From 933654fcbb7e37e698ff46d87cc853cf83a948b5 Mon Sep 17 00:00:00 2001 From: moson Date: Thu, 19 Oct 2023 18:40:37 +0200 Subject: [PATCH] fix: Restrict context var override on the package page Users can (accidentally) override context vars with query params. This may lead to issues when rendering templates (e.g. "comments="). Signed-off-by: moson --- aurweb/pkgbase/util.py | 12 +----------- aurweb/routers/packages.py | 3 ++- 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/aurweb/pkgbase/util.py b/aurweb/pkgbase/util.py index 46d6e2db..695a2a38 100644 --- a/aurweb/pkgbase/util.py +++ b/aurweb/pkgbase/util.py @@ -11,17 +11,7 @@ from aurweb.models.package_comment import PackageComment from aurweb.models.package_request import PENDING_ID, PackageRequest from aurweb.models.package_vote import PackageVote from aurweb.scripts import notify -from aurweb.templates import ( - make_context as _make_context, - make_variable_context as _make_variable_context, -) - - -async def make_variable_context( - request: Request, pkgbase: PackageBase -) -> dict[str, Any]: - ctx = await _make_variable_context(request, pkgbase.Name) - return make_context(request, pkgbase, ctx) +from aurweb.templates import make_context as _make_context def make_context( diff --git a/aurweb/routers/packages.py b/aurweb/routers/packages.py index 3f96d71c..0f11b302 100644 --- a/aurweb/routers/packages.py +++ b/aurweb/routers/packages.py @@ -167,7 +167,8 @@ async def package( rels_data["r"].append(rel) # Add our base information. - context = await pkgbaseutil.make_variable_context(request, pkgbase) + context = pkgbaseutil.make_context(request, pkgbase) + context["q"] = dict(request.query_params) context.update({"all_deps": all_deps, "all_reqs": all_reqs})