Commit 355a51d2 authored by Théo Labetowiez's avatar Théo Labetowiez

core: fix special caracter in user and forum search

parent bf06aea6
Pipeline #1748 passed with stage
in 15 minutes and 50 seconds
......@@ -26,6 +26,7 @@ from django.shortcuts import render, redirect
from django.http import JsonResponse
from django.core import serializers
from django.contrib.auth.decorators import login_required
from django.utils import html
from django.views.generic import ListView, TemplateView
from django.conf import settings
......@@ -71,10 +72,11 @@ def notification(request, notif_id):
def search_user(query, as_json=False):
if query == "" or query.isspace():
try:
res = SearchQuerySet().models(User).autocomplete(auto=html.escape(query))[:20]
return [r.object for r in res]
except TypeError:
return []
res = SearchQuerySet().models(User).autocomplete(auto=query)[:20]
return [r.object for r in res]
def search_club(query, as_json=False):
......
......@@ -29,7 +29,7 @@ from django.views.generic.edit import UpdateView, CreateView, DeleteView
from django.views.generic.detail import SingleObjectMixin
from django.utils.translation import ugettext_lazy as _
from django.core.urlresolvers import reverse_lazy
from django.utils import timezone
from django.utils import timezone, html
from django.conf import settings
from django import forms
from django.core.exceptions import PermissionDenied
......@@ -56,11 +56,15 @@ class ForumSearchView(ListView):
query = self.request.GET.get("query", "")
order_by = self.request.GET.get("order", "")
if query == "" or query.isspace():
try:
queryset = (
RelatedSearchQuerySet()
.models(ForumMessage)
.autocomplete(auto=html.escape(query))
)
except TypeError:
return []
queryset = RelatedSearchQuerySet().models(ForumMessage).autocomplete(auto=query)
if order_by == "date":
queryset = queryset.order_by("-date")
......@@ -85,7 +89,6 @@ class ForumSearchView(ListView):
):
resp.append(r.object)
count += 1
return resp
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment