diff --git a/pandora/annotation/models.py b/pandora/annotation/models.py index d57a2c5ab..d9a2af389 100644 --- a/pandora/annotation/models.py +++ b/pandora/annotation/models.py @@ -44,10 +44,10 @@ def get_matches(obj, model, layer_type): has_type = 'has%ss' % layer_type.capitalize() contains = [l['id'] for l in filter(lambda l: l.get(has_type), settings.CONFIG['layers'])] if contains: - name = ox.decodeHtml(obj.name) + name = ox.decode_html(obj.name) q = Q(findvalue__icontains=" " + name)|Q(findvalue__istartswith=name) for name in obj.alternativeNames: - name = ox.decodeHtml(name) + name = ox.decode_html(name) q = q|Q(value__icontains=" " + name)|Q(value__istartswith=name) contains_matches = q&Q(layer__in=contains) if f: @@ -59,11 +59,11 @@ def get_matches(obj, model, layer_type): for a in Annotation.objects.filter(f): value = a.findvalue.lower() for name in super_matches: - name = ox.decodeHtml(name) + name = ox.decode_html(name) value = value.replace(name.lower(), '') for name in [obj.name] + list(obj.alternativeNames): name = name.lower() - name = ox.decodeHtml(name) + name = ox.decode_html(name) if name in value and (exact or re.compile('((^|\s)%s([\.,;:!?\-\/\s]|$))'%name).findall(value)): matches.append(a.id) break @@ -130,7 +130,7 @@ class Annotation(models.Model): layer = self.get_layer() if self.value: self.value = utils.cleanup_value(self.value, layer['type']) - self.findvalue = ox.decodeHtml(ox.stripTags(self.value).strip()).replace('\n', ' ') + self.findvalue = ox.decode_html(ox.strip_tags(self.value).strip()).replace('\n', ' ') sortvalue = sort_string(self.findvalue) if sortvalue: self.sortvalue = sortvalue[:900] diff --git a/pandora/annotation/tasks.py b/pandora/annotation/tasks.py index 7873e4441..41a0368e9 100644 --- a/pandora/annotation/tasks.py +++ b/pandora/annotation/tasks.py @@ -26,7 +26,7 @@ def update_matching_events(id): if a.findvalue: names = {} for n in Event.objects.all().values('id', 'name', 'alternativeNames'): - names[n['id']] = [ox.decodeHtml(x) for x in [n['name']] + json.loads(n['alternativeNames'])] + names[n['id']] = [ox.decode_html(x) for x in [n['name']] + json.loads(n['alternativeNames'])] value = a.findvalue.lower() update = [] @@ -56,7 +56,7 @@ def update_matching_places(id): if a.findvalue: names = {} for n in Place.objects.all().values('id', 'name', 'alternativeNames'): - names[n['id']] = [ox.decodeHtml(x) for x in [n['name']] + json.loads(n['alternativeNames'])] + names[n['id']] = [ox.decode_html(x) for x in [n['name']] + json.loads(n['alternativeNames'])] value = a.findvalue.lower() update = [] for i in names: diff --git a/pandora/annotation/utils.py b/pandora/annotation/utils.py index a314b6085..cfecb0f51 100644 --- a/pandora/annotation/utils.py +++ b/pandora/annotation/utils.py @@ -5,7 +5,7 @@ import ox def cleanup_value(value, layer_type): #FIXME: what about other types? location etc if layer_type == 'text': - value = ox.parse_html(value) + value = ox.sanitize_html(value) else: value = ox.escape_html(value) return value diff --git a/pandora/app/views.py b/pandora/app/views.py index 124fd27fb..30d26a12f 100644 --- a/pandora/app/views.py +++ b/pandora/app/views.py @@ -139,7 +139,7 @@ def editPage(request): page, created = models.Page.objects.get_or_create(name=data['name']) if not created: page.log() - page.text = ox.parse_html(data['text']) + page.text = ox.sanitize_html(data['text']) page.save() response = json_response({'name': page.name, 'text': page.text}) else: diff --git a/pandora/event/views.py b/pandora/event/views.py index 602dad945..208f95fbb 100644 --- a/pandora/event/views.py +++ b/pandora/event/views.py @@ -31,7 +31,7 @@ def addEvent(request): exists = False names = [data['name']] + data.get('alternativeNames', []) for name in names: - name = ox.decodeHtml(name) + name = ox.decode_html(name) if models.Event.objects.filter(defined=True, name_find__icontains=u'|%s|'%name).count() != 0: exists = True diff --git a/pandora/item/models.py b/pandora/item/models.py index 6ca18224a..a4b554bbd 100644 --- a/pandora/item/models.py +++ b/pandora/item/models.py @@ -227,7 +227,7 @@ class Item(models.Model): if not description: description = '' d, created = Description.objects.get_or_create(key=k, value=value) - d.description = ox.parse_html(description) + d.description = ox.sanitize_html(description) d.save() for key in data: if data[key] == None: @@ -237,9 +237,9 @@ class Item(models.Model): k = filter(lambda i: i['id'] == key, settings.CONFIG['itemKeys']) ktype = k and k[0].get('type') or '' if ktype == 'text': - self.data[key] = ox.parse_html(data[key]) + self.data[key] = ox.sanitize_html(data[key]) elif