Commit d26d2829 authored by Robert's avatar Robert

Sanitize malformed search queries, refs #598

parent fa3f9f88
......@@ -10,7 +10,7 @@
<label class="form-search-wrap">
<span class="sr-only">Suche</span>
<input type="search" name="q" class="form-control" placeholder="Suche"
value="{{ request.GET.q }}" autofocus>
value="{{ view.query_string }}" autofocus>
</label>
<button class="btn btn-primary">
Suchen
......
import re
import bleach
import django
from django.conf import settings
from django.contrib.sites.shortcuts import get_current_site
......@@ -73,8 +76,8 @@ class Search(PermissionMixin, ListView):
template_name = 'stadt/search.html'
def get_queryset(self):
query_string = self.request.GET.get('q', '').strip()
if query_string:
return SearchQuerySet().filter(content=AutoQuery(query_string))
self.query_string = re.sub('[^\w ]', '', self.request.GET.get('q', ''))
if self.query_string:
return SearchQuerySet().filter(content=AutoQuery(self.query_string))
else:
return EmptySearchQuerySet()
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment