From 4baf6b7382814b94dcffeac00fd4328dfb2486c1 Mon Sep 17 00:00:00 2001 From: Chad Whitacre Date: Wed, 12 Sep 2012 22:10:29 -0400 Subject: [PATCH] Drop back to ASCII after all. :-( (#80) Got bit by an Aspen bug. :-/ https://github.com/whit537/aspen/issues/102 --- www/%participant_id/index.html | 7 ++++--- www/%participant_id/participant_id.json | 11 ++++++++++- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/www/%participant_id/index.html b/www/%participant_id/index.html index de63c2b5d4..649f2434f5 100644 --- a/www/%participant_id/index.html +++ b/www/%participant_id/index.html @@ -281,7 +281,7 @@ function success(d) { - window.location.href = "/" + encodeURI(d.participant_id) + "/"; + window.location.href = "/" + encodeURIComponent(d.participant_id) + "/"; } function error(e) { @@ -297,8 +297,9 @@ } else { - alert( "Sorry, something went wrong. :-( Try again " - + "later?"); + alert( "Sorry, something went wrong. Either you used " + + "disallowed characters or something broke on " + + "our end."); } } jQuery.ajax( diff --git a/www/%participant_id/participant_id.json b/www/%participant_id/participant_id.json index 23e9cfc3a5..b67aff9062 100644 --- a/www/%participant_id/participant_id.json +++ b/www/%participant_id/participant_id.json @@ -2,6 +2,12 @@ from aspen import Response from gittip import db from psycopg2 import IntegrityError +ALLOWED_ASCII = set("0123456789" + "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + ".,-_;:@ ") + + # ========================================================================== ^L if user.ANON: @@ -18,8 +24,11 @@ new_participant_id = request.body['participant_id'] for i, c in enumerate(new_participant_id): if i == 32: raise Response(413) # Request Entity Too Large (more or less) - if ord(c) < 32: + elif ord(c) < 128 and c not in ALLOWED_ASCII: raise Response(400) # Yeah, no. + elif c not in ALLOWED_ASCII: + raise Response(400) # XXX Burned by an Aspen bug. :`-( + # https://github.com/whit537/aspen/issues/102 # Persist