diff --git a/circle/dashboard/templates/dashboard/store/_list-box.html b/circle/dashboard/templates/dashboard/store/_list-box.html
index 412717b..e9e4606 100644
--- a/circle/dashboard/templates/dashboard/store/_list-box.html
+++ b/circle/dashboard/templates/dashboard/store/_list-box.html
@@ -4,23 +4,23 @@
<div class="list-group-item">
<div class="row">
<div class="col-sm-6">
- <a href="{% url "dashboard.views.store-upload"%}?directory={{ current }}"
+ <a href="{% url "dashboard.views.store-upload"%}?directory={{ current|urlencode }}"
class="btn btn-info btn-xs js-hidden">
{% trans "Upload" %}
</a>
- <form action="" data-action="{% url "dashboard.views.store-upload-url" %}"
+ <form action="" data-action="{% url "dashboard.views.store-upload-url" %}"
method="POST" enctype="multipart/form-data" class="no-js-hidden"
id="store-upload-form">
{% csrf_token %}
- <input type="hidden" name="current_dir" value="{{ current }}"/>
+ <input type="hidden" name="current_dir" value="{{ current|urlencode }}"/>
<input type="hidden" name="next" value="{{ next_url }}"/>
<div class="input-group" style="max-width: 350px;">
<span class="input-group-btn" id="store-upload-browse">
<span class="btn btn-primary btn-xs">
{% trans "Browse..." %}
- </span>
+ </span>
</span>
- <input type="text" class="form-control input-tags"
+ <input type="text" class="form-control input-tags"
id="store-upload-filename"/>
<span class="input-group-btn">
<button type="submit" class="btn btn-primary btn-xs" disabled>
@@ -33,13 +33,13 @@
</div><!-- .col-sm-6 upload -->
<div class="col-sm-6">
- <a href="{% url "dashboard.views.store-remove" %}?path={{ current }}"
- class="btn btn-danger btn-xs pull-right store-action-button"
+ <a href="{% url "dashboard.views.store-remove" %}?path={{ current|urlencode }}"
+ class="btn btn-danger btn-xs pull-right store-action-button"
title="{% trans "Remove directory" %}">
<i class="fa fa-times"></i>
</a>
- <a href="{% url "dashboard.views.store-download" %}?path={{ current }}"
- class="btn btn-primary btn-xs pull-right store-action-button"
+ <a href="{% url "dashboard.views.store-download" %}?path={{ current|urlencode }}"
+ class="btn btn-primary btn-xs pull-right store-action-button"
title="{% trans "Download directory" %}">
<i class="fa fa-cloud-download"></i>
</a>
@@ -51,7 +51,7 @@
<span class="input-group-addon input-tags" title="{% trans "New directory" %}">
<i class="fa fa-folder-open"></i>
</span>
- <input type="text" class="form-control input-tags" name="name"
+ <input type="text" class="form-control input-tags" name="name"
placeholder="{% trans "Name "%}" required/>
<span class="input-group-btn">
<input type="submit" class="btn btn-success btn-xs" value="{% trans "Create" %}"/>
@@ -64,7 +64,7 @@
</div><!-- .list-group -->
<div class="list-group" id="store-list-list">
- <a href="{% url "dashboard.views.store-list" %}?directory={{ up_url }}"
+ <a href="{% url "dashboard.views.store-list" %}?directory={{ up_url|urlencode }}"
class="list-group-item store-list-item" data-item-type="D">
{% if current == "/" %}
<div class="store-list-item-icon">
@@ -85,8 +85,8 @@
{% for f in root %}
<a class="list-group-item store-list-item" data-item-type="{{ f.TYPE }}"
- href="{% if f.TYPE == "D" %}{% url "dashboard.views.store-list" %}?directory={{ f.path }}{% else %}
- {% url "dashboard.views.store-download" %}?path={{ f.path }}{% endif %}"
+ href="{% if f.TYPE == "D" %}{% url "dashboard.views.store-list" %}?directory={{ f.path|urlencode }}{% else %}
+ {% url "dashboard.views.store-download" %}?path={{ f.path|urlencode }}{% endif %}"
>
<div class="store-list-item-icon">
<i class="
@@ -101,7 +101,7 @@
<span class="badge badge-pulse">{% trans "new" %}</span>
{% endif %}
</div>
-
+
<div class="store-list-item-size">
{{ f.human_readable_size }}
</div>
@@ -122,12 +122,12 @@
</dl>
</div>
<div class="col-sm-2" style="text-align: right;">
- <a href="{% url "dashboard.views.store-download" %}?path={{ f.path }}"
+ <a href="{% url "dashboard.views.store-download" %}?path={{ f.path|urlencode }}"
class="btn btn-primary btn-sm store-download-button">
<i class="fa fa-download"></i>
{% trans "Download" %}
</a>
- <a href="{% url "dashboard.views.store-remove" %}?path={{ f.path }}"
+ <a href="{% url "dashboard.views.store-remove" %}?path={{ f.path|urlencode }}"
class="btn btn-danger btn-xs store-remove-button">
<i class="fa fa-times"></i>
{% trans "Remove" %}
diff --git a/circle/dashboard/views/store.py b/circle/dashboard/views/store.py
index a7debdc..d7acf3c 100644
--- a/circle/dashboard/views/store.py
+++ b/circle/dashboard/views/store.py
@@ -23,6 +23,7 @@ from os.path import join, normpath, dirname, basename
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.decorators import login_required
+from django.template.defaultfilters import urlencode
from django.core.cache import get_cache
from django.core.exceptions import SuspiciousOperation
from django.core.urlresolvers import reverse
@@ -55,7 +56,7 @@ class StoreList(LoginRequiredMixin, TemplateView):
context['current'] = directory
context['next_url'] = "%s%s?directory=%s" % (
settings.DJANGO_URL.rstrip("/"),
- reverse("dashboard.views.store-list"), directory)
+ reverse("dashboard.views.store-list"), urlencode(directory))
return context
def get(self, *args, **kwargs):
@@ -112,7 +113,7 @@ def store_upload(request):
next_url = "%s%s?directory=%s" % (
settings.DJANGO_URL.rstrip("/"),
- reverse("dashboard.views.store-list"), directory)
+ reverse("dashboard.views.store-list"), urlencode(directory))
return render(request, "dashboard/store/upload.html",
{'directory': directory, 'action': action,
@@ -168,7 +169,7 @@ class StoreRemove(LoginRequiredMixin, TemplateView):
return redirect("%s?directory=%s" % (
reverse("dashboard.views.store-list"),
- dirname(dirname(path)),
+ urlencode(dirname(dirname(path))),
))
@@ -185,7 +186,7 @@ def store_new_directory(request):
name, path, unicode(request.user))
messages.error(request, _("Unable to create folder."))
return redirect("%s?directory=%s" % (
- reverse("dashboard.views.store-list"), path))
+ reverse("dashboard.views.store-list"), urlencode(path)))
@require_POST