sanitize whitespace and cut private use chars in search query
[wolnelektury.git] / src / catalogue / views.py
index 81d0a02..503b6f5 100644 (file)
@@ -12,7 +12,7 @@ from django.template.loader import render_to_string
 from django.shortcuts import render_to_response, get_object_or_404, render, redirect
 from django.http import HttpResponse, HttpResponseRedirect, Http404, HttpResponsePermanentRedirect, JsonResponse
 from django.core.urlresolvers import reverse
-from django.db.models import Q
+from django.db.models import Q, QuerySet
 from django.contrib.auth.decorators import login_required, user_passes_test
 from django.utils.http import urlquote_plus
 from django.utils import translation
@@ -29,6 +29,7 @@ from catalogue import forms
 from catalogue.helpers import get_top_level_related_tags
 from catalogue.models import Book, Collection, Tag, Fragment
 from catalogue.utils import split_tags
+from catalogue.models.tag import prefetch_relations
 
 staff_required = user_passes_test(lambda user: user.is_staff)
 
@@ -103,7 +104,10 @@ def object_list(request, objects, fragments=None, related_tags=None, tags=None,
             else:
                 fragments = Fragment.objects.filter(book__in=objects)
         related_tag_lists.append(
-            Tag.objects.usage_for_queryset(fragments, counts=True).filter(category='theme').exclude(pk__in=tag_ids))
+            Tag.objects.usage_for_queryset(fragments, counts=True).filter(category='theme').exclude(pk__in=tag_ids)
+            .only('name', 'sort_key', 'category', 'slug'))
+        if isinstance(objects, QuerySet):
+            objects = prefetch_relations(objects, 'author')
 
     categories = split_tags(*related_tag_lists)
 
@@ -361,7 +365,14 @@ def _no_diacritics_regexp(query):
 
 def unicode_re_escape(query):
     """ Unicode-friendly version of re.escape """
-    return re.sub(r'(?u)(\W)', r'\\\1', query)
+    s = list(query)
+    for i, c in enumerate(query):
+        if re.match(r'(?u)(\W)', c) and re.match(r'[\x00-\x7e]', c):
+            if c == "\000":
+                s[i] = "\\000"
+            else:
+                s[i] = "\\" + c
+    return query[:0].join(s)
 
 
 def _word_starts_with(name, prefix):
@@ -617,6 +628,7 @@ class CustomPDFFormView(AjaxableFormView):
     form_class = forms.CustomPDFForm
     title = ugettext_lazy('Download custom PDF')
     submit = ugettext_lazy('Download')
+    template = 'catalogue/custom_pdf_form.html'
     honeypot = True
 
     def __call__(self, *args, **kwargs):
@@ -731,10 +743,10 @@ def tag_box(request, pk):
 
 @ssi_included
 def collection_box(request, pk):
-    obj = get_object_or_404(Collection, pk=pk)
+    collection = get_object_or_404(Collection, pk=pk)
 
     return render(request, 'catalogue/collection_box.html', {
-        'obj': obj,
+        'collection': collection,
     })
 
 
@@ -773,3 +785,12 @@ def collections(request):
         'objects': objects,
         'best': best,
     })
+
+
+def ridero_cover(request, slug):
+    from librarian.cover import DefaultEbookCover
+    wldoc = Book.objects.get(slug=slug).wldocument()
+    cover = DefaultEbookCover(wldoc.book_info, width=980, bleed=20, format='PNG')
+    response = HttpResponse(content_type="image/png")
+    cover.save(response)
+    return response