[FIX] website_forum: fixes

    [FIX] website_forum: escape the tags from post at texttext rendering
    [FIX] website_forum: jquery is not already loaded
    [FIX] website_forum: use uid from session because WebsiteForum object has no attribute '_uid'

diff --git a/addons/website_forum/controllers/main.py b/addons/website_forum/controllers/main.py
index 5aca5df..b993342 100644 (file)
--- a/addons/website_forum/controllers/main.py
+++ b/addons/website_forum/controllers/main.py
@@ -261,7 +261,7 @@ class WebsiteForum(http.Controller):
         if not post_type in ['question', 'link', 'discussion']:  # fixme: make dynamic
             return werkzeug.utils.redirect('/forum/%s' % slug(forum))
         if not user.email or not tools.single_email_re.match(user.email):
-            return werkzeug.utils.redirect("/forum/%s/user/%s/edit?email_required=1" % (slug(forum), self._uid))
+            return werkzeug.utils.redirect("/forum/%s/user/%s/edit?email_required=1" % (slug(forum), request.session.uid))
         values = self._prepare_forum_values(forum=forum, searches={},  header={'ask_hide': True})
         return request.website.render("website_forum.new_%s" % post_type, values)
 

diff --git a/addons/website_forum/static/src/js/website_forum.js b/addons/website_forum/static/src/js/website_forum.js
index 1a5b25c..b887e5f 100644 (file)
--- a/addons/website_forum/static/src/js/website_forum.js
+++ b/addons/website_forum/static/src/js/website_forum.js
@@ -152,6 +152,10 @@ $(document).ready(function () {
             set_tags(tags);
         };
 
+        function htmlEntities(str) {
+            return String(str).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+        }
+
         function set_tags(tags) {
             $("input.load_tags").textext({
                 plugins: 'tags focus autocomplete ajax',
@@ -169,11 +173,11 @@ $(document).ready(function () {
                                 val  = self.val();
                             self.clearItems();
                             $.each(suggestions || [], function(index, item) {
-                                self.addSuggestion(item);
+                                self.addSuggestion(htmlEntities(item));
                             });
                             var lowerCasesuggestions = $.map(suggestions, function(n,i){return n.toLowerCase();});
                             if(jQuery.inArray(val.toLowerCase(), lowerCasesuggestions) ==-1) {
-                                self.addSuggestion("Create '" + val + "'");
+                                self.addSuggestion("Create '" + htmlEntities(val) + "'");
                             }
                         },
                     },

diff --git a/addons/website_forum/views/website_forum.xml b/addons/website_forum/views/website_forum.xml
index 18e3f20..63c6597 100644 (file)
--- a/addons/website_forum/views/website_forum.xml
+++ b/addons/website_forum/views/website_forum.xml
@@ -421,9 +421,9 @@
     <t t-call="website_forum.header">
         <t t-set="head">
             <script type="text/javascript">
-                $(function () {
+                window.onload = function() {
                     $("[data-toggle='popover']").popover();
-                });
+                };
             </script>
         </t>
         <h1 class="mt0">Ask Your Question</h1>