Skip to content
Snippets Groups Projects
Commit b1d60284 authored by Brian Moe's avatar Brian Moe
Browse files

Escape special chars in file URLs. Bug #974 

https://bugs.ligo.org/redmine/issues/974
parent 2bf395f1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
gracedb/api.py
+ 3
1
View file @ b1d60284
...@@ -5,6 +5,7 @@ from django.http import HttpResponseBadRequest, HttpResponseRedirect ...@@ -5,6 +5,7 @@ from django.http import HttpResponseBadRequest, HttpResponseRedirect
from django.core.urlresolvers import reverse as django_reverse from django.core.urlresolvers import reverse as django_reverse
from django.conf import settings from django.conf import settings
from django.utils.http import urlquote
import json import json
...@@ -720,8 +721,9 @@ def eventLogToDict(log, request=None): ...@@ -720,8 +721,9 @@ def eventLogToDict(log, request=None):
args=[log.event.graceid(), log.N], args=[log.event.graceid(), log.N],
request=request) request=request)
if log.filename: if log.filename:
filename = urlquote(log.filename)
file_uri = reverse("files", file_uri = reverse("files",
args=[log.event.graceid(), log.filename], args=[log.event.graceid(), filename],
request=request) request=request)
return { return {
......
templates/gracedb/event_detail.html
+ 5
5
View file @ b1d60284
...@@ -53,13 +53,13 @@ ...@@ -53,13 +53,13 @@
dc += ' <td> \n'; dc += ' <td> \n';
dc += ' <table class="figures"> \n'; dc += ' <table class="figures"> \n';
dc += ' <tr class="figrow"> \n'; dc += ' <tr class="figrow"> \n';
dc += ' <td> <a href="{{ log.fileurl }}" dojoType="dojox.image.LightboxNano"><img height="180" src="{{ log.fileurl }}"></a> \n'; dc += ' <td> <a href="{{ log.fileurl|urlencode }}" dojoType="dojox.image.LightboxNano"><img height="180" src="{{ log.fileurl|urlencode }}"></a> \n';
dc += ' </td> \n'; dc += ' </td> \n';
dc += ' </tr> \n'; dc += ' </tr> \n';
dc += ' <tr> \n'; dc += ' <tr> \n';
dc += ' <td> {{log.comment|sanitize|escapejs}} \n'; dc += ' <td> {{log.comment|sanitize|escapejs}} \n';
{% if log.fileurl %} {% if log.fileurl %}
dc += ' <a href="{{log.fileurl}}">{{log.filename}}.</a> \n'; dc += ' <a href="{{log.fileurl|urlencode}}">{{log.filename}}.</a> \n';
{% endif %} {% endif %}
dc += ' Submitted by {{log.issuer}} on {{log.created}} \n'; dc += ' Submitted by {{log.issuer}} on {{log.created}} \n';
dc += ' </td> \n'; dc += ' </td> \n';
...@@ -92,7 +92,7 @@ ...@@ -92,7 +92,7 @@
dc += ' <td>{{log.issuer.first_name}} {{log.issuer.last_name}}</td> \n'; dc += ' <td>{{log.issuer.first_name}} {{log.issuer.last_name}}</td> \n';
dc += ' <td>{{log.comment|sanitize|escapejs}} \n'; dc += ' <td>{{log.comment|sanitize|escapejs}} \n';
{% if log.fileurl %} {% if log.fileurl %}
dc += ' <a href="{{log.fileurl}}">{{log.filename}}</a> \n'; dc += ' <a href="{{log.fileurl|urlencode}}">{{log.filename}}</a> \n';
{% endif %} {% endif %}
dc += ' </td> \n'; dc += ' </td> \n';
dc += ' </tr> \n'; dc += ' </tr> \n';
...@@ -156,12 +156,12 @@ ...@@ -156,12 +156,12 @@
ret += ' {{log.comment|sanitize|escapejs}} \n'; ret += ' {{log.comment|sanitize|escapejs}} \n';
{% if log.fileurl %} {% if log.fileurl %}
ret += ' <a href="{{log.fileurl}}">{{log.filename}}</a> \n'; ret += ' <a href="{{log.fileurl|urlencode}}">{{log.filename}}</a> \n';
{% endif %} {% endif %}
ret += ' </td> \n'; ret += ' </td> \n';
ret += ' <td> \n'; ret += ' <td> \n';
{% if log.hasImage %} {% if log.hasImage %}
ret += ' <a href="{{ log.fileurl }}" dojoType="dojox.image.LightboxNano"><img height="60" src="{{ log.fileurl }}"></a> \n'; ret += ' <a href="{{ log.fileurl|urlencode }}" dojoType="dojox.image.LightboxNano"><img height="60" src="{{ log.fileurl|urlencode }}"></a> \n';
{% endif %} {% endif %}
ret += ' </td> \n'; ret += ' </td> \n';
ret += ' </tr> \n'; ret += ' </tr> \n';
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment