mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-24 18:24:31 +01:00
remove the double escaping.
Now the escaping is done by in the templates. We need to remove the previous escaping done by hand in the code. Otherwise, we end-up with double escaping and funky displaying of fields.
This commit is contained in:
parent
0cf5483785
commit
bbafafae60
@ -34,10 +34,8 @@ from mako import exceptions
|
|||||||
if sys.version < '3':
|
if sys.version < '3':
|
||||||
from sets import Set as set
|
from sets import Set as set
|
||||||
from urllib import quote_plus
|
from urllib import quote_plus
|
||||||
from cgi import escape as html_escape
|
|
||||||
else:
|
else:
|
||||||
from urllib.parse import quote_plus
|
from urllib.parse import quote_plus
|
||||||
from html import escape as html_escape
|
|
||||||
|
|
||||||
SESSION_KEY = '_cp_username'
|
SESSION_KEY = '_cp_username'
|
||||||
|
|
||||||
@ -62,36 +60,6 @@ class LdapCherry(object):
|
|||||||
traceback=True
|
traceback=True
|
||||||
)
|
)
|
||||||
|
|
||||||
def _escape_list(self, data):
|
|
||||||
ret = []
|
|
||||||
for i in data:
|
|
||||||
ret.append(html_escape(i, True))
|
|
||||||
return ret
|
|
||||||
|
|
||||||
def _escape_dict(self, data):
|
|
||||||
for d in data:
|
|
||||||
if isinstance(data[d], list):
|
|
||||||
data[d] = self._escape_list(data[d])
|
|
||||||
elif isinstance(data[d], dict):
|
|
||||||
data[d] = self._escape_dict(data[d])
|
|
||||||
elif isinstance(data[d], set):
|
|
||||||
data[d] = set(self._escape_list(data[d]))
|
|
||||||
else:
|
|
||||||
data[d] = html_escape(data[d], True)
|
|
||||||
return data
|
|
||||||
|
|
||||||
def _escape(self, data, dtype):
|
|
||||||
if data is None:
|
|
||||||
return None
|
|
||||||
elif dtype == 'search_list':
|
|
||||||
for d in data:
|
|
||||||
data[d] = self._escape_dict(data[d])
|
|
||||||
elif dtype == 'attr_list':
|
|
||||||
data = self._escape_dict(data)
|
|
||||||
elif dtype == 'lonely_groups':
|
|
||||||
data = self._escape_dict(data)
|
|
||||||
return data
|
|
||||||
|
|
||||||
def _get_param(self, section, key, config, default=None):
|
def _get_param(self, section, key, config, default=None):
|
||||||
""" Get configuration parameter "key" from config
|
""" Get configuration parameter "key" from config
|
||||||
@str section: the section of the config file
|
@str section: the section of the config file
|
||||||
@ -995,7 +963,7 @@ class LdapCherry(object):
|
|||||||
return self.temp['index.tmpl'].render(
|
return self.temp['index.tmpl'].render(
|
||||||
is_admin=is_admin,
|
is_admin=is_admin,
|
||||||
attrs_list=attrs_list,
|
attrs_list=attrs_list,
|
||||||
searchresult=self._escape(user_attrs, 'attr_list'),
|
searchresult=user_attrs,
|
||||||
notifications=self._empty_notification(),
|
notifications=self._empty_notification(),
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -1011,7 +979,7 @@ class LdapCherry(object):
|
|||||||
res = None
|
res = None
|
||||||
attrs_list = self.attributes.get_search_attributes()
|
attrs_list = self.attributes.get_search_attributes()
|
||||||
return self.temp['searchuser.tmpl'].render(
|
return self.temp['searchuser.tmpl'].render(
|
||||||
searchresult=self._escape(res, 'search_list'),
|
searchresult=res,
|
||||||
attrs_list=attrs_list,
|
attrs_list=attrs_list,
|
||||||
is_admin=is_admin,
|
is_admin=is_admin,
|
||||||
custom_js=self.custom_js,
|
custom_js=self.custom_js,
|
||||||
@ -1048,7 +1016,7 @@ class LdapCherry(object):
|
|||||||
res = None
|
res = None
|
||||||
attrs_list = self.attributes.get_search_attributes()
|
attrs_list = self.attributes.get_search_attributes()
|
||||||
return self.temp['searchadmin.tmpl'].render(
|
return self.temp['searchadmin.tmpl'].render(
|
||||||
searchresult=self._escape(res, 'search_list'),
|
searchresult=res,
|
||||||
attrs_list=attrs_list,
|
attrs_list=attrs_list,
|
||||||
is_admin=is_admin,
|
is_admin=is_admin,
|
||||||
custom_js=self.custom_js,
|
custom_js=self.custom_js,
|
||||||
@ -1169,7 +1137,7 @@ class LdapCherry(object):
|
|||||||
try:
|
try:
|
||||||
form = self.temp['form.tmpl'].render(
|
form = self.temp['form.tmpl'].render(
|
||||||
attributes=self.attributes.attributes,
|
attributes=self.attributes.attributes,
|
||||||
values=self._escape(user_attrs, 'attr_list'),
|
values=user_attrs,
|
||||||
modify=True,
|
modify=True,
|
||||||
keyattr=key,
|
keyattr=key,
|
||||||
autofill=False
|
autofill=False
|
||||||
@ -1187,10 +1155,7 @@ class LdapCherry(object):
|
|||||||
form=form,
|
form=form,
|
||||||
roles=roles,
|
roles=roles,
|
||||||
is_admin=is_admin,
|
is_admin=is_admin,
|
||||||
standalone_groups=self._escape(
|
standalone_groups=standalone_groups,
|
||||||
standalone_groups,
|
|
||||||
'lonely_groups'
|
|
||||||
),
|
|
||||||
backends_display_names=self.backends_display_names,
|
backends_display_names=self.backends_display_names,
|
||||||
custom_js=self.custom_js,
|
custom_js=self.custom_js,
|
||||||
notifications=self._empty_notification(),
|
notifications=self._empty_notification(),
|
||||||
@ -1245,7 +1210,7 @@ class LdapCherry(object):
|
|||||||
|
|
||||||
form = self.temp['form.tmpl'].render(
|
form = self.temp['form.tmpl'].render(
|
||||||
attributes=self.attributes.get_selfattributes(),
|
attributes=self.attributes.get_selfattributes(),
|
||||||
values=self._escape(user_attrs, 'attr_list'),
|
values=user_attrs,
|
||||||
modify=True,
|
modify=True,
|
||||||
autofill=False
|
autofill=False
|
||||||
)
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user