From e0a04b50405a649592f9bcc23f0386b9f3512ec4 Mon Sep 17 00:00:00 2001 From: Sam Splunks <72095718+samsplunks@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:33:17 +0000 Subject: [PATCH 1/9] Javascript escape of html entities in ticket title for the My Tickets view --- helpdesk/templates/helpdesk/my_tickets.html | 1 + 1 file changed, 1 insertion(+) diff --git a/helpdesk/templates/helpdesk/my_tickets.html b/helpdesk/templates/helpdesk/my_tickets.html index ab25a840..c411703b 100644 --- a/helpdesk/templates/helpdesk/my_tickets.html +++ b/helpdesk/templates/helpdesk/my_tickets.html @@ -35,6 +35,7 @@ window.addEventListener('load', function() $.get(endpoint, function(data) { $('#ticketsTable tbody').empty(); data.results.forEach(function(ticket) { + ticket.title = $('div').text(ticket.title).html(); $('#ticketsTable tbody').append(` From f710c0792754e37674089352109c8f1b24986173 Mon Sep 17 00:00:00 2001 From: Sam Splunks <72095718+samsplunks@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:35:26 +0000 Subject: [PATCH 2/9] Escape html entities for followup title in ticket view --- helpdesk/templates/helpdesk/ticket.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helpdesk/templates/helpdesk/ticket.html b/helpdesk/templates/helpdesk/ticket.html index dfa8c9ee..26a0dadb 100644 --- a/helpdesk/templates/helpdesk/ticket.html +++ b/helpdesk/templates/helpdesk/ticket.html @@ -42,7 +42,7 @@ {% for followup in ticket.followup_set.all %}
-
{{ followup.title|num_to_link }}
+
{{ followup.title|escape|num_to_link }}
 {% if followup.user %}by {{ followup.user }},{% endif %} {{ followup.date|naturaltime }}{% if helpdesk_settings.HELPDESK_ENABLE_TIME_SPENT_ON_TICKET %}{% if followup.time_spent %}{% endif %}, {% trans "time spent" %}: {{ followup.time_spent_formated }}{% endif %} {% if not followup.public %} ({% trans "Private" %}){% endif %}

From 8d2b09bb1159847b995ab0c4391f9c9d3acf3359 Mon Sep 17 00:00:00 2001 From: Sam Splunks <72095718+samsplunks@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:47:23 +0000 Subject: [PATCH 3/9] Update kb vote function --- helpdesk/templates/helpdesk/kb_category_base.html | 4 ++-- helpdesk/tests/test_kb.py | 4 ++-- helpdesk/urls.py | 2 +- helpdesk/views/kb.py | 3 +-- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/helpdesk/templates/helpdesk/kb_category_base.html b/helpdesk/templates/helpdesk/kb_category_base.html index e1ce3d2f..4b276f0e 100644 --- a/helpdesk/templates/helpdesk/kb_category_base.html +++ b/helpdesk/templates/helpdesk/kb_category_base.html @@ -25,8 +25,8 @@

{% if request.user.pk %}
-
-
+
+
{% endif %} {% if staff %} diff --git a/helpdesk/tests/test_kb.py b/helpdesk/tests/test_kb.py index 23525586..ab90ca3b 100644 --- a/helpdesk/tests/test_kb.py +++ b/helpdesk/tests/test_kb.py @@ -67,14 +67,14 @@ class KBTests(TestCase): self.client.login(username=self.user.get_username(), password='password') response = self.client.get( - reverse('helpdesk:kb_vote', args=(self.kbitem1.pk,)) + "?vote=up") + reverse('helpdesk:kb_vote', args=(self.kbitem1.pk, "up"))) cat_url = reverse('helpdesk:kb_category', args=("test_cat",)) + "?kbitem=1" self.assertRedirects(response, cat_url) response = self.client.get(cat_url) self.assertContains(response, '1 people found this answer useful of 1') response = self.client.get( - reverse('helpdesk:kb_vote', args=(self.kbitem1.pk,)) + "?vote=down") + reverse('helpdesk:kb_vote', args=(self.kbitem1.pk, "down"))) self.assertRedirects(response, cat_url) response = self.client.get(cat_url) self.assertContains(response, '0 people found this answer useful of 1') diff --git a/helpdesk/urls.py b/helpdesk/urls.py index 48eab200..dc3f0eef 100644 --- a/helpdesk/urls.py +++ b/helpdesk/urls.py @@ -251,7 +251,7 @@ if helpdesk_settings.HELPDESK_KB_ENABLED: path("kb/", kb.index, name="kb_index"), re_path(r"^kb/(?P[A-Za-z0-9_-]+)/$", kb.category, name="kb_category"), - path("kb//vote/", kb.vote, name="kb_vote"), + path("kb//vote/(?Pup|down)/", kb.vote, name="kb_vote"), re_path( r"^kb_iframe/(?P[A-Za-z0-9_-]+)/$", kb.category_iframe, diff --git a/helpdesk/views/kb.py b/helpdesk/views/kb.py index 1f619a65..cd1983ef 100644 --- a/helpdesk/views/kb.py +++ b/helpdesk/views/kb.py @@ -59,9 +59,8 @@ def category_iframe(request, slug): return category(request, slug, iframe=True) -def vote(request, item): +def vote(request, item, vote): item = get_object_or_404(KBItem, pk=item) - vote = request.GET.get('vote', None) if vote == 'up': if not item.voted_by.filter(pk=request.user.pk): item.votes += 1 From af2fac038c6b3dae8a7634ea07db203c8122dea8 Mon Sep 17 00:00:00 2001 From: Sam Splunks <72095718+samsplunks@users.noreply.github.com> Date: Fri, 6 Dec 2024 09:19:06 +0000 Subject: [PATCH 4/9] Update votes with POST method and CSRF token --- .../templates/helpdesk/kb_category_base.html | 6 ++++-- helpdesk/tests/test_kb.py | 17 +++++++++-------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/helpdesk/templates/helpdesk/kb_category_base.html b/helpdesk/templates/helpdesk/kb_category_base.html index 4b276f0e..2b679e37 100644 --- a/helpdesk/templates/helpdesk/kb_category_base.html +++ b/helpdesk/templates/helpdesk/kb_category_base.html @@ -25,8 +25,10 @@
{% if request.user.pk %}
-
-
+
{% csrf_token %} +
+
{% csrf_token %} +
{% endif %} {% if staff %} diff --git a/helpdesk/tests/test_kb.py b/helpdesk/tests/test_kb.py index ab90ca3b..4430bf17 100644 --- a/helpdesk/tests/test_kb.py +++ b/helpdesk/tests/test_kb.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -from django.test import TestCase +from django.test import TestCase, Client from django.urls import reverse from helpdesk.models import KBCategory, KBItem, Queue, Ticket from helpdesk.tests.helpers import get_staff_user @@ -64,19 +64,20 @@ class KBTests(TestCase): self.assertContains(response, '1 open tickets') def test_kb_vote(self): - self.client.login(username=self.user.get_username(), + client = Client(enforce_csrf_checks=True) + client.login(username=self.user.get_username(), password='password') - response = self.client.get( - reverse('helpdesk:kb_vote', args=(self.kbitem1.pk, "up"))) + response = client.post( + reverse('helpdesk:kb_vote', args=(self.kbitem1.pk, "up")), params={}) cat_url = reverse('helpdesk:kb_category', args=("test_cat",)) + "?kbitem=1" self.assertRedirects(response, cat_url) - response = self.client.get(cat_url) + response = client.get(cat_url) self.assertContains(response, '1 people found this answer useful of 1') - response = self.client.get( - reverse('helpdesk:kb_vote', args=(self.kbitem1.pk, "down"))) + response = client.post( + reverse('helpdesk:kb_vote', args=(self.kbitem1.pk, "down")), params={}) self.assertRedirects(response, cat_url) - response = self.client.get(cat_url) + response = client.get(cat_url) self.assertContains(response, '0 people found this answer useful of 1') def test_kb_category_iframe(self): From f7ca446bc998d51deeddf60820cc9b8eacdb7586 Mon Sep 17 00:00:00 2001 From: Sam Splunks <72095718+samsplunks@users.noreply.github.com> Date: Fri, 6 Dec 2024 10:03:57 +0000 Subject: [PATCH 5/9] Fixed url pattern --- helpdesk/urls.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helpdesk/urls.py b/helpdesk/urls.py index dc3f0eef..6cc7eb99 100644 --- a/helpdesk/urls.py +++ b/helpdesk/urls.py @@ -251,7 +251,7 @@ if helpdesk_settings.HELPDESK_KB_ENABLED: path("kb/", kb.index, name="kb_index"), re_path(r"^kb/(?P[A-Za-z0-9_-]+)/$", kb.category, name="kb_category"), - path("kb//vote/(?Pup|down)/", kb.vote, name="kb_vote"), + re_path(r"^kb/(?P\d+)/vote/(?Pup|down)/$", kb.vote, name="kb_vote"), re_path( r"^kb_iframe/(?P[A-Za-z0-9_-]+)/$", kb.category_iframe, From 93f612354500c0f589244d5985a2da0d12ae050c Mon Sep 17 00:00:00 2001 From: Sam Splunks <72095718+samsplunks@users.noreply.github.com> Date: Fri, 6 Dec 2024 10:07:08 +0000 Subject: [PATCH 6/9] Reverting to TestCase client --- helpdesk/tests/test_kb.