X-Git-Url: https://git.openstreetmap.org./osqa.git/blobdiff_plain/483162a72bfe820b11db05c384c0fc6103d084cf..af2fa7143f68cc56b2c5053f2f079399bbba6885:/forum/utils/pagination.py diff --git a/forum/utils/pagination.py b/forum/utils/pagination.py index ca7c272..1d36b42 100644 --- a/forum/utils/pagination.py +++ b/forum/utils/pagination.py @@ -4,11 +4,21 @@ from django import template from django.core.paginator import Paginator, EmptyPage from django.utils.translation import ugettext as _ from django.http import Http404 +from django.utils.http import urlquote from django.utils.safestring import mark_safe -from django.utils.html import strip_tags - +from django.utils.html import strip_tags, escape +from forum.utils.html import sanitize_html import logging +def generate_uri(querydict, exclude=None): + all = [] + + for k, l in querydict.iterlists(): + if (not exclude) or (not k in exclude): + all += ["%s=%s" % (k, urlquote(strip_tags(v))) for v in l] + + return "&".join(all) + class SortBase(object): def __init__(self, label, description=''): self.label = label @@ -107,7 +117,7 @@ class PaginatorContext(object): def page(self, request): try: - return int(request.GET.get(self.PAGE, 1)) + return int(request.GET.get(self.PAGE, "1").strip()) except ValueError: logging.error('Found invalid page number "%s", loading %s, refered by %s' % ( request.GET.get(self.PAGE, ''), request.path, request.META.get('HTTP_REFERER', 'UNKNOWN') @@ -189,10 +199,10 @@ def _paginated(request, objects, context): base_path = context.base_path else: base_path = request.path - get_params = ["%s=%s" % (k, v) for k, v in request.GET.items() if not k in (context.PAGE, context.PAGESIZE, context.SORT)] + get_params = generate_uri(request.GET, (context.PAGE, context.PAGESIZE, context.SORT)) if get_params: - base_path += "?" + "&".join(get_params) + base_path += "?" + get_params url_joiner = "?" in base_path and "&" or "?" @@ -263,9 +273,9 @@ def _paginated(request, objects, context): if pagesize: def page_sizes(): if sort: - url_builder = lambda s: mark_safe("%s%s%s=%s&%s=%s" % (base_path, url_joiner, context.SORT, sort, context.PAGESIZE, s)) + url_builder = lambda s: mark_safe("%s%s%s=%s&%s=%s" % (escape(base_path), url_joiner, context.SORT, sort, context.PAGESIZE, s)) else: - url_builder = lambda s: mark_safe("%s%s%s=%s" % (base_path, url_joiner, context.PAGESIZE, s)) + url_builder = lambda s: mark_safe("%s%s%s=%s" % (escape(base_path), url_joiner, context.PAGESIZE, s)) sizes = [(s, url_builder(s)) for s in context.pagesizes] @@ -280,7 +290,7 @@ def _paginated(request, objects, context): if sort: def sort_tabs(): - url_builder = lambda s: mark_safe("%s%s%s=%s" % (base_path, url_joiner, context.SORT, s)) + url_builder = lambda s: mark_safe("%s%s%s=%s" % (escape(base_path), url_joiner, context.SORT, s)) sorts = [(n, s.label, url_builder(n), strip_tags(s.description)) for n, s in context.sort_methods.items()] for name, label, url, descr in sorts: @@ -300,4 +310,4 @@ def _paginated(request, objects, context): context.set_preferences(request, session_prefs) objects.paginator = paginator - return objects \ No newline at end of file + return objects