diff --git a/searx/autocomplete.py b/searx/autocomplete.py index e9cdc8ba9..828e85e42 100644 --- a/searx/autocomplete.py +++ b/searx/autocomplete.py @@ -1,13 +1,15 @@ from lxml import etree from requests import get from json import loads +from urllib import urlencode def dbpedia(query): # dbpedia autocompleter - autocomplete_url = 'http://lookup.dbpedia.org/api/search.asmx/KeywordSearch?QueryString={q}' # noqa + autocomplete_url = 'http://lookup.dbpedia.org/api/search.asmx/KeywordSearch?' # noqa - response = get(autocomplete_url.format(q=query)) + response = get(autocomplete_url + + urlencode(dict(QueryString=query))) results = [] @@ -21,14 +23,15 @@ def dbpedia(query): def google(query): # google autocompleter - autocomplete_url = 'http://suggestqueries.google.com/complete/search?client=toolbar&q={q}' # noqa + autocomplete_url = 'http://suggestqueries.google.com/complete/search?client=toolbar&' # noqa - response = get(autocomplete_url.format(q=query)) + response = get(autocomplete_url + + urlencode(dict(q=query))) results = [] if response.ok: - dom = etree.fromstring(response.content) + dom = etree.fromstring(response.text) results = dom.xpath('//suggestion/@data') return results @@ -36,9 +39,9 @@ def google(query): def wikipedia(query): # wikipedia autocompleter - url = 'https://en.wikipedia.org/w/api.php?action=opensearch&search={q}&limit=10&namespace=0&format=json' # noqa + url = 'https://en.wikipedia.org/w/api.php?action=opensearch&{0}&limit=10&namespace=0&format=json' # noqa - resp = loads(get(url.format(q=query)).text) + resp = loads(get(url.format(urlencode(dict(q=query)))).text) return resp[1] diff --git a/searx/webapp.py b/searx/webapp.py index 1058d9e65..156ef4745 100644 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -252,7 +252,7 @@ def autocompleter(): request_data = request.args # TODO fix XSS-vulnerability - query = request_data.get('q') + query = request_data.get('q', '').encode('utf-8') if not query: return @@ -262,11 +262,7 @@ def autocompleter(): if not completer: return - try: - results = completer(query) - except Exception, e: - print e - results = [] + results = completer(query) if request_data.get('format') == 'x-suggestions': return Response(json.dumps([query, results]),