Fixes #3312: Sanitize payment titles.

diff --git a/apps/funding/templatetags/funding_tags.py b/apps/funding/templatetags/funding_tags.py
index 5c6544a..f59a796 100755 (executable)
--- a/apps/funding/templatetags/funding_tags.py
+++ b/apps/funding/templatetags/funding_tags.py
@@ -1,5 +1,6 @@
 from django import template
 from ..models import Offer
+from ..utils import sanitize_payment_title
 
 register = template.Library()
 
@@ -43,4 +44,4 @@ def offer_status_more(offer):
         'offer': offer,
     }
 
-
+register.filter(sanitize_payment_title)

diff --git a/apps/funding/utils.py b/apps/funding/utils.py
new file mode 100644 (file)
index 0000000..2b5f58f
--- /dev/null
+++ b/apps/funding/utils.py
@@ -0,0 +1,23 @@
+# -*- coding: utf-8
+import re
+import string
+from fnpdjango.utils.text.slughifi import char_map
+
+# PayU chokes on non-Polish diacritics.
+# Punctuation is handled correctly and escaped as needed,
+# with the notable exception of backslash.
+sane_in_payu_title = re.escape(
+    string.uppercase +
+    string.lowercase + 
+    u'ąćęłńóśźżĄĆĘŁŃÓŚŹŻ' + 
+    string.digits +
+    ' ' +
+    "".join(set(string.punctuation) - set('\\'))
+)
+
+def replace_char(m):
+    char = m.group()
+    return char_map.get(char, '')
+
+def sanitize_payment_title(value):
+    return re.sub('[^%s]{1}' % sane_in_payu_title, replace_char, unicode(value))

diff --git a/wolnelektury/settings/contrib.py b/wolnelektury/settings/contrib.py
index 6e3e535..04b0bd9 100644 (file)
--- a/wolnelektury/settings/contrib.py
+++ b/wolnelektury/settings/contrib.py
@@ -7,3 +7,5 @@ SOUTH_MIGRATION_MODULES = {
     'getpaid' : 'wolnelektury.migrations.getpaid',
     'payu': 'wolnelektury.migrations.getpaid_payu',
 }
+
+GETPAID_ORDER_DESCRIPTION = "{% load funding_tags %}{{ order|sanitize_payment_title }}"