py b/packages/views/flag.py index 8879695c..c0990e8e 100644 --- a/packages/views/flag.py +++ b/packages/views/flag.py @@ -18,9 +18,9 @@ def flaghelp(request): return direct_to_template(request, 'packages/flaghelp.html') class FlagForm(forms.Form): - email = forms.EmailField(label='* E-mail Address') - message = forms.CharField(label='Message To Dev', - widget=forms.Textarea, required=False) + email = forms.EmailField(label='E-mail Address') + message = forms.CharField(label='Message To Developer', + widget=forms.Textarea) # The field below is used to filter out bots that blindly fill out all # input elements website = forms.CharField(label='', -- cgit v1.2.3-54-g00ecf