Escape all characters in reference which are URL specific (i.e. ?,/,:,=)

5303454c · Ivan Tyagov · a29456bc · 5303454c · 5303454c
Commit 5303454c authored Jun 29, 2012 by Ivan Tyagov
2 changed files
--- a/bt5/erp5_discussion/SkinTemplateItem/portal_skins/erp5_discussion/WebSection_createNewDiscussionThread.xml
+++ b/bt5/erp5_discussion/SkinTemplateItem/portal_skins/erp5_discussion/WebSection_createNewDiscussionThread.xml
@@ -50,7 +50,9 @@
        </item>
        <item>
            <key> <string>_body</string> </key>
-            <value> <string>"""\n
+            <value> <string encoding="cdata"><![CDATA[
+"""\n
 This script allows to create a new Discussion Thread.\n
 """\n
 MARKER = [\'\', None, []]\n
@@ -70,7 +72,7 @@ if site_list in MARKER:\n
 membership_criterion_category_list = context.getMembershipCriterionCategoryList()\n
 multimembership_criterion_base_category_list = context.getMultimembershipCriterionBaseCategoryList()\n
 \n
-reference = title.replace(\' \', \'-\').replace(\'?\', \'\').replace(\':\', \'\')\n
+reference = title.replace(\' \', \'-\').replace(\'?\', \'\').replace(\':\', \'\').replace(\'/\', \'\').replace(\'&\', \'\').replace(\'=\', \'\')\n
 existing_document = context.getDocumentValue(reference)\n
 if existing_document is not None:\n
  # if there are other document which reference duplicates just add some random part\n
@@ -152,7 +154,9 @@ if send_notification_text not in (\'\', None):\n
 \n
 return context.Base_redirect(form_id,\n
         keep_items = dict(portal_status_message=context.Base_translateString(portal_status_message)))\n
-</string> </value>
+]]></string> </value>
        </item>
        <item>
            <key> <string>_params</string> </key>

--- a/bt5/erp5_discussion/bt/revision
+++ b/bt5/erp5_discussion/bt/revision
-113
+114
\ No newline at end of file