From 511ca3e56d2eb2ae4bcf7013c16f4c670c70ed5e Mon Sep 17 00:00:00 2001 From: Max Goodman Date: Wed, 12 Sep 2012 11:02:40 -0700 Subject: [PATCH] wiki: URL-escape constructed API call URLs. --- r2/r2/templates/wikipagesettings.html | 6 +++++- r2/r2/templates/wikirevision.html | 8 ++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/r2/r2/templates/wikipagesettings.html b/r2/r2/templates/wikipagesettings.html index 946f475d3..58c1e7c0a 100644 --- a/r2/r2/templates/wikipagesettings.html +++ b/r2/r2/templates/wikipagesettings.html @@ -23,6 +23,10 @@ <%namespace file="printablebuttons.html" import="ynbutton" /> <%namespace name="utils" file="utils.html"/> +<%! + from urllib import quote +%> +
%if thing.show_settings:
@@ -59,7 +63,7 @@
  • ${user} —  - ${ynbutton(_("(remove)"), _("done"), "../r/%s/wiki/api/alloweditor/del/%s/%s" % (c.site.name, user, c.page), post_callback="$.refresh")} + ${ynbutton(_("(remove)"), _("done"), quote("../r/%s/wiki/api/alloweditor/del/%s/%s" % (c.site.name, user, c.page)), post_callback="$.refresh")}
    • %endfor diff --git a/r2/r2/templates/wikirevision.html b/r2/r2/templates/wikirevision.html index a93b320e7..f62cd0001 100644 --- a/r2/r2/templates/wikirevision.html +++ b/r2/r2/templates/wikirevision.html @@ -23,7 +23,11 @@ <%namespace file="utils.html" import="timestamp"/> <%namespace file="printablebuttons.html" import="ynbutton" /> -hide - ${ynbutton(_("revert here"), _("done"), "..%s/api/revert/%s/%s" % (c.wiki_base_url, thing._id, thing.page), post_callback="$.refresh")} + ${ynbutton(_("revert here"), _("done"), quote("..%s/api/revert/%s/%s" % (c.wiki_base_url, thing._id, thing.page)), post_callback="$.refresh")} %endif