From 3a2bb7ba0156dd3f7ba1ec4e637d1cde30a8b866 Mon Sep 17 00:00:00 2001 From: Chris Dodge Date: Wed, 31 Jul 2013 15:07:19 -0400 Subject: [PATCH] add escaping --- cms/templates/widgets/header.html | 2 +- common/lib/xmodule/xmodule/course_module.py | 9 +++++---- lms/templates/course.html | 4 ++-- lms/templates/courseware/course_about.html | 14 +++++++++++++- lms/templates/courseware/courseware.html | 4 ++++ lms/templates/courseware/info.html | 4 ++++ lms/templates/courseware/mktg_course_about.html | 8 ++++++++ lms/templates/courseware/progress.html | 4 ++++ lms/templates/courseware/static_tab.html | 2 +- lms/templates/courseware/syllabus.html | 4 ++++ lms/templates/dashboard.html | 16 ++++++++++++++-- lms/templates/discussion/single_thread.html | 4 ++++ lms/templates/instructor/staff_grading.html | 4 ++++ lms/templates/navigation.html | 2 +- .../combined_notifications.html | 4 ++++ .../open_ended_flagged_problems.html | 4 ++++ .../open_ended_problems/open_ended_problems.html | 4 ++++ lms/templates/static_htmlbook.html | 4 ++++ lms/templates/static_pdfbook.html | 6 ++++++ lms/templates/staticbook.html | 4 ++++ lms/templates/test_center_register.html | 4 ++-- 21 files changed, 97 insertions(+), 14 deletions(-) diff --git a/cms/templates/widgets/header.html b/cms/templates/widgets/header.html index 9e39bae749..a0d4d0fd41 100644 --- a/cms/templates/widgets/header.html +++ b/cms/templates/widgets/header.html @@ -13,7 +13,7 @@

${_("Current Course:")} - ${context_course.display_org_with_default}${context_course.display_number_with_default} + ${context_course.display_org_with_default | h}${context_course.display_number_with_default | h} ${context_course.display_name_with_default}

diff --git a/common/lib/xmodule/xmodule/course_module.py b/common/lib/xmodule/xmodule/course_module.py index b6ac48b7f5..bf902e99bf 100644 --- a/common/lib/xmodule/xmodule/course_module.py +++ b/common/lib/xmodule/xmodule/course_module.py @@ -6,6 +6,7 @@ from path import path # NOTE (THK): Only used for detecting presence of syllabu import requests from datetime import datetime import dateutil.parser +import cgi from xmodule.modulestore import Location from xmodule.seq_module import SequenceDescriptor, SequenceModule @@ -944,9 +945,9 @@ class CourseDescriptor(CourseFields, SequenceDescriptor): Return a display course number if it has been specified, otherwise return the 'course' that is in the location """ if self.display_coursenumber: - return self.display_coursenumber + return cgi.escape(self.display_coursenumber) - return self.location.course + return self.number @property def org(self): @@ -958,6 +959,6 @@ class CourseDescriptor(CourseFields, SequenceDescriptor): Return a display organization if it has been specified, otherwise return the 'org' that is in the location """ if self.display_organization: - return self.display_organization + return cgi.escape(self.display_organization) - return self.location.org + return self.org diff --git a/lms/templates/course.html b/lms/templates/course.html index 01581ed764..4f2a78984f 100644 --- a/lms/templates/course.html +++ b/lms/templates/course.html @@ -14,13 +14,13 @@ from courseware.courses import course_image_url, get_course_about_section
-

${course.display_number_with_default} ${get_course_about_section(course, 'title')}

+

${course.display_number_with_default | h} ${get_course_about_section(course, 'title')}

- ${course.display_number_with_default} ${get_course_about_section(course, 'title')} Cover Image + ${course.display_number_with_default | h} ${get_course_about_section(course, 'title')} Cover Image

${get_course_about_section(course, 'short_description')}

diff --git a/lms/templates/courseware/course_about.html b/lms/templates/courseware/course_about.html index 36cb7054d0..f0b39adc0c 100644 --- a/lms/templates/courseware/course_about.html +++ b/lms/templates/courseware/course_about.html @@ -66,11 +66,15 @@ +<<<<<<< HEAD <<<<<<< HEAD <%block name="title">${_("About {course.number}").format(course=course)} ======= <%block name="title">About ${course.display_number_with_default} >>>>>>> add display_coursenumber and display_organization fields on the CourseModule, with some property accessors. Update LMS/CMS pages to use those display strings as appropraite. +======= +<%block name="title">About ${course.display_number_with_default | h} +>>>>>>> add escaping
@@ -79,7 +83,7 @@