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/helpdesk/tests/test_kb.py b/helpdesk/tests/test_kb.py index 4430bf17..d6c64560 100644 --- a/helpdesk/tests/test_kb.py +++ b/helpdesk/tests/test_kb.py @@ -64,20 +64,19 @@ class KBTests(TestCase): self.assertContains(response, '1 open tickets') def test_kb_vote(self): - client = Client(enforce_csrf_checks=True) - client.login(username=self.user.get_username(), + self.client.login(username=self.user.get_username(), password='password') - response = client.post( + response = self.client.post( reverse('helpdesk:kb_vote', args=(self.kbitem1.pk, "up")), params={}) cat_url = reverse('helpdesk:kb_category', args=("test_cat",)) + "?kbitem=1" self.assertRedirects(response, cat_url) - response = client.get(cat_url) + response = self.client.get(cat_url) self.assertContains(response, '1 people found this answer useful of 1') - response = client.post( + response = self.client.post( reverse('helpdesk:kb_vote', args=(self.kbitem1.pk, "down")), params={}) self.assertRedirects(response, cat_url) - response = client.get(cat_url) + response = self.client.get(cat_url) self.assertContains(response, '0 people found this answer useful of 1') def test_kb_category_iframe(self): From 9ab10b93e1408c382ee577c832be2e24d8b6d89a Mon Sep 17 00:00:00 2001 From: Sam Splunks <72095718+samsplunks@users.noreply.github.com> Date: Fri, 6 Dec 2024 10:11:29 +0000 Subject: [PATCH 7/9] Removing Test Client --- helpdesk/tests/test_kb.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helpdesk/tests/test_kb.py b/helpdesk/tests/test_kb.py index d6c64560..4805db34 100644 --- a/helpdesk/tests/test_kb.py +++ b/helpdesk/tests/test_kb.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -from django.test import TestCase, Client +from django.test import TestCase from django.urls import reverse from helpdesk.models import KBCategory, KBItem, Queue, Ticket from helpdesk.tests.helpers import get_staff_user From a2bf156d595583b76ca0bf28467e242c03f41749 Mon Sep 17 00:00:00 2001 From: Sam Splunks <72095718+samsplunks@users.noreply.github.com> Date: Fri, 6 Dec 2024 10:14:08 +0000 Subject: [PATCH 8/9] Bump helpdesk version \o/ --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 7775cc8c..240d9c85 100644 --- a/setup.py +++ b/setup.py @@ -6,7 +6,7 @@ from setuptools import find_packages, setup import sys -version = '1.2.0' +version = '1.3.0' # Provided as an attribute, so you can append to these instead From 5ae1c1fdcbf7fb1b5f74d2f6d88194ea2ef0ecfb Mon Sep 17 00:00:00 2001 From: Sam Splunks <72095718+samsplunks@users.noreply.github.com> Date: Fri, 6 Dec 2024 10:16:14 +0000 Subject: [PATCH 9/9] Forcing POST urls for votes --- helpdesk/views/kb.py | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/helpdesk/views/kb.py b/helpdesk/views/kb.py index cd1983ef..588878ce 100644 --- a/helpdesk/views/kb.py +++ b/helpdesk/views/kb.py @@ -61,21 +61,22 @@ def category_iframe(request, slug): def vote(request, item, vote): item = get_object_or_404(KBItem, pk=item) - if vote == 'up': - if not item.voted_by.filter(pk=request.user.pk): - item.votes += 1 - item.voted_by.add(request.user.pk) - item.recommendations += 1 - if item.downvoted_by.filter(pk=request.user.pk): - item.votes -= 1 - item.downvoted_by.remove(request.user.pk) - if vote == 'down': - if not item.downvoted_by.filter(pk=request.user.pk): - item.votes += 1 - item.downvoted_by.add(request.user.pk) - item.recommendations -= 1 - if item.voted_by.filter(pk=request.user.pk): - item.votes -= 1 - item.voted_by.remove(request.user.pk) - item.save() + if request.method == "POST": + if vote == 'up': + if not item.voted_by.filter(pk=request.user.pk): + item.votes += 1 + item.voted_by.add(request.user.pk) + item.recommendations += 1 + if item.downvoted_by.filter(pk=request.user.pk): + item.votes -= 1 + item.downvoted_by.remove(request.user.pk) + if vote == 'down': + if not item.downvoted_by.filter(pk=request.user.pk): + item.votes += 1 + item.downvoted_by.add(request.user.pk) + item.recommendations -= 1 + if item.voted_by.filter(pk=request.user.pk): + item.votes -= 1 + item.voted_by.remove(request.user.pk) + item.save() return HttpResponseRedirect(item.get_absolute_url())