Skip to content

C
clinicaltrials
Commit 572e180e authored by Romain Loth's avatar Romain Loth
Browse files
Options

use urllib parse + quote for better url sanitization

parent 55470c04
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 1 deletion
services/text/utils.py
View file @ 572e180e
from sqlite3 import connect, Row from sqlite3 import connect, Row
from re import sub, match from re import sub, match
from urllib.parse import quote, urlparse, urlunparse
if __package__ == "services.text": if __package__ == "services.text":
from services.tools import mlog from services.tools import mlog
...@@ -32,7 +33,12 @@ def sanitize(value, specific_type=None): ...@@ -32,7 +33,12 @@ def sanitize(value, specific_type=None):
# NB san_val_bool = bool(san_val) # NB san_val_bool = bool(san_val)
elif specific_type == "surl": elif specific_type == "surl":
san_val = sub(r'[^\w@\.: /~_+$?=&%-\'"]', '_', str_val) try:
san_val = urlunparse(map(quote,list(urlparse(str_val))))
except:
mlog("WARNING", "sanitize via urllib couldn't parse url '%s', using regexp sanitize instead" % str_val)
san_val = sub(r'[^\w@\.: /~_+$?=&%-]', '_', str_val)
elif specific_type == "sdate": elif specific_type == "sdate":
san_val = sub(r'[^0-9/-:]', '_', str_val) san_val = sub(r'[^0-9/-:]', '_', str_val)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment