haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-26 15:26:19 +00:00
Code Issues Releases Wiki Activity

Escape repo name and group name in messages

Browse Source
This commit is contained in:
zhengxie
2015-03-13 15:17:39 +08:00
parent c4d4331905
commit d22f307f1c
2 changed files with 32 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
seahub/share/views.py
View File

@@ -105,7 +105,7 @@ def share_to_group(request, repo, group, permission):
group_repo_ids = seafile_api.get_group_repoids(group.id)
if repo.id in group_repo_ids:
msg = _(u'"%(repo)s" is already in group %(group)s. <a href="%(href)s">View</a>') % {
'repo': repo.name, 'group': group.group_name,
'repo': escape(repo.name), 'group': escape(group.group_name),
'href': reverse('group_info', args=[group.id])}
messages.error(request, msg, extra_tags='safe')
return
@@ -125,7 +125,7 @@ def share_to_group(request, repo, group, permission):
messages.error(request, msg)
else:
msg = _(u'Shared to %(group)s successfully, go check it at <a href="%(share)s">Shares</a>.') % \
{'group': group_name, 'share': reverse('share_admin')}
{'group': escape(group_name), 'share': reverse('share_admin')}
messages.success(request, msg, extra_tags='safe')
def share_to_user(request, repo, to_user, permission):
@@ -257,7 +257,10 @@ def share_repo(request):
if not check_user_share_quota(username, repo, users=share_to_users,
groups=share_to_groups):
messages.error(request, _('Failed to share "%s", no enough quota. <a href="http://seafile.com/">Upgrade account.</a>') % repo.name, extra_tags='safe')
messages.error(request, _(
'Failed to share "%s", no enough quota. '
'<a href="http://seafile.com/">Upgrade account.</a>'
) % escape(repo.name), extra_tags='safe')
return HttpResponseRedirect(next)
for group in share_to_groups:

41
seahub/views/__init__.py
View File

@@ -16,9 +16,10 @@ from django.http import HttpResponse, HttpResponseBadRequest, Http404, \
HttpResponseRedirect
from django.shortcuts import render_to_response, redirect
from django.template import RequestContext
from django.utils.translation import ugettext as _
from django.utils import timezone
from django.utils.http import urlquote
from django.utils.html import escape
from django.utils.translation import ugettext as _
from django.views.decorators.http import condition
import seaserv
@@ -1371,10 +1372,13 @@ def repo_revert_file (request, repo_id):
return render_error(request, _(u"Invalid arguments"))
try:
ret = seafserv_threaded_rpc.revert_file (repo_id, commit_id,
path.encode('utf-8'), request.user.username)
except Exception, e:
return render_error(request, str(e))
ret = seafile_api.revert_file(repo_id, commit_id, path, request.user.username)
except Exception as e:
logger.error(e)
messages.error(request, _('Failed to restore, please try again later.'))
referer = request.META.get('HTTP_REFERER', None)
next = settings.SITE_ROOT if referer is None else referer
return HttpResponseRedirect(next)
else:
if from_page == 'repo_history':
# When revert file from repo history, we redirect to repo history
@@ -1389,12 +1393,12 @@ def repo_revert_file (request, repo_id):
if ret == 1:
root_url = reverse('repo', args=[repo_id]) + u'?p=/'
msg = _(u'Successfully revert %(path)s to <a href="%(root)s">root directory.</a>') % {"path":path.lstrip('/'), "root":root_url}
messages.add_message(request, messages.INFO, msg, extra_tags='safe')
msg = _(u'Successfully revert %(path)s to <a href="%(root)s">root directory.</a>') % {"path": escape(path.lstrip('/')), "root": root_url}
messages.success(request, msg, extra_tags='safe')
else:
file_view_url = reverse('repo_view_file', args=[repo_id]) + u'?p=' + urllib2.quote(path.encode('utf-8'))
msg = _(u'Successfully revert <a href="%(url)s">%(path)s</a>') % {"url":file_view_url, "path":path.lstrip('/')}
messages.add_message(request, messages.INFO, msg, extra_tags='safe')
msg = _(u'Successfully revert <a href="%(url)s">%(path)s</a>') % {"url": file_view_url, "path": escape(path.lstrip('/'))}
messages.success(request, msg, extra_tags='safe')
return HttpResponseRedirect(url)
@login_required
@@ -1415,10 +1419,13 @@ def repo_revert_dir (request, repo_id):
return render_error(request, _(u"Invalid arguments"))
try:
ret = seafserv_threaded_rpc.revert_dir (repo_id, commit_id,
path.encode('utf-8'), request.user.username)
except Exception, e:
return render_error(request, str(e))
ret = seafile_api.revert_dir(repo_id, commit_id, path, request.user.username)
except Exception as e:
logger.error(e)
messages.error(request, _('Failed to restore, please try again later.'))
referer = request.META.get('HTTP_REFERER', None)
next = settings.SITE_ROOT if referer is None else referer
return HttpResponseRedirect(next)
else:
if from_page == 'repo_history':
# When revert file from repo history, we redirect to repo history
@@ -1433,12 +1440,12 @@ def repo_revert_dir (request, repo_id):
if ret == 1:
root_url = reverse('repo', args=[repo_id]) + u'?p=/'
msg = _(u'Successfully revert %(path)s to <a href="%(url)s">root directory.</a>') % {"path":path.lstrip('/'), "url":root_url}
messages.add_message(request, messages.INFO, msg, extra_tags='safe')
msg = _(u'Successfully revert %(path)s to <a href="%(url)s">root directory.</a>') % {"path": escape(path.lstrip('/')), "url": root_url}
messages.success(request, msg, extra_tags='safe')
else:
dir_view_url = reverse('repo', args=[repo_id]) + u'?p=' + urllib2.quote(path.encode('utf-8'))
msg = _(u'Successfully revert <a href="%(url)s">%(path)s</a>') % {"url":dir_view_url, "path":path.lstrip('/')}
messages.add_message(request, messages.INFO, msg, extra_tags='safe')
msg = _(u'Successfully revert <a href="%(url)s">%(path)s</a>') % {"url": dir_view_url, "path": escape(path.lstrip('/'))}
messages.success(request, msg, extra_tags='safe')
return HttpResponseRedirect(url)
@login_required