ktype == '[text]': - self.data[key] = [ox.parse_html(t) for t in data[key]] + self.data[key] = [ox.sanitize_html(t) for t in data[key]] elif ktype == '[string]': self.data[key] = [ox.escape_html(t) for t in data[key]] elif isinstance(data[key], basestring): @@ -579,7 +579,7 @@ class Item(models.Model): if isinstance(value, bool): value = value and 'true' or 'false' if isinstance(value, basestring): - value = ox.decodeHtml(ox.stripTags(value.strip())) + value = ox.decode_html(ox.strip_tags(value.strip())) f.value = value f.save() else: @@ -660,7 +660,7 @@ class Item(models.Model): if not value: value = None if isinstance(value, basestring): - value = ox.decodeHtml(value.lower()) + value = ox.decode_html(value.lower()) setattr(s, name, value) base_keys = ( @@ -809,7 +809,7 @@ class Item(models.Model): def update_layer_facet(self, key): current_values = [a['value'] for a in self.annotations.filter(layer=key).distinct().values('value')] - current_values = [ox.decodeHtml(v) for v in current_values] + current_values = [ox.decode_html(v) for v in current_values] saved_values = [i.value for i in Facet.objects.filter(item=self, key=key)] removed_values = filter(lambda i: i not in current_values, saved_values) if removed_values: @@ -854,7 +854,7 @@ class Item(models.Model): else: current_values = [unicode(current_values)] current_values = list(set(current_values)) - current_values = [ox.decodeHtml(v) for v in current_values] + current_values = [ox.decode_html(v) for v in current_values] saved_values = [i.value for i in Facet.objects.filter(item=self, key=key)] removed_values = filter(lambda i: i not in current_values, saved_values) if removed_values: diff --git a/pandora/item/views.py b/pandora/item/views.py index 908c21745..6ce4c0a70 100644 --- a/pandora/item/views.py +++ b/pandora/item/views.py @@ -434,7 +434,7 @@ def edit(request): response = json_response(status=200, text='ok') if 'notes' in data: if request.user.get_profile().capability('canEditMetadata'): - item.notes = ox.parse_html(data['notes']) + item.notes = ox.sanitize_html(data['notes']) del data['notes'] if 'rightslevel' in data: item.level = int(data['rightslevel']) @@ -1131,7 +1131,7 @@ def item(request, id): if isinstance(value, list): value = value = ', '.join(value) if value: - ctx[key] = ox.stripTags(value) + ctx[key] = ox.strip_tags(value) context = RequestContext(request, ctx) return render_to_response(template, context) diff --git a/pandora/itemlist/views.py b/pandora/itemlist/views.py index 24e79d13f..54871f3d6 100644 --- a/pandora/itemlist/views.py +++ b/pandora/itemlist/views.py @@ -243,7 +243,7 @@ def addList(request): value = list.status list.status = value if 'description' in data: - list.description = ox.parse_html(data['description']) + list.description = ox.sanitize_html(data['description']) if 'view' in data: list.view = data['view'] if 'sort' in data: @@ -363,7 +363,7 @@ def editList(request): name = data['name'] + ' [%d]' % num list.name = name elif key == 'description': - list.description = ox.parse_html(data['description']) + list.description = ox.sanitize_html(data['description']) if 'position' in data: pos, created = models.Position.objects.get_or_create(list=list, user=request.user) diff --git a/pandora/place/views.py b/pandora/place/views.py index 9961a51df..14f8d680a 100644 --- a/pandora/place/views.py +++ b/pandora/place/views.py @@ -55,7 +55,7 @@ def addPlace(request): for n in data.get('alternativeNames', [])] name = ox.escape_html(name) for n in names: - n = ox.decodeHtml(name) + n = ox.decode_html(name) if models.Place.objects.filter(defined=True, name_find__icontains=u'|%s|'%n).count() != 0: exists = True @@ -117,7 +117,7 @@ def editPlace(request): if alternative_names: data['alternativeNames'] = alternative_names for name in names + alternative_names: - name = ox.decodeHtml(name) + name = ox.decode_html(name) if models.Place.objects.filter(defined=True, name_find__icontains=u'|%s|'%name).exclude(id=place.id).count() != 0: conflict = True diff --git a/pandora/user/views.py b/pandora/user/views.py index f56baa453..b83e61607 100644 --- a/pandora/user/views.py +++ b/pandora/user/views.py @@ -643,8 +643,8 @@ def contact(request): 'footer': settings.CONFIG['site']['email']['footer'], 'url': request.build_absolute_uri('/'), }) - subject = ox.decodeHtml(subject) - message = ox.decodeHtml(template.render(context)) + subject = ox.decode_html(subject) + message = ox.decode_html(template.render(context)) response = json_response(text='message sent') try: send_mail(u'%s Contact - %s' % (settings.SITENAME, subject), message, email_from, email_to)