Properly URL-encode and -decode a bunch of query parameters.

- Legacy-Id: 19981
2022-02-24 14:23:46 +00:00 · 2022-02-24 14:23:46 +00:00 · 07e0eb84d9
parent 686f835d4e
commit 07e0eb84d9
6 changed files with 17 additions and 18 deletions
--- a/ietf/doc/tests_bofreq.py
+++ b/ietf/doc/tests_bofreq.py
@ -8,7 +8,7 @@ from pathlib import Path
 from pyquery import PyQuery
 from random import randint
 from tempfile import NamedTemporaryFile
-from html import escape, unescape
+from html import unescape

 from django.conf import settings
 from django.urls import reverse as urlreverse
--- a/ietf/meeting/tests_js.py
+++ b/ietf/meeting/tests_js.py
@ -8,6 +8,7 @@ import shutil
 import os
 import re
 from unittest import skipIf
+import urllib.parse

 import django
 from django.utils.text import slugify
@ -1725,7 +1726,7 @@ class AgendaTests(IetfSeleniumTestCase):
        # Now select a different item from the select input
        option.click()
        try:
-            wait.until(in_iframe_href('tz=america/halifax', self.driver.find_element(By.CSS_SELECTOR, '#weekview iframe')))
+            wait.until(in_iframe_href(urllib.parse.quote('tz=america/halifax', safe='='), self.driver.find_element(By.CSS_SELECTOR, '#weekview iframe')))
        except:
            self.fail('iframe href not updated to contain selected time zone')

@ -1844,7 +1845,7 @@ class WeekviewTests(IetfSeleniumTestCase):
        self.login()
        for zone_name in zones_to_test:
            zone = pytz.timezone(zone_name)
-            self.driver.get(self.absreverse('ietf.meeting.views.week_view') + '?tz=' + zone_name)
+            self.driver.get(self.absreverse('ietf.meeting.views.week_view') + '?tz=' + urllib.parse.quote(zone_name, safe=''))
            for item in self.get_expected_items():
                if item.session.name:
                    expected_name = item.session.name
@ -1947,7 +1948,7 @@ class WeekviewTests(IetfSeleniumTestCase):
        self.login()
        
        # Test in meeting local time
-        self.driver.get(self.absreverse('ietf.meeting.views.week_view') + '?tz=%s' % local_tz.lower())
+        self.driver.get(self.absreverse('ietf.meeting.views.week_view') + '?tz=%s' % urllib.parse.quote(local_tz.lower(), safe=''))

        time_string = '-'.join([daytime_timeslot.local_start_time().strftime('%H%M'),
                                daytime_timeslot.local_end_time().strftime('%H%M')])
--- a/ietf/meeting/tests_views.py
+++ b/ietf/meeting/tests_views.py
@ -15,7 +15,7 @@ from pyquery import PyQuery
 from lxml.etree import tostring
 from io import StringIO, BytesIO
 from bs4 import BeautifulSoup
-from urllib.parse import urlparse, urlsplit
+from urllib.parse import urlparse, urlsplit, quote
 from PIL import Image
 from pathlib import Path

@ -409,7 +409,7 @@ class MeetingTests(BaseMeetingTestCase):
        self.assertTrue(all([x in unicontent(r) for x in ['redraw_weekview', 'draw_calendar', ]]))

        # Specifying a time zone should not change the output (time zones are handled by the JS)
-        url = urlreverse("ietf.meeting.views.week_view",kwargs=dict(num=meeting.number)) + "?show=farfut&tz=Asia/Bangkok"
+        url = urlreverse("ietf.meeting.views.week_view",kwargs=dict(num=meeting.number)) + "?show=farfut&" + quote("tz=Asia/Bangkok", safe='=')
        r_with_tz = self.client.get(url)
        self.assertEqual(r_with_tz.status_code,200)
        self.assertEqual(r.content, r_with_tz.content)
--- a/ietf/static/js/agenda_filter.js
+++ b/ietf/static/js/agenda_filter.js
@ -38,17 +38,16 @@ window.agenda_filter_for_testing; // methods to be accessed for automated testin
    }

    function parse_query_params(qs) {
-        var params = {};
-        qs = decodeURI(qs)
-            .replace(/^\?/, '')
-            .toLowerCase();
-        if (qs) {
-            var param_strs = qs.split('&');
-            for (var ii = 0; ii < param_strs.length; ii++) {
-                var toks = param_strs[ii].split('=', 2);
-                params[toks[0]] = toks[1] || true;
+        const urlSearchParams = new URLSearchParams(qs);
+        const params = Object.fromEntries(urlSearchParams.entries());
+
+        // the old code returned true for empty params, so do that, too
+        for (const property in params) {
+            if (params[property] === "") {
+                params[property] = true;
            }
        }
+
        return params;
    }

--- a/ietf/templates/meeting/agenda.html
+++ b/ietf/templates/meeting/agenda.html
@ -369,9 +369,9 @@
            if (!weekview.hasClass('visually-hidden')) {
                var queryparams = window.location.search;
                if (queryparams) {
-                    queryparams += '&tz=' + encodeURI(ietf_timezone.get_current_tz().toLowerCase());
+                    queryparams += '&tz=' + encodeURIComponent(ietf_timezone.get_current_tz().toLowerCase());
                } else {
-                    queryparams = '?tz=' + encodeURI(ietf_timezone.get_current_tz().toLowerCase());
+                    queryparams = '?tz=' + encodeURIComponent(ietf_timezone.get_current_tz().toLowerCase());
                }
                var new_url = 'week-view.html' + queryparams;
                var wv_iframe = $(weekview).children('iframe');
--- a/ietf/utils/templatetags/textfilters.py
+++ b/ietf/utils/templatetags/textfilters.py
@ -8,7 +8,6 @@ import bleach
 from django import template
 from django.conf import settings
 from django.template.defaultfilters import stringfilter
-from django.utils.html import escape
 from django.utils.safestring import mark_safe

 import debug                            # pyflakes:ignore