From e80ad56b6a89a9b4be4c42f27902a71f797dd60a Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Mon, 10 May 2021 16:40:55 +0200 Subject: always quote the slug / article name --- talermerchantdemos/blog/blog.py | 6 +++--- talermerchantdemos/blog/content.py | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/talermerchantdemos/blog/blog.py b/talermerchantdemos/blog/blog.py index cb3d392..c84ab47 100644 --- a/talermerchantdemos/blog/blog.py +++ b/talermerchantdemos/blog/blog.py @@ -398,10 +398,10 @@ def article(article_name, lang=None, data=None): # run the payment protocol. response = flask.redirect(pay_status["order_status_url"]) response.set_cookie( - "order_id", order_id, path=urllib.parse.quote(f"/essay/{article_name}") + "order_id", order_id, path=f"/essay/{article_name}" ) response.set_cookie( - "order_id", order_id, path=urllib.parse.quote(f"/{lang}/essay/{article_name}") + "order_id", order_id, path=f"/{lang}/essay/{article_name}" ) return response @@ -425,7 +425,7 @@ def handler_404(e): @app.errorhandler(BackendException) def handler_backend_exception(e): t = flask.render_template( - "survey-error.html.j2", + "blog-error.html.j2", message=e.args[0], json=e.backend_json, status_code=e.backend_status, diff --git a/talermerchantdemos/blog/content.py b/talermerchantdemos/blog/content.py index ba2fcbe..4a6282e 100644 --- a/talermerchantdemos/blog/content.py +++ b/talermerchantdemos/blog/content.py @@ -24,6 +24,7 @@ from bs4 import BeautifulSoup from pkg_resources import resource_stream, resource_filename from os import listdir from os.path import isfile, join +from urllib.parse import quote LOGGER = logging.getLogger(__name__) @@ -98,7 +99,7 @@ def add_from_html(resource_name, lang): title = resource_name else: title = title_el.get_text().strip() - slug = title.replace(" ", "_") + slug = quote(title.replace(" ", "_")) teaser = soup.find("p", attrs={"id": ["teaser"]}) if teaser is None: -- cgit v1.2.3