Fix/remove userse of dictsort function

As of django 3.2.11 in what's considered a security fix (wouldn't be in
our use cases, but could be in others), we can no longer use dictsort
on lower() -- doing so returns an empty list.

So instead we create a new filter called sort_lower, and use that one
fromt he two places where we use the filter.

This bug caused the list of translations and yearly reports no the CoC
page to become empty. Spotted by Umair Shahid.

diff --git a/pgweb/core/templatetags/pgfilters.py b/pgweb/core/templatetags/pgfilters.py
index f5531a440e7fc25d7ca82db4800abd95fd267946..bcdb43a5ba73fc2544b77071a693495af01dbb19 100644 (file)
--- a/pgweb/core/templatetags/pgfilters.py
+++ b/pgweb/core/templatetags/pgfilters.py
@@ -119,6 +119,11 @@ def list_templates(value):
             yield f.stem
 
 
+@register.filter()
+def sort_lower(value, reverse=False):
+    return sorted(value, key=lambda x: x.lower(), reverse=reverse)
+
+
 @register.filter()
 def languagename(lang):
     try:

diff --git a/templates/base/cocpage.html b/templates/base/cocpage.html
index cd4416ba9eb12e52cc23774ba82bc10e599ac49f..135fdad5cbd8711cf572dc0b9a0ab6401dc8d8e6 100644 (file)
--- a/templates/base/cocpage.html
+++ b/templates/base/cocpage.html
@@ -9,7 +9,7 @@
     <h1>Translations</h1>
     <ul>
       <li><span lang="en"><a href="/about/policies/coc/">English</a></span></li>
-{%for l in "pages/about/policies/coc"|list_templates|dictsort:"lower"%}
+{%for l in "pages/about/policies/coc"|list_templates|sort_lower%}
       <li><span lang="{{l}}"><a href="/about/policies/coc/{{l}}/">{{l|languagename}}</a></span></li>
 {%endfor%}
       <li><a href="/about/policies/coc-translations/">How to Translate</a></li>
@@ -20,7 +20,7 @@
     </ul>
     <h1>Annual Reports</h1>
     <ul>
-{% for t in "pages/about/policies/coc/reports"|list_templates|dictsortreversed:"lower" %}
+{% for t in "pages/about/policies/coc/reports"|list_templates|sort_lower:True %}
       <li><a href="/about/policies/coc/reports/{{t}}/">{{t}}</a></li>
 {%endfor%}
     </ul>