From 4b0a7ae59f46bd178745e97e6b69dc240c5761c7 Mon Sep 17 00:00:00 2001 From: Radek Czajka Date: Mon, 10 Feb 2014 14:43:28 +0100 Subject: [PATCH] Fixes #3312: Sanitize payment titles. --- apps/funding/templatetags/funding_tags.py | 3 ++- apps/funding/utils.py | 23 +++++++++++++++++++++++ wolnelektury/settings/contrib.py | 2 ++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 apps/funding/utils.py diff --git a/apps/funding/templatetags/funding_tags.py b/apps/funding/templatetags/funding_tags.py index 5c6544a8f..f59a79619 100755 --- a/apps/funding/templatetags/funding_tags.py +++ b/apps/funding/templatetags/funding_tags.py @@ -1,5 +1,6 @@ from django import template from ..models import Offer +from ..utils import sanitize_payment_title register = template.Library() @@ -43,4 +44,4 @@ def offer_status_more(offer): 'offer': offer, } - +register.filter(sanitize_payment_title) diff --git a/apps/funding/utils.py b/apps/funding/utils.py new file mode 100644 index 000000000..2b5f58f4d --- /dev/null +++ b/apps/funding/utils.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 +import re +import string +from fnpdjango.utils.text.slughifi import char_map + +# PayU chokes on non-Polish diacritics. +# Punctuation is handled correctly and escaped as needed, +# with the notable exception of backslash. +sane_in_payu_title = re.escape( + string.uppercase + + string.lowercase + + u'ąćęłńóśźżĄĆĘŁŃÓŚŹŻ' + + string.digits + + ' ' + + "".join(set(string.punctuation) - set('\\')) +) + +def replace_char(m): + char = m.group() + return char_map.get(char, '') + +def sanitize_payment_title(value): + return re.sub('[^%s]{1}' % sane_in_payu_title, replace_char, unicode(value)) diff --git a/wolnelektury/settings/contrib.py b/wolnelektury/settings/contrib.py index 6e3e535d5..04b0bd944 100644 --- a/wolnelektury/settings/contrib.py +++ b/wolnelektury/settings/contrib.py @@ -7,3 +7,5 @@ SOUTH_MIGRATION_MODULES = { 'getpaid' : 'wolnelektury.migrations.getpaid', 'payu': 'wolnelektury.migrations.getpaid_payu', } + +GETPAID_ORDER_DESCRIPTION = "{% load funding_tags %}{{ order|sanitize_payment_title }}" -- 2.20.1