0001-fields-add-validation-on-comment-field-30618.patch
tests/test_admin_pages.py | ||
---|---|---|
1583 | 1583 |
resp = app.get('/backoffice/forms/1/fields/1/') |
1584 | 1584 |
assert 'WysiwygTextWidget' not in resp.body |
1585 | 1585 | |
1586 |
# bad {% %} usage |
|
1587 |
resp.form.fields['label'][0].value = '{% if cond %}no endif provided' |
|
1588 |
resp = resp.form.submit('submit') |
|
1589 |
assert 'syntax error in Django template: Unclosed tag on line 1' in resp.body |
|
1590 | ||
1591 |
# bad {{ }} usage |
|
1592 |
resp.form.fields['label'][0].value = '{{0+0}}' |
|
1593 |
resp = resp.form.submit('submit') |
|
1594 |
assert 'syntax error in Django template: Could not parse' in resp.body |
|
1595 | ||
1596 |
# bad EZT syntax |
|
1597 |
resp.form.fields['label'][0].value = '[end]' |
|
1598 |
resp = resp.form.submit('submit') |
|
1599 |
assert 'syntax error in ezt template: unmatched [end]' in resp.body |
|
1600 | ||
1586 | 1601 |
def test_form_edit_map_field(pub): |
1587 | 1602 |
create_superuser(pub) |
1588 | 1603 |
create_role() |
wcs/fields.py | ||
---|---|---|
641 | 641 |
def fill_admin_form(self, form): |
642 | 642 |
if self.label and (self.label[0] != '<' and '[end]' in self.label): |
643 | 643 |
form.add(TextWidget, 'label', title=_('Label'), value=self.label, |
644 |
validation_function=ComputedExpressionWidget.validate_template, |
|
644 | 645 |
required=True, cols=70, rows=3, render_br=False) |
645 | 646 |
else: |
646 | 647 |
form.add(WysiwygTextWidget, 'label', title=_('Label'), |
648 |
validation_function=ComputedExpressionWidget.validate_template, |
|
647 | 649 |
value=self.get_html_content(), required=True) |
648 | 650 |
form.add(StringWidget, 'extra_css_class', title = _('Extra classes for CSS styling'), |
649 | 651 |
value=self.extra_css_class, size=30, advanced=(not self.extra_css_class)) |
wcs/qommon/form.py | ||
---|---|---|
517 | 517 |
self.validation_function = kwargs.pop('validation_function', None) |
518 | 518 |
super(TextWidget, self).__init__(name, *args, **kwargs) |
519 | 519 | |
520 |
def _parse(self, request): |
|
520 |
def _parse(self, request, use_validation_function=True):
|
|
521 | 521 |
quixote.form.TextWidget._parse(self, request) |
522 | 522 |
if self.value is not None: |
523 | 523 |
try: |
... | ... | |
528 | 528 |
uvalue = self.value.decode(get_publisher().site_charset) |
529 | 529 |
if len(uvalue) > maxlength: |
530 | 530 |
self.error = _('too many characters (limit is %d)') % maxlength |
531 |
if self.validation_function: |
|
531 |
if use_validation_function and self.validation_function:
|
|
532 | 532 |
try: |
533 | 533 |
self.validation_function(self.value) |
534 | 534 |
except ValueError as e: |
... | ... | |
1479 | 1479 |
return r.getvalue() |
1480 | 1480 | |
1481 | 1481 |
class WysiwygTextWidget(TextWidget): |
1482 |
def _parse(self, request): |
|
1482 |
def _parse(self, request, use_validation_function=False):
|
|
1483 | 1483 |
TextWidget._parse(self, request) |
1484 | 1484 |
if self.value: |
1485 | 1485 |
if _sanitizeHTML: |
... | ... | |
1494 | 1494 |
def unquote_django(matchobj): |
1495 | 1495 |
return parser.unescape(unicode(matchobj.group(0), charset)).encode(charset) |
1496 | 1496 |
self.value = re.sub('{[{%](.*?)[%}]}', unquote_django, self.value) |
1497 |
if self.validation_function: |
|
1498 |
try: |
|
1499 |
self.validation_function(self.value) |
|
1500 |
except ValueError as e: |
|
1501 |
self.error = str(e) |
|
1497 | 1502 | |
1498 | 1503 |
def add_media(self): |
1499 | 1504 |
get_response().add_javascript(['qommon.wysiwyg.js']) |
1500 |
- |