changeset 893:298fbe562060

blog: escape "&" when encoding URL, so they can be used without escaping in the HTML template fix bug 129
author Goffi <goffi@goffi.org>
date Sun, 20 Mar 2016 20:06:28 +0100
parents bf2af257e18b
children e4e278255c9a
files src/server/blog.py
diffstat 1 files changed, 10 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/server/blog.py	Sun Mar 20 18:51:55 2016 +0100
+++ b/src/server/blog.py	Sun Mar 20 20:06:28 2016 +0100
@@ -84,6 +84,12 @@
     return urllib.unquote(quoted_value).decode('utf-8')
 
 
+def _urlencode(query):
+    """Same as urllib.urlencode, but use '&amp;' instead of '&'"""
+    return u'&amp;'.join([u"{}={}".format(urllib.quote_plus(unicode(k)), urllib.quote_plus(unicode(v)))
+                          for k,v in query.iteritems()])
+
+
 class TemplateProcessor(object):
 
     THEME = 'default'
@@ -589,7 +595,7 @@
 
         avatar = os.path.normpath('/{}'.format(getOption('avatar')))
         title = getOption(C.STATIC_BLOG_PARAM_TITLE) or user
-        query_data = urllib.urlencode(getDefaultQueryData(request)).decode('utf-8')
+        query_data = _urlencode(getDefaultQueryData(request)).decode('utf-8')
 
         xmpp_uri = metadata['uri']
         if len(items) == 1:
@@ -694,7 +700,7 @@
             if request.display_single:
                 query_data['max'] = 1
 
-            link = "{}?{}".format(base_url, urllib.urlencode(query_data))
+            link = "{}?{}".format(base_url, _urlencode(query_data))
             setattr(self, key, BlogLink(link, key, key.replace('_', ' ')))
 
 
@@ -743,7 +749,7 @@
             self.url = "{}/{}".format(base_url, _quote(entry['id']))
             query_data = getDefaultQueryData(request)
             if query_data:
-                self.url += '?{}'.format(urllib.urlencode(query_data))
+                self.url += '?{}'.format(_urlencode(query_data))
             self.title = self.getText(entry, 'title')
             self.tags = [sanitizeHtml(tag) for tag in common.dict2iter('tag', entry)]
 
@@ -753,7 +759,7 @@
 
             delta = comments_count - len(comments)
             if request.display_single and delta > 0:
-                prev_url = "{}?{}".format(self.url, urllib.urlencode({'comments_max': comments_count}))
+                prev_url = "{}?{}".format(self.url, _urlencode({'comments_max': comments_count}))
                 prev_text = D_(u"show {count} previous {comments}").format(
                     count = delta, comments = count_text(delta))
                 self.all_comments_link = BlogLink(prev_url, "comments_link", prev_text)