X-Git-Url: https://git.openstreetmap.org./osqa.git/blobdiff_plain/76d6665baae1d1485b99323cc4dd2836661295aa..cf523df2eb6e7b696c693e68b449a2c541bbaa67:/forum/utils/pagination.py diff --git a/forum/utils/pagination.py b/forum/utils/pagination.py index c36ad2f..d605d5f 100644 --- a/forum/utils/pagination.py +++ b/forum/utils/pagination.py @@ -3,11 +3,13 @@ from django.utils.datastructures import SortedDict from django import template from django.core.paginator import Paginator, EmptyPage from django.utils.translation import ugettext as _ +from django.utils.html import escape from django.http import Http404 +from django.utils.encoding import smart_unicode from django.utils.http import urlquote from django.utils.safestring import mark_safe -from django.utils.html import strip_tags - +from django.utils.html import strip_tags, escape +from forum.utils.html import sanitize_html import logging def generate_uri(querydict, exclude=None): @@ -15,7 +17,7 @@ def generate_uri(querydict, exclude=None): for k, l in querydict.iterlists(): if (not exclude) or (not k in exclude): - all += ["%s=%s" % (k, urlquote(v)) for v in l] + all += ["%s=%s" % (k, escape(strip_tags(v))) for v in l] return "&".join(all) @@ -33,7 +35,10 @@ class SimpleSort(SortBase): return isinstance(self.order_by, (list, tuple)) and self.order_by or [self.order_by] def apply(self, objects): - return objects.order_by(*self._get_order_by()) + if self.order_by: + return objects.order_by(*self._get_order_by()) + + return objects class PaginatorContext(object): visible_page_range = 5 @@ -204,14 +209,14 @@ def _paginated(request, objects, context): if get_params: base_path += "?" + get_params - url_joiner = "?" in base_path and "&" or "?" + url_joiner = "?" in base_path and "&" or "?" def get_page(): object_list = page_obj.object_list - if hasattr(object_list, 'lazy'): - return object_list.lazy() + #if hasattr(object_list, 'lazy'): + # return object_list.lazy() return object_list paginator.page = get_page() @@ -240,9 +245,9 @@ def _paginated(request, objects, context): page_numbers = [] if sort: - url_builder = lambda n: mark_safe("%s%s%s=%s&%s=%s" % (base_path, url_joiner, context.SORT, sort, context.PAGE, n)) + url_builder = lambda n: mark_safe("%s%s%s=%s&%s=%s" % (escape(base_path), url_joiner, context.SORT, sort, context.PAGE, n)) else: - url_builder = lambda n: mark_safe("%s%s%s=%s" % (base_path, url_joiner, context.PAGE, n)) + url_builder = lambda n: mark_safe("%s%s%s=%s" % (escape(base_path), url_joiner, context.PAGE, n)) if range_start > (context.outside_page_range + 1): page_numbers.append([(n, url_builder(n)) for n in range(1, context.outside_page_range + 1)]) @@ -273,9 +278,9 @@ def _paginated(request, objects, context): if pagesize: def page_sizes(): if sort: - url_builder = lambda s: mark_safe("%s%s%s=%s&%s=%s" % (base_path, url_joiner, context.SORT, sort, context.PAGESIZE, s)) + url_builder = lambda s: mark_safe("%s%s%s=%s&%s=%s" % (escape(base_path), url_joiner, context.SORT, sort, context.PAGESIZE, s)) else: - url_builder = lambda s: mark_safe("%s%s%s=%s" % (base_path, url_joiner, context.PAGESIZE, s)) + url_builder = lambda s: mark_safe("%s%s%s=%s" % (escape(base_path), url_joiner, context.PAGESIZE, s)) sizes = [(s, url_builder(s)) for s in context.pagesizes] @@ -290,11 +295,11 @@ def _paginated(request, objects, context): if sort: def sort_tabs(): - url_builder = lambda s: mark_safe("%s%s%s=%s" % (base_path, url_joiner, context.SORT, s)) + url_builder = lambda s: mark_safe("%s%s%s=%s" % (escape(base_path), url_joiner, context.SORT, s)) sorts = [(n, s.label, url_builder(n), strip_tags(s.description)) for n, s in context.sort_methods.items()] for name, label, url, descr in sorts: - paginator.__dict__['%s_sort_link' % name] = url + paginator.__dict__['%s_sort_link' % name] = smart_unicode(url) return sort_tabs_template.render(template.Context({ 'current': sort, @@ -310,4 +315,4 @@ def _paginated(request, objects, context): context.set_preferences(request, session_prefs) objects.paginator = paginator - return objects \ No newline at end of file + return objects