issue2550795: @dispname query args in page.html search links

not valid html. Some queries with names that include spaces are not
properly url encoded/quoted. I.E. a space should be replaced with
%20. Fixes to allow a url_query method to be applied to
HTMLStringProperty to properly quote string values passed as part of
a url.

Author: rouilj

CHANGES.txt

@@ -303,6 +303,12 @@ Fixed:
   the subject when encountering a double prefix, e.g.
   Subject: [frobulated] [frobulatedagain] this part would be lost
   (Ralf Schlatterbeck)
+- issue2550795: @dispname query args in page.html search links
+  not valid html. Some queries with names that include spaces are not
+  properly url encoded/quoted. I.E. a space should be replaced with
+  %20. Fixes to allow a url_query method to be applied to
+  HTMLStringProperty to properly quote string values passed as part of
+  a url.
 
 2016-01-11: 1.5.1
 

doc/customizing.txt

@@ -2422,6 +2422,9 @@ multiline   only on String properties - render a multiline form edit
             field for the property
 email       only on String properties - render the value of the property
             as an obscured email address
+url_quote   only on String properties. It quotes any characters in the
+            string so it is safe to use in a url. E.G. a space is
+            replaced with %20.
 confirm     only on Password properties - render a second form edit field
             for the property, used for confirmation that the user typed
             the password correctly. Generates a field with name

doc/upgrading.txt

@@ -186,6 +186,27 @@ html/_generic* templates into your subdirectory so that missing
 templates (e.g. a missing caller.edit.html template) can be satisfied
 by the _generic.edit.html template.
 
+Properly quote query dispname (displayed name) in page.html
+-----------------------------------------------------------
+
+A new method has been added to HTMLStringProperty called url_quote.
+The default templates have been updated to use this in the "Your
+Query" section of the trackers html/page.html file. You will want to
+change your template. Lines starting with - are the original line and
+you want to change it to match the line starting with the + (remove
+the + from the line)::
+
+      <tal:block tal:repeat="qs request/user/queries">
+  -    <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}"
+  +    <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}"
+	  tal:content="qs/name">link</a><br>
+      </tal:block>
+
+Find the tal:repeat line that loops over all queries. Then
+change the value assigned to @dispname in the href attribute from
+${qs/name} to ${qs/name/url_quote}. Note that you should *not* change
+the value for tal:content.
+
 Schema change to allow "Show Unassigned" issues link to work for Anonymous user
 -------------------------------------------------------------------------------
 

roundup/cgi/templating.py

@@ -1399,6 +1399,10 @@ def _hyper_repl_rst(self, match):
             # just return the matched text
             return match.group(0)
 
+    def url_quote(self):
+        """ Return the string in plain format but escaped for use in a url """
+        return urllib.quote(self.plain())
+
     def hyperlinked(self):
         """ Render a "hyperlinked" version of the text """
         return self.plain(hyperlink=1)

share/roundup/templates/classic/html/page.html

@@ -54,7 +54,7 @@ <h2><span metal:define-slot="body_title">body title</span></h2>
    <span i18n:translate=""
     ><b>Your Queries</b> (<a href="query?@template=edit">edit</a>)</span><br>
    <tal:block tal:repeat="qs request/user/queries">
-    <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}"
+    <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}"
        tal:content="qs/name">link</a><br>
    </tal:block>
   </p>

share/roundup/templates/devel/html/page.html

@@ -210,7 +210,7 @@ <h1><a href="/">Roundup Demo Tracker</a></h1>
         <span i18n:translate=""><b>Your Queries</b> (<a class="nomargin" href="query?@template=edit">edit</a>)</span><br/>
         <ul tal:repeat="qs request/user/queries">
          <li>
-          <a tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}" tal:content="qs/name">link</a>
+          <a tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}" tal:content="qs/name">link</a>
          </li>
         </ul>
        </li>

share/roundup/templates/minimal/html/page.html

@@ -54,7 +54,7 @@ <h2><span metal:define-slot="body_title">body title</span></h2>
    <span i18n:translate=""
     ><b>Your Queries</b> (<a href="query?@template=edit">edit</a>)</span><br>
    <tal:block tal:repeat="qs request/user/queries">
-    <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}"
+    <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}"
        tal:content="qs/name">link</a><br>
    </tal:block>
   </p>

share/roundup/templates/responsive/html/page.html

@@ -227,7 +227,7 @@
               <span i18n:translate=""><b>Your Queries</b> (<a class="nomargin" href="query?@template=edit">edit</a>)</span><br/>
               <ul tal:repeat="qs request/user/queries">
                 <li>
-                  <a tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}" tal:content="qs/name">link</a>
+                  <a tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}" tal:content="qs/name">link</a>
                 </li>
               </ul>
            </li>

test/test_templating.py

@@ -104,6 +104,11 @@ def lookup(key) :
         cls = HTMLClass(self.client, "issue")
         cls["nosy"]
 
+    def test_string_url_quote(self):
+        ''' test that urlquote quotes the string '''
+        p = StringHTMLProperty(self.client, 'test', '1', None, 'test', 'test string< foo@bar')
+        self.assertEqual(p.url_quote(), 'test%20string%3C%20foo%40bar')
+
     def test_url_match(self):
         '''Test the URL regular expression in StringHTMLProperty.
         '''