- ${course.display_number_with_default}: ${get_course_about_section(course, "title")} + ${course.display_number_with_default | h}: ${get_course_about_section(course, "title")} % if not self.theme_enabled(): ${get_course_about_section(course, "university")} % endif @@ -101,11 +105,15 @@ %endif %else: +<<<<<<< HEAD <<<<<<< HEAD ${_("Register for {course.number}").format(course=course)} ======= Register for ${course.display_number_with_default} >>>>>>> add display_coursenumber and display_organization fields on the CourseModule, with some property accessors. Update LMS/CMS pages to use those display strings as appropraite. +======= + Register for ${course.display_number_with_default | h} +>>>>>>> add escaping
%endif

@@ -174,11 +182,15 @@
    +<<<<<<< HEAD <<<<<<< HEAD

  1. ${_("Course Number")}

    ${course.number}

  2. ${_("Classes Start")}

    ${course.start_date_text}
    3. =======

  3. Course Number

    ${course.display_number_with_default}
    4. +======= +

  4. Course Number

    ${course.display_number_with_default | h}
    5. +>>>>>>> add escaping

  5. Classes Start

    ${course.start_date_text}
    6. >>>>>>> add display_coursenumber and display_organization fields on the CourseModule, with some property accessors. Update LMS/CMS pages to use those display strings as appropraite. diff --git a/lms/templates/courseware/courseware.html b/lms/templates/courseware/courseware.html index cb7a2f96fc..cc5646b3a4 100644 --- a/lms/templates/courseware/courseware.html +++ b/lms/templates/courseware/courseware.html @@ -2,7 +2,11 @@ <%inherit file="/main.html" /> <%namespace name='static' file='/static_content.html'/> <%block name="bodyclass">courseware ${course.css_class} +<<<<<<< HEAD <%block name="title">${_("{course_number} Courseware").format(course_number=course.display_number_with_default)} +======= +<%block name="title">${course.display_number_with_default | h} Courseware +>>>>>>> add escaping <%block name="headextra"> <%static:css group='course'/> diff --git a/lms/templates/courseware/info.html b/lms/templates/courseware/info.html index 4d889b35f7..67bef227fa 100644 --- a/lms/templates/courseware/info.html +++ b/lms/templates/courseware/info.html @@ -7,7 +7,11 @@ <%static:css group='course'/> +<<<<<<< HEAD <%block name="title">${_("{course.number} Course Info").format(course=course.display_number_with_default)} +======= +<%block name="title">${course.display_number_with_default | h} Course Info +>>>>>>> add escaping <%include file="/courseware/course_navigation.html" args="active_page='info'" /> <%! diff --git a/lms/templates/courseware/mktg_course_about.html b/lms/templates/courseware/mktg_course_about.html index 46f2060bbc..71be39bc20 100644 --- a/lms/templates/courseware/mktg_course_about.html +++ b/lms/templates/courseware/mktg_course_about.html @@ -8,7 +8,11 @@ <%inherit file="../mktg_iframe.html" /> +<<<<<<< HEAD <%block name="title">${_("About {course_number}").format(course_number=course.display_number_with_default)} +======= +<%block name="title">About ${course.display_number_with_default | h} +>>>>>>> add escaping <%block name="bodyclass">view-partial-mktgregister @@ -52,7 +56,11 @@
    ${_("You Are Registered")}
    %endif %elif allow_registration: +<<<<<<< HEAD ${_("Register for")} ${course.display_number_with_default} +======= + Register for ${course.display_number_with_default | h} +>>>>>>> add escaping %else:
    ${_("Registration Is Closed")}
    %endif diff --git a/lms/templates/courseware/progress.html b/lms/templates/courseware/progress.html index 105ccebe86..85f96bfbd5 100644 --- a/lms/templates/courseware/progress.html +++ b/lms/templates/courseware/progress.html @@ -8,7 +8,11 @@ <%namespace name="progress_graph" file="/courseware/progress_graph.js"/> +<<<<<<< HEAD <%block name="title">${_("{course_number} Progress").format(course_number=course.display_number_with_default)} +======= +<%block name="title">${course.display_number_with_default | h} Progress +>>>>>>> add escaping <%! from django.core.urlresolvers import reverse diff --git a/lms/templates/courseware/static_tab.html b/lms/templates/courseware/static_tab.html index 884c161496..f03dcacb80 100644 --- a/lms/templates/courseware/static_tab.html +++ b/lms/templates/courseware/static_tab.html @@ -6,7 +6,7 @@ <%static:css group='course'/> -<%block name="title">${course.display_number_with_default} ${tab['name']} +<%block name="title">${course.display_number_with_default | h} ${tab['name']} <%include file="/courseware/course_navigation.html" args="active_page='static_tab_{0}'.format(tab['url_slug'])" /> diff --git a/lms/templates/courseware/syllabus.html b/lms/templates/courseware/syllabus.html index 3499193377..49c76f13ac 100644 --- a/lms/templates/courseware/syllabus.html +++ b/lms/templates/courseware/syllabus.html @@ -6,7 +6,11 @@ <%static:css group='course'/> +<<<<<<< HEAD <%block name="title">${_("{course.display_number_with_default} Course Info").format(course=course)} +======= +<%block name="title">${course.display_number_with_default | h} Course Info +>>>>>>> add escaping <%include file="/courseware/course_navigation.html" args="active_page='syllabus'" /> <%! diff --git a/lms/templates/dashboard.html b/lms/templates/dashboard.html index 2c565cfd9c..01d23e7e5d 100644 --- a/lms/templates/dashboard.html +++ b/lms/templates/dashboard.html @@ -140,6 +140,7 @@ % if course.id in show_courseware_links_for: +<<<<<<< HEAD <<<<<<< HEAD ${_('{course_number} {course_name} Cover Image').format(course_number='${course.number}', course_name='${course.display_name_with_default}')} @@ -153,6 +154,13 @@
    ${course.display_number_with_default} ${course.display_name_with_default} Cover Image >>>>>>> add display_coursenumber and display_organization fields on the CourseModule, with some property accessors. Update LMS/CMS pages to use those display strings as appropraite. +======= + ${course.display_number_with_default | h} ${course.display_name_with_default} Cover Image + + % else: +
    + ${course.display_number_with_default | h} ${course.display_name_with_default} Cover Image +>>>>>>> add escaping
    % endif @@ -170,9 +178,9 @@

