From 97fe4cc73f5d912db92fea3bb7eee33ea9718f03 Mon Sep 17 00:00:00 2001 From: Emmanuel Viennet Date: Tue, 7 Sep 2021 23:54:33 +0200 Subject: [PATCH] =?UTF-8?q?Ne=20quote=20plus=20par=20d=C3=A9faut=20le=20HT?= =?UTF-8?q?ML=20des=20chaines=20entrants=20en=20base?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/scodoc/notesdb.py | 8 +++++--- app/scodoc/sco_moduleimpl.py | 1 - app/scodoc/sco_pdf.py | 7 ++++++- tools/fakeportal/fakeportal.py | 2 +- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/app/scodoc/notesdb.py b/app/scodoc/notesdb.py index 135675cc7..99c4ca9cb 100644 --- a/app/scodoc/notesdb.py +++ b/app/scodoc/notesdb.py @@ -287,7 +287,7 @@ class EditableTable(object): input_formators={}, aux_tables=[], convert_null_outputs_to_empty=True, - html_quote=True, + html_quote=False, # changed in 9.0.10 fields_creators={}, # { field : [ sql_command_to_create_it ] } filter_nulls=True, # dont allow to set fields to null filter_dept=False, # ajoute selection sur g.scodoc_dept_id @@ -321,8 +321,10 @@ class EditableTable(object): del vals["id"] if self.filter_dept: vals["dept_id"] = g.scodoc_dept_id - if self.html_quote: - quote_dict(vals) # quote all HTML markup + if ( + self.html_quote + ): # quote all HTML markup (une bien mauvaise idée venue des ages obscurs) + quote_dict(vals) # format value for title in vals: if title in self.input_formators: diff --git a/app/scodoc/sco_moduleimpl.py b/app/scodoc/sco_moduleimpl.py index fbb4b350f..a5db24a23 100644 --- a/app/scodoc/sco_moduleimpl.py +++ b/app/scodoc/sco_moduleimpl.py @@ -221,7 +221,6 @@ _moduleimpl_inscriptionEditor = ndb.EditableTable( def do_moduleimpl_inscription_create(args, formsemestre_id=None): "create a moduleimpl_inscription" cnx = ndb.GetDBConnexion() - log("do_moduleimpl_inscription_create: " + str(args)) r = _moduleimpl_inscriptionEditor.create(cnx, args) sco_cache.invalidate_formsemestre( formsemestre_id=formsemestre_id diff --git a/app/scodoc/sco_pdf.py b/app/scodoc/sco_pdf.py index 1f4964632..2a97e716b 100755 --- a/app/scodoc/sco_pdf.py +++ b/app/scodoc/sco_pdf.py @@ -33,6 +33,7 @@ En ScoDoc 9, ce n'est pas nécessaire car on est multiptocessus / monothread. """ +import html import io import os import queue @@ -85,7 +86,11 @@ def SU(s): # car les "combining accents" ne sont pas traités par ReportLab mais peuvent # nous être envoyés par certains navigateurs ou imports # (on en a dans les bases de données) - return unicodedata.normalize("NFC", s) + s = unicodedata.normalize("NFC", s) + # Remplace les entité XML/HTML + # reportlab ne les supporte pas non plus. + s = html.unescape(s) + return s def _splitPara(txt): diff --git a/tools/fakeportal/fakeportal.py b/tools/fakeportal/fakeportal.py index 9fdbcd01c..a732d3d78 100755 --- a/tools/fakeportal/fakeportal.py +++ b/tools/fakeportal/fakeportal.py @@ -100,7 +100,7 @@ class MyHttpRequestHandler(http.server.SimpleHTTPRequestHandler): if "etapes" in self.path.lower(): self.path = str(Path(script_dir / "etapes.xml").relative_to(Path.cwd())) - elif "scodocEtudiant" in self.path: + elif "scodocEtudiant" in self.path: # API v2 # 2 forms: nip=xxx or etape=eee&annee=aaa if "nip" in query_components: nip = query_components["nip"][0]