diff --git a/bookwyrm/outgoing.py b/bookwyrm/outgoing.py index a01d8cfe..e563a225 100644 --- a/bookwyrm/outgoing.py +++ b/bookwyrm/outgoing.py @@ -41,6 +41,9 @@ def handle_remote_webfinger(query): user = None # usernames could be @user@domain or user@domain + if not query: + return None + if query[0] == '@': query = query[1:] @@ -218,7 +221,7 @@ def handle_status(user, form): # inspect the text for user tags matches = [] - for match in re.finditer(regex.username, status.content): + for match in re.finditer(regex.strict_username, status.content): username = match.group().strip().split('@')[1:] if len(username) == 1: # this looks like a local user (@user), fill in the domain diff --git a/bookwyrm/utils/regex.py b/bookwyrm/utils/regex.py index 7453b781..8045e7f3 100644 --- a/bookwyrm/utils/regex.py +++ b/bookwyrm/utils/regex.py @@ -2,5 +2,7 @@ domain = r'[a-z-A-Z0-9_\-]+\.[a-z]+' localname = r'@?[a-zA-Z_\-\.0-9]+' +strict_localname = r'@[a-zA-Z_\-\.0-9]+' username = r'%s(@%s)?' % (localname, domain) +strict_username = r'%s(@%s)?' % (strict_localname, domain) full_username = r'%s@%s' % (localname, domain) diff --git a/bookwyrm/view_actions.py b/bookwyrm/view_actions.py index a8f85c02..8a686bab 100644 --- a/bookwyrm/view_actions.py +++ b/bookwyrm/view_actions.py @@ -593,14 +593,14 @@ def tag(request): def untag(request): ''' untag a book ''' name = request.POST.get('name') - tag = get_object_or_404(models.Tag, name=name) + tag_obj = get_object_or_404(models.Tag, name=name) book_id = request.POST.get('book') book = get_object_or_404(models.Edition, id=book_id) - tag = get_object_or_404( - models.UserTag, tag=tag, book=book, user=request.user) - tag_activity = tag.to_remove_activity(request.user) - tag.delete() + user_tag = get_object_or_404( + models.UserTag, tag=tag_obj, book=book, user=request.user) + tag_activity = user_tag.to_remove_activity(request.user) + user_tag.delete() broadcast(request.user, tag_activity) return redirect('/book/%s' % book_id)