--- a/src/modules/query_parser.py Fri Aug 02 13:43:46 2013 +0100
+++ b/src/modules/query_parser.py Mon Aug 19 09:19:53 2013 -0700
@@ -412,21 +412,13 @@
self.pos = string_position
self.str = input_string
- def __str__(self, html=False):
- line_break = "\n"
- pre_tab = ""
- end_pre_tab = ""
- if html:
- line_break = "<br/>"
- pre_tab = "<pre>"
- end_pre_tab = "</pre>"
- return line_break.join([_("Could not parse query."),
- _("Problem occurred with: %s") % self.p,
- "%s%s" % (pre_tab, cgi.escape(self.str)),
- "%s%s" % (" " * max(self.pos - 1, 0) + "^", end_pre_tab)])
-
- def html(self):
- return self.__str__(html=True)
+ def __str__(self):
+ # BUI will interpret a line starting with a \t as pre-formatted
+ # and put it in <pre> tags.
+ return "\n".join([_("Could not parse query."),
+ _("Problem occurred with: %s\t") % self.p,
+ "\t%s" % self.str,
+ "\t%s" % (" " * max(self.pos - 1, 0) + "^")])
class Query(object):
@@ -529,30 +521,22 @@
def __init__(self, ac, pc):
"""The parameter "ac" is the child which returned actions
- while "pc" is the child which returned pacakges."""
+ while "pc" is the child which returned packages."""
QueryException.__init__(self)
self.ac = ac
self.pc = pc
- def __str__(self, html=False):
- line_break = "\n"
- pre_tab = ""
- end_pre_tab = ""
- if html:
- line_break = "<br/>"
- pre_tab = "<pre>"
- end_pre_tab = "</pre>"
+ def __str__(self):
+ # BUI will interpret a line starting with a \t as pre-formatted
+ # and put it in <pre> tags.
ac_s = _("This expression produces action results:")
- ac_q = "%s%s%s" % (pre_tab, self.ac, end_pre_tab)
+ ac_q = "\t%s" % self.ac
pc_s = _("This expression produces package results:")
- pc_q = "%s%s%s" % (pre_tab, self.pc, end_pre_tab)
- return line_break.join([ac_s, ac_q, pc_s, pc_q,
+ pc_q = "\t%s" % self.pc
+ return "\n".join([ac_s, ac_q, pc_s, pc_q,
_("'AND' and 'OR' require those expressions to produce "
"the same type of results.")])
- def html(self):
- return self.__str__(html=True)
-
class BooleanQuery(object):
"""Superclass for all boolean operations in the AST."""
--- a/src/web/en/search.shtml Fri Aug 02 13:43:46 2013 +0100
+++ b/src/web/en/search.shtml Mon Aug 19 09:19:53 2013 -0700
@@ -22,6 +22,7 @@
## Copyright 2010, 2012 Oracle and/or its affiliates. All rights reserved.
##
<%!
+ import cgi
import itertools
import pkg.actions as actions
import pkg.query_parser as qp
@@ -111,7 +112,7 @@
return_latest=not sav)
except qp.QueryException, e:
results = None
- query_error = e.html()
+ query_error = str(e)
except Exception, e:
results = None
query_error = urllib.quote(str(e))
@@ -257,16 +258,31 @@
failed = criteria["failed"]
query_error = criteria["query_error"]
- # Sanitize query_error to prevent misuse; '<' and '>' are not
- # escaped as HTML is expected in the error text.
- pat1 = re.compile("""["'][\s]*javascript:(.*)["']""", re.IGNORECASE)
- pat2 = re.compile("script(.*)", re.IGNORECASE)
- pat3 = re.compile("eval\((.*)\)", re.IGNORECASE)
- pat4 = re.compile("<[\s]*(form|input|button)(.*)", re.IGNORECASE)
- query_error = re.sub(pat1, '""', query_error)
- query_error = re.sub(pat2, "", query_error)
- query_error = re.sub(pat3, "", query_error)
- query_error = re.sub(pat4, "", query_error)
+ if query_error:
+ # Sanitize query_error to prevent misuse;
+ lines = cgi.escape(query_error, True).splitlines(True)
+ n_qe = ""
+ last_pre = False
+
+ # Put all lines which start with a \t in <pre> tags since these
+ # contain pre-formatted error descriptions.
+ for l in lines:
+ if l.startswith("\t"):
+ if not last_pre:
+ n_qe += "<pre>"
+ n_qe += l
+ last_pre = True
+ else:
+ if last_pre:
+ n_qe += "</pre>"
+ last_pre = False
+ n_qe += l.replace("\n","<br/>")
+ else:
+ if last_pre:
+ last_pre = False
+ n_qe += "</pre>"
+
+ query_error = n_qe
if not failed and searched:
return_type, results, query_error = self.search(