diff --git a/seahub/share/views.py b/seahub/share/views.py
index 6e50a42a8e..e40bceae0b 100644
--- a/seahub/share/views.py
+++ b/seahub/share/views.py
@@ -105,7 +105,7 @@ def share_to_group(request, repo, group, permission):
group_repo_ids = seafile_api.get_group_repoids(group.id)
if repo.id in group_repo_ids:
msg = _(u'"%(repo)s" is already in group %(group)s. View') % {
- 'repo': repo.name, 'group': group.group_name,
+ 'repo': escape(repo.name), 'group': escape(group.group_name),
'href': reverse('group_info', args=[group.id])}
messages.error(request, msg, extra_tags='safe')
return
@@ -125,7 +125,7 @@ def share_to_group(request, repo, group, permission):
messages.error(request, msg)
else:
msg = _(u'Shared to %(group)s successfully, go check it at Shares.') % \
- {'group': group_name, 'share': reverse('share_admin')}
+ {'group': escape(group_name), 'share': reverse('share_admin')}
messages.success(request, msg, extra_tags='safe')
def share_to_user(request, repo, to_user, permission):
@@ -257,7 +257,10 @@ def share_repo(request):
if not check_user_share_quota(username, repo, users=share_to_users,
groups=share_to_groups):
- messages.error(request, _('Failed to share "%s", no enough quota. Upgrade account.') % repo.name, extra_tags='safe')
+ messages.error(request, _(
+ 'Failed to share "%s", no enough quota. '
+ 'Upgrade account.'
+ ) % escape(repo.name), extra_tags='safe')
return HttpResponseRedirect(next)
for group in share_to_groups:
diff --git a/seahub/views/__init__.py b/seahub/views/__init__.py
index 205a435498..3fbbdbf0c8 100644
--- a/seahub/views/__init__.py
+++ b/seahub/views/__init__.py
@@ -16,9 +16,10 @@ from django.http import HttpResponse, HttpResponseBadRequest, Http404, \
HttpResponseRedirect
from django.shortcuts import render_to_response, redirect
from django.template import RequestContext
-from django.utils.translation import ugettext as _
from django.utils import timezone
from django.utils.http import urlquote
+from django.utils.html import escape
+from django.utils.translation import ugettext as _
from django.views.decorators.http import condition
import seaserv
@@ -1354,7 +1355,7 @@ def render_file_revisions (request, repo_id):
}, context_instance=RequestContext(request))
@login_required
-def repo_revert_file (request, repo_id):
+def repo_revert_file(request, repo_id):
repo = get_repo(repo_id)
if not repo:
raise Http404
@@ -1371,10 +1372,13 @@ def repo_revert_file (request, repo_id):
return render_error(request, _(u"Invalid arguments"))
try:
- ret = seafserv_threaded_rpc.revert_file (repo_id, commit_id,
- path.encode('utf-8'), request.user.username)
- except Exception, e:
- return render_error(request, str(e))
+ ret = seafile_api.revert_file(repo_id, commit_id, path, request.user.username)
+ except Exception as e:
+ logger.error(e)
+ messages.error(request, _('Failed to restore, please try again later.'))
+ referer = request.META.get('HTTP_REFERER', None)
+ next = settings.SITE_ROOT if referer is None else referer
+ return HttpResponseRedirect(next)
else:
if from_page == 'repo_history':
# When revert file from repo history, we redirect to repo history
@@ -1389,16 +1393,16 @@ def repo_revert_file (request, repo_id):
if ret == 1:
root_url = reverse('repo', args=[repo_id]) + u'?p=/'
- msg = _(u'Successfully revert %(path)s to root directory.') % {"path":path.lstrip('/'), "root":root_url}
- messages.add_message(request, messages.INFO, msg, extra_tags='safe')
+ msg = _(u'Successfully revert %(path)s to root directory.') % {"path": escape(path.lstrip('/')), "root": root_url}
+ messages.success(request, msg, extra_tags='safe')
else:
file_view_url = reverse('repo_view_file', args=[repo_id]) + u'?p=' + urllib2.quote(path.encode('utf-8'))
- msg = _(u'Successfully revert %(path)s') % {"url":file_view_url, "path":path.lstrip('/')}
- messages.add_message(request, messages.INFO, msg, extra_tags='safe')
+ msg = _(u'Successfully revert %(path)s') % {"url": file_view_url, "path": escape(path.lstrip('/'))}
+ messages.success(request, msg, extra_tags='safe')
return HttpResponseRedirect(url)
@login_required
-def repo_revert_dir (request, repo_id):
+def repo_revert_dir(request, repo_id):
repo = get_repo(repo_id)
if not repo:
raise Http404
@@ -1415,10 +1419,13 @@ def repo_revert_dir (request, repo_id):
return render_error(request, _(u"Invalid arguments"))
try:
- ret = seafserv_threaded_rpc.revert_dir (repo_id, commit_id,
- path.encode('utf-8'), request.user.username)
- except Exception, e:
- return render_error(request, str(e))
+ ret = seafile_api.revert_dir(repo_id, commit_id, path, request.user.username)
+ except Exception as e:
+ logger.error(e)
+ messages.error(request, _('Failed to restore, please try again later.'))
+ referer = request.META.get('HTTP_REFERER', None)
+ next = settings.SITE_ROOT if referer is None else referer
+ return HttpResponseRedirect(next)
else:
if from_page == 'repo_history':
# When revert file from repo history, we redirect to repo history
@@ -1433,12 +1440,12 @@ def repo_revert_dir (request, repo_id):
if ret == 1:
root_url = reverse('repo', args=[repo_id]) + u'?p=/'
- msg = _(u'Successfully revert %(path)s to root directory.') % {"path":path.lstrip('/'), "url":root_url}
- messages.add_message(request, messages.INFO, msg, extra_tags='safe')
+ msg = _(u'Successfully revert %(path)s to root directory.') % {"path": escape(path.lstrip('/')), "url": root_url}
+ messages.success(request, msg, extra_tags='safe')
else:
dir_view_url = reverse('repo', args=[repo_id]) + u'?p=' + urllib2.quote(path.encode('utf-8'))
- msg = _(u'Successfully revert %(path)s') % {"url":dir_view_url, "path":path.lstrip('/')}
- messages.add_message(request, messages.INFO, msg, extra_tags='safe')
+ msg = _(u'Successfully revert %(path)s') % {"url": dir_view_url, "path": escape(path.lstrip('/'))}
+ messages.success(request, msg, extra_tags='safe')
return HttpResponseRedirect(url)
@login_required