    ${get_course_about_section(course, 'university')}

    % if course.id in show_courseware_links_for: - ${course.display_number_with_default} ${course.display_name_with_default} + ${course.display_number_with_default | h} ${course.display_name_with_default} % else: - ${course.display_number_with_default} ${course.display_name_with_default} + ${course.display_number_with_default | h} ${course.display_name_with_default} % endif

    @@ -205,6 +213,7 @@ % endif % if registration.is_rejected:
    +<<<<<<< HEAD <<<<<<< HEAD

    ${_("Your registration for the Pearson exam has been rejected. Please {link_start}see your registration status details{link_end}.").format( @@ -218,6 +227,9 @@ =======

    Your registration for the Pearson exam has been rejected. Please see your registration status details. Otherwise contact edX at exam-help@edx.org for further help.

    >>>>>>> add display_coursenumber and display_organization fields on the CourseModule, with some property accessors. Update LMS/CMS pages to use those display strings as appropraite. +======= +

    Your registration for the Pearson exam has been rejected. Please see your registration status details. Otherwise contact edX at exam-help@edx.org for further help.

    +>>>>>>> add escaping
    % endif % if not registration.is_accepted and not registration.is_rejected: diff --git a/lms/templates/discussion/single_thread.html b/lms/templates/discussion/single_thread.html index 5bd6c6ca03..9dade09a9a 100644 --- a/lms/templates/discussion/single_thread.html +++ b/lms/templates/discussion/single_thread.html @@ -7,7 +7,11 @@ <%inherit file="../main.html" /> <%namespace name='static' file='../static_content.html'/> <%block name="bodyclass">discussion +<<<<<<< HEAD <%block name="title">${_("Discussion - {course_number}").format(course_number=course.display_number_with_default) | h} +======= +<%block name="title">Discussion – ${course.display_number_with_default | h} +>>>>>>> add escaping <%block name="headextra"> <%static:css group='course'/> diff --git a/lms/templates/instructor/staff_grading.html b/lms/templates/instructor/staff_grading.html index fee2275927..e506ef02cc 100644 --- a/lms/templates/instructor/staff_grading.html +++ b/lms/templates/instructor/staff_grading.html @@ -7,7 +7,11 @@ <%static:css group='course'/> +<<<<<<< HEAD <%block name="title">${_("{course_number} Staff Grading").format(course_number=course.display_number_with_default)} +======= +<%block name="title">${course.display_number_with_default | h} Staff Grading +>>>>>>> add escaping <%include file="/courseware/course_navigation.html" args="active_page='staff_grading'" /> diff --git a/lms/templates/navigation.html b/lms/templates/navigation.html index 3ca3ae2d1d..ee9b400251 100644 --- a/lms/templates/navigation.html +++ b/lms/templates/navigation.html @@ -50,7 +50,7 @@ site_status_msg = get_site_status_msg(course_id) % if course: -

    ${course.display_org_with_default}: ${course.display_number_with_default} ${course.display_name_with_default}

    +

    ${course.display_org_with_default | h}: ${course.display_number_with_default | h} ${course.display_name_with_default}

