From b1d6028416836f26110c52c6df874415e0c6c595 Mon Sep 17 00:00:00 2001
From: Brian Moe <brian.moe@ligo.org>
Date: Wed, 24 Jul 2013 14:24:48 -0500
Subject: [PATCH] Escape special chars in file URLs. Bug #974
https://bugs.ligo.org/redmine/issues/974
---
gracedb/api.py | 4 +++-
templates/gracedb/event_detail.html | 10 +++++-----
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/gracedb/api.py b/gracedb/api.py
index 014d73e47..965e5d71e 100644
--- a/gracedb/api.py
+++ b/gracedb/api.py
@@ -5,6 +5,7 @@ from django.http import HttpResponseBadRequest, HttpResponseRedirect
from django.core.urlresolvers import reverse as django_reverse
from django.conf import settings
+from django.utils.http import urlquote
import json
@@ -720,8 +721,9 @@ def eventLogToDict(log, request=None):
args=[log.event.graceid(), log.N],
request=request)
if log.filename:
+ filename = urlquote(log.filename)
file_uri = reverse("files",
- args=[log.event.graceid(), log.filename],
+ args=[log.event.graceid(), filename],
request=request)
return {
diff --git a/templates/gracedb/event_detail.html b/templates/gracedb/event_detail.html
index 8e6dee693..3338a1771 100644
--- a/templates/gracedb/event_detail.html
+++ b/templates/gracedb/event_detail.html
@@ -53,13 +53,13 @@
dc += ' <td> \n';
dc += ' <table class="figures"> \n';
dc += ' <tr class="figrow"> \n';
- dc += ' <td> <a href="{{ log.fileurl }}" dojoType="dojox.image.LightboxNano"><img height="180" src="{{ log.fileurl }}"></a> \n';
+ dc += ' <td> <a href="{{ log.fileurl|urlencode }}" dojoType="dojox.image.LightboxNano"><img height="180" src="{{ log.fileurl|urlencode }}"></a> \n';
dc += ' </td> \n';
dc += ' </tr> \n';
dc += ' <tr> \n';
dc += ' <td> {{log.comment|sanitize|escapejs}} \n';
{% if log.fileurl %}
- dc += ' <a href="{{log.fileurl}}">{{log.filename}}.</a> \n';
+ dc += ' <a href="{{log.fileurl|urlencode}}">{{log.filename}}.</a> \n';
{% endif %}
dc += ' Submitted by {{log.issuer}} on {{log.created}} \n';
dc += ' </td> \n';
@@ -92,7 +92,7 @@
dc += ' <td>{{log.issuer.first_name}} {{log.issuer.last_name}}</td> \n';
dc += ' <td>{{log.comment|sanitize|escapejs}} \n';
{% if log.fileurl %}
- dc += ' <a href="{{log.fileurl}}">{{log.filename}}</a> \n';
+ dc += ' <a href="{{log.fileurl|urlencode}}">{{log.filename}}</a> \n';
{% endif %}
dc += ' </td> \n';
dc += ' </tr> \n';
@@ -156,12 +156,12 @@
ret += ' {{log.comment|sanitize|escapejs}} \n';
{% if log.fileurl %}
- ret += ' <a href="{{log.fileurl}}">{{log.filename}}</a> \n';
+ ret += ' <a href="{{log.fileurl|urlencode}}">{{log.filename}}</a> \n';
{% endif %}
ret += ' </td> \n';
ret += ' <td> \n';
{% if log.hasImage %}
- ret += ' <a href="{{ log.fileurl }}" dojoType="dojox.image.LightboxNano"><img height="60" src="{{ log.fileurl }}"></a> \n';
+ ret += ' <a href="{{ log.fileurl|urlencode }}" dojoType="dojox.image.LightboxNano"><img height="60" src="{{ log.fileurl|urlencode }}"></a> \n';
{% endif %}
ret += ' </td> \n';
ret += ' </tr> \n';
--
GitLab