From 190fae3b9abbd857d5d1b73e76348865b4bb6538 Mon Sep 17 00:00:00 2001 From: Helmut Merz Date: Fri, 10 Jul 2015 09:06:23 +0200 Subject: [PATCH 1/3] HTML sanitize: allow controlling of allowed styles --- util/html.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/html.py b/util/html.py index a8d9e4e..485e2b1 100644 --- a/util/html.py +++ b/util/html.py @@ -70,11 +70,11 @@ def sanitizeStyle(value, validStyles=validStyles): parts = item.split(':') if len(parts) == 2: k, v = parts - if checkStyle(k): + if checkStyle(k, validStyles): result.append(item.strip()) return '; '.join(result) -def checkStyle(k): +def checkStyle(k, validStyles=validStyles): k = k.strip().lower() if k in validStyles: return True From b5994952c0b6e747417c04d588733fba2a6714dd Mon Sep 17 00:00:00 2001 From: Helmut Merz Date: Fri, 10 Jul 2015 09:06:47 +0200 Subject: [PATCH 2/3] add *.pyo to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 898d2c7..1c8fc89 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ *.pyc +*.pyo ajax/dojo/* *.project *.pydevproject From 129f4ba73d835c3f43323616ef2c252793f77dca Mon Sep 17 00:00:00 2001 From: Helmut Merz Date: Fri, 10 Jul 2015 09:07:24 +0200 Subject: [PATCH 3/3] avoid querying for runId = None --- tracking/btree.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tracking/btree.py b/tracking/btree.py index f817535..132fc06 100644 --- a/tracking/btree.py +++ b/tracking/btree.py @@ -270,6 +270,8 @@ class TrackingStorage(BTreeContainer): def getUserTracks(self, taskId, runId, userName): if not runId: runId = self.currentRuns.get(taskId) + if runId is None: + return [] return self.query(taskId=taskId, runId=runId, userName=userName) def getLastUserTrack(self, taskId, runId, userName): @@ -283,6 +285,8 @@ class TrackingStorage(BTreeContainer): result = None for idx in kw: value = kw[idx] + if idx == 'runId' and value is None: + continue if idx in self.indexAttributes: if type(value) not in (list, tuple): value = [value]