Merge pull request #914 from edx/fix/adam/instr-dash-strip

strip processed fields in instructor dash

Merge pull request #914 from edx/fix/adam/instr-dash-strip
strip processed fields in instructor dash
4b07aa0f · Adam · b1679907 · 8bbc11cb · 4b07aa0f · 4b07aa0f
Commit 4b07aa0f authored Sep 12, 2013 by Adam
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 15 deletions

lms/djangoapps/instructor/views/api.py
+10 -9

lms/djangoapps/instructor/views/legacy.py
+14 -6

lms/djangoapps/instructor/views/tools.py
+7 -0

No files found.
--- a/lms/djangoapps/instructor/views/api.py
+++ b/lms/djangoapps/instructor/views/api.py
@@ -32,6 +32,7 @@ import instructor_task.api
 from instructor_task.api_helper import AlreadyRunningError
 import instructor.enrollment as enrollment
 from instructor.enrollment import enroll_email, unenroll_email
+from instructor.views.tools import strip_if_string
 import instructor.access as access
 import analytics.basic
 import analytics.distributions
@@ -233,7 +234,7 @@ def modify_access(request, course_id):
        request.user, course_id, 'instructor', depth=None
    )

-    email = request.GET.get('email')
+    email = strip_if_string(request.GET.get('email'))
    rolename = request.GET.get('rolename')
    action = request.GET.get('action')

@@ -433,7 +434,7 @@ def get_student_progress_url(request, course_id):
        'progress_url': '/../...'
    }
    """
-    student_email = request.GET.get('student_email')
+    student_email = strip_if_string(request.GET.get('student_email'))
    user = User.objects.get(email=student_email)

    progress_url = reverse('student_progress', kwargs={'course_id': course_id, 'student_id': user.id})
@@ -474,8 +475,8 @@ def reset_student_attempts(request, course_id):
        request.user, course_id, 'staff', depth=None
    )

-    problem_to_reset = request.GET.get('problem_to_reset')
-    student_email = request.GET.get('student_email')
+    problem_to_reset = strip_if_string(request.GET.get('problem_to_reset'))
+    student_email = strip_if_string(request.GET.get('student_email'))
    all_students = request.GET.get('all_students', False) in ['true', 'True', True]
    delete_module = request.GET.get('delete_module', False) in ['true', 'True', True]

@@ -531,8 +532,8 @@ def rescore_problem(request, course_id):

    all_students and student_email cannot both be present.
    """
-    problem_to_reset = request.GET.get('problem_to_reset')
-    student_email = request.GET.get('student_email', False)
+    problem_to_reset = strip_if_string(request.GET.get('problem_to_reset'))
+    student_email = strip_if_string(request.GET.get('student_email', False))
    all_students = request.GET.get('all_students') in ['true', 'True', True]

    if not (problem_to_reset and (all_students or student_email)):
@@ -576,8 +577,8 @@ def list_instructor_tasks(request, course_id):
        - `problem_urlname` and `student_email` lists task
            history for problem AND student (intersection)
    """
-    problem_urlname = request.GET.get('problem_urlname', False)
-    student_email = request.GET.get('student_email', False)
+    problem_urlname = strip_if_string(request.GET.get('problem_urlname', False))
+    student_email = strip_if_string(request.GET.get('student_email', False))

    if student_email and not problem_urlname:
        return HttpResponseBadRequest(
@@ -693,7 +694,7 @@ def update_forum_role_membership(request, course_id):
        request.user, course_id, FORUM_ROLE_ADMINISTRATOR
    )

-    email = request.GET.get('email')
+    email = strip_if_string(request.GET.get('email'))
    rolename = request.GET.get('rolename')
    action = request.GET.get('action')


--- a/lms/djangoapps/instructor/views/legacy.py
+++ b/lms/djangoapps/instructor/views/legacy.py
@@ -41,6 +41,7 @@ from django_comment_common.models import (Role,
                                          FORUM_ROLE_COMMUNITY_TA)
 from django_comment_client.utils import has_forum_access
 from instructor.offline_gradecalc import student_grades, offline_grades_available
+from instructor.views.tools import strip_if_string
 from instructor_task.api import (get_running_instructor_tasks,
                                 get_instructor_task_history,
                                 submit_rescore_problem_for_all_students,
@@ -171,6 +172,9 @@ def instructor_dashboard(request, course_id):
        Form is either urlname or modulename/urlname.  If no modulename
        is provided, "problem" is assumed.
        """
+        # remove whitespace
+        urlname = strip_if_string(urlname)
+
        # tolerate an XML suffix in the urlname
        if urlname[-4:] == ".xml":
            urlname = urlname[:-4]
@@ -185,6 +189,7 @@ def instructor_dashboard(request, course_id):

    def get_student_from_identifier(unique_student_identifier):
        """Gets a student object using either an email address or username"""
+        unique_student_identifier = strip_if_string(unique_student_identifier)
        msg = ""
        try:
            if "@" in unique_student_identifier:
@@ -706,12 +711,14 @@ def instructor_dashboard(request, course_id):
        html_message = request.POST.get("message")
        text_message = html_to_text(html_message)

-        email = CourseEmail(course_id=course_id,
-                            sender=request.user,
-                            to_option=email_to_option,
-                            subject=email_subject,
-                            html_message=html_message,
-                            text_message=text_message)
+        email = CourseEmail(
+            course_id=course_id,
+            sender=request.user,
+            to_option=email_to_option,
+            subject=email_subject,
+            html_message=html_message,
+            text_message=text_message
+        )

        email.save()

@@ -994,6 +1001,7 @@ def _add_or_remove_user_group(request, username_or_email, group, group_title, ev
    to do.
    """
    user = None
+    username_or_email = strip_if_string(username_or_email)
    try:
        if '@' in username_or_email:
            user = User.objects.get(email=username_or_email)

--- a/lms/djangoapps/instructor/views/tools.py
+++ b/lms/djangoapps/instructor/views/tools.py
+"""
+Tools for the instructor dashboard
+"""
+def strip_if_string(value):
+    if isinstance(value, basestring):
+        return value.strip()
+    return value