    % endif % if user.is_authenticated(): diff --git a/lms/templates/open_ended_problems/combined_notifications.html b/lms/templates/open_ended_problems/combined_notifications.html index b1149194d9..1b8898fedc 100644 --- a/lms/templates/open_ended_problems/combined_notifications.html +++ b/lms/templates/open_ended_problems/combined_notifications.html @@ -7,7 +7,11 @@ <%static:css group='course'/> +<<<<<<< HEAD <%block name="title">${_("{course_number} Combined Notifications").format(course_number=course.display_number_with_default)} +======= +<%block name="title">${course.display_number_with_default | h} Combined Notifications +>>>>>>> add escaping <%include file="/courseware/course_navigation.html" args="active_page='open_ended'" /> diff --git a/lms/templates/open_ended_problems/open_ended_flagged_problems.html b/lms/templates/open_ended_problems/open_ended_flagged_problems.html index 61ec49584c..f366684c02 100644 --- a/lms/templates/open_ended_problems/open_ended_flagged_problems.html +++ b/lms/templates/open_ended_problems/open_ended_flagged_problems.html @@ -7,7 +7,11 @@ <%static:css group='course'/> +<<<<<<< HEAD <%block name="title">${_("{course_number} Flagged Open Ended Problems").format(course_number=course.display_number_with_default)} +======= +<%block name="title">${course.display_number_with_default | h} Flagged Open Ended Problems +>>>>>>> add escaping <%include file="/courseware/course_navigation.html" args="active_page='open_ended_flagged_problems'" /> diff --git a/lms/templates/open_ended_problems/open_ended_problems.html b/lms/templates/open_ended_problems/open_ended_problems.html index e8496b6647..67c5ba8da3 100644 --- a/lms/templates/open_ended_problems/open_ended_problems.html +++ b/lms/templates/open_ended_problems/open_ended_problems.html @@ -7,7 +7,11 @@ <%static:css group='course'/> +<<<<<<< HEAD <%block name="title">${_("{course_number} Open Ended Problems").format(course_number=course.display_number_with_default)} +======= +<%block name="title">${course.display_number_with_default | h} Open Ended Problems +>>>>>>> add escaping <%include file="/courseware/course_navigation.html" args="active_page='open_ended_problems'" /> diff --git a/lms/templates/static_htmlbook.html b/lms/templates/static_htmlbook.html index 9f8f4bb3d5..2b7702f5a4 100644 --- a/lms/templates/static_htmlbook.html +++ b/lms/templates/static_htmlbook.html @@ -2,8 +2,12 @@ <%inherit file="main.html" /> <%namespace name='static' file='static_content.html'/> +<<<<<<< HEAD <%block name="title">${_('{course_number} Textbook').format(course_number=course.display_number_with_default)} +======= +<%block name="title">${course.display_number_with_default | h} Textbook +>>>>>>> add escaping <%block name="headextra"> diff --git a/lms/templates/static_pdfbook.html b/lms/templates/static_pdfbook.html index a38e9ff541..e6cde45fd2 100644 --- a/lms/templates/static_pdfbook.html +++ b/lms/templates/static_pdfbook.html @@ -3,10 +3,16 @@ <%inherit file="main.html" /> <%namespace name='static' file='static_content.html'/> <%block name="title"> +<<<<<<< HEAD ${_('{course_number} Textbook').format(course_number=course.display_number_with_default)} +======= + + + ${course.display_number_with_default | h} Textbook +>>>>>>> add escaping <%block name="headextra"> diff --git a/lms/templates/staticbook.html b/lms/templates/staticbook.html index 157af3a061..443918ac75 100644 --- a/lms/templates/staticbook.html +++ b/lms/templates/staticbook.html @@ -2,7 +2,11 @@ <%inherit file="main.html" /> <%namespace name='static' file='static_content.html'/> +<<<<<<< HEAD <%block name="title">${_("{course_number} Textbook").format(course_number=course.display_number_with_default)} +======= +<%block name="title">${course.display_number_with_default | h} Textbook +>>>>>>> add escaping <%block name="headextra"> <%static:css group='course'/> diff --git a/lms/templates/test_center_register.html b/lms/templates/test_center_register.html index ba88cfd6dd..de7ecd23df 100644 --- a/lms/templates/test_center_register.html +++ b/lms/templates/test_center_register.html @@ -95,7 +95,7 @@
    -

    ${get_course_about_section(course, 'university')} ${course.display_number_with_default} ${course.display_name_with_default}

    +

    ${get_course_about_section(course, 'university')} ${course.display_number_with_default | h} ${course.display_name_with_default}

    % if registration:

    ${_('Your Pearson VUE Proctored Exam Registration')}

    @@ -442,7 +442,7 @@ % endif
    -

    ${_("About {university} {course_number}").format(university=get_course_about_section(course, 'university'), course_number=course.display_number_with_default)}

    +

    ${_("About {university} {course_number}").format(university=get_course_about_section(course, 'university'), course_number=course.course.display_number_with_default)}

    % if course.has_ended(): ${_('Course Completed:')} ${course.end_date_text}