From 955c194e4c3fdf2eb4b35e03c54b65368348c9e1 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg Date: Fri, 19 May 2023 08:35:21 +0200 Subject: [PATCH] server-rendered result page: fix q= escaping fixes https://github.com/Debian/dcs/issues/121 --- cmd/dcs-web/common/common.go | 12 ++++++++++++ cmd/dcs-web/serverrendered.go | 2 -- cmd/dcs-web/templates/perpackage-results.html | 2 +- cmd/dcs-web/templates/results.html | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/cmd/dcs-web/common/common.go b/cmd/dcs-web/common/common.go index d34a955..f483f4a 100644 --- a/cmd/dcs-web/common/common.go +++ b/cmd/dcs-web/common/common.go @@ -8,6 +8,7 @@ import ( "html/template" "io/ioutil" "log" + "net/url" "path/filepath" "reflect" "strings" @@ -53,6 +54,17 @@ func Init(tlsCertPath, tlsKeyPath, staticPath string) { func loadTemplates() { var err error Templates = template.New("foo").Funcs(template.FuncMap{ + "appendToQuery": func(unparsedURL, extra string) string { + u, err := url.Parse(unparsedURL) + if err != nil { + log.Printf("appendToQuery(%q) = %v", unparsedURL, err) + return unparsedURL + } + basequery := u.Query() + basequery.Set("q", basequery.Get("q")+extra) + u.RawQuery = basequery.Encode() + return u.String() + }, "eq": func(args ...interface{}) bool { if len(args) == 0 { return false diff --git a/cmd/dcs-web/serverrendered.go b/cmd/dcs-web/serverrendered.go index 7c95bdd..6e76d78 100644 --- a/cmd/dcs-web/serverrendered.go +++ b/cmd/dcs-web/serverrendered.go @@ -178,7 +178,6 @@ func renderPerPackage(w http.ResponseWriter, r *http.Request, queryid string, pa pagination := updatePagination(page, pages, baseurl.String()) basequery.Del("perpkg") - basequery.Del("q") // Ensure the filterurl has at least one parameter, so that we can // always concatenate with the & sign. basequery.Set("_", "_") @@ -331,7 +330,6 @@ func Search(w http.ResponseWriter, r *http.Request) { perpkgurl := baseurl.String() basequery.Del("perpkg") - basequery.Del("q") // Ensure the filterurl has at least one parameter, so that we can // always concatenate with the & sign. basequery.Set("_", "_") diff --git a/cmd/dcs-web/templates/perpackage-results.html b/cmd/dcs-web/templates/perpackage-results.html index 09f42d9..2b22943 100644 --- a/cmd/dcs-web/templates/perpackage-results.html +++ b/cmd/dcs-web/templates/perpackage-results.html @@ -92,7 +92,7 @@

Search Results by package for "{{.q}}"

Filter by package: {{range $index, $package := .packages}} -{{$package}}, +{{$package}}, {{end}}

diff --git a/cmd/dcs-web/templates/results.html b/cmd/dcs-web/templates/results.html index 2e759ff..b15e511 100644 --- a/cmd/dcs-web/templates/results.html +++ b/cmd/dcs-web/templates/results.html @@ -95,7 +95,7 @@

Search Results for "{{.q}}"

Filter by package: {{range $index, $package := .packages}} -{{$package}}, +{{$package}}, {{end}}