Projet

Général

Profil

0001-fields-add-validation-on-comment-field-30618.patch

Nicolas Roche, 06 septembre 2019 16:53

Télécharger (6,54 ko)

Voir les différences: 

Subject: [PATCH] fields: add validation on comment field (#30618)


 tests/test_admin_pages.py | 74 +++++++++++++++++++++++++++++++++++++++
 wcs/fields.py             |  2 ++
 wcs/qommon/form.py        | 11 ++++--
 3 files changed, 84 insertions(+), 3 deletions(-)
tests/test_admin_pages.py
1583 1583 
    resp = app.get('/backoffice/forms/1/fields/1/')
1584 1584 
    assert 'WysiwygTextWidget' not in resp.body
1585 1585 

  		




  
  1586
  
    
def test_form_comment_field_textwidget_validation(pub):

  		




  
  1587
  
    
    create_superuser(pub)

  		




  
  1588
  
    
    FormDef.wipe()

  		




  
  1589
  
    
    formdef = FormDef()

  		




  
  1590
  
    
    formdef.name = 'form title'

  		




  
  1591
  
    
    # legacy, ezt syntax in a non-html field will be presented as a textarea

  		




  
  1592
  
    
    formdef.fields = [fields.CommentField(id='1', type='comment',

  		




  
  1593
  
    
        label='[if-any toto]hello world[end]')]

  		




  
  1594
  
    
    formdef.store()

  		




  
  1595
  
    
    app = login(get_app(pub))

  		




  
  1596
  
    
    resp = app.get('/backoffice/forms/1/fields/1/')

  		




  
  1597
  
    

  		




  
  1598
  
    
    # bad {% %} Django template syntax

  		




  
  1599
  
    
    assert 'WysiwygTextWidget' not in resp.body

  		




  
  1600
  
    
    resp.form.fields['label'][0].value = '{% if cond %}no endif provided'

  		




  
  1601
  
    
    resp = resp.form.submit('submit')

  		




  
  1602
  
    
    assert 'syntax error in Django template: Unclosed tag on line 1' in resp.body

  		




  
  1603
  
    

  		




  
  1604
  
    
    # bad {{ }} Django template syntax

  		




  
  1605
  
    
    assert 'WysiwygTextWidget' not in resp.body

  		




  
  1606
  
    
    resp.form.fields['label'][0].value = '{{0+0}}'

  		




  
  1607
  
    
    resp = resp.form.submit('submit')

  		




  
  1608
  
    
    assert 'syntax error in Django template: Could not parse' in resp.body

  		




  
  1609
  
    

  		




  
  1610
  
    
    # bad EZT syntax

  		




  
  1611
  
    
    assert 'WysiwygTextWidget' not in resp.body

  		




  
  1612
  
    
    resp.form.fields['label'][0].value = '[end]'

  		




  
  1613
  
    
    resp = resp.form.submit('submit')

  		




  
  1614
  
    
    assert 'syntax error in ezt template: unmatched [end]' in resp.body

  		




  
  1615
  
    

  		




  
  1616
  
    
    # good syntax

  		




  
  1617
  
    
    assert 'WysiwygTextWidget' not in resp.body

  		




  
  1618
  
    
    resp.form.fields['label'][0].value = '{{variable}}'

  		




  
  1619
  
    
    resp = resp.form.submit('submit')

  		




  
  1620
  
    
    assert FormDef.get(formdef.id).fields[0].label == '{{variable}}'

  		




  
  1621
  
    

  		




  
  1622
  
    
def test_form_comment_field_wysiwygtextwidget_validation(pub):

  		




  
  1623
  
    
    create_superuser(pub)

  		




  
  1624
  
    
    create_role()

  		




  
  1625
  
    

  		




  
  1626
  
    
    FormDef.wipe()

  		




  
  1627
  
    
    formdef = FormDef()

  		




  
  1628
  
    
    formdef.name = 'form title'

  		




  
  1629
  
    
    formdef.fields = [fields.CommentField(id='1', label='a comment field', type='comment')]

  		




  
  1630
  
    
    formdef.store()

  		




  
  1631
  
    

  		




  
  1632
  
    
    app = login(get_app(pub))

  		




  
  1633
  
    
    resp = app.get('/backoffice/forms/1/fields/1/')

  		




  
  1634
  
    
    assert 'a comment field' in resp.body

  		




  
  1635
  
    

  		




  
  1636
  
    
    # bad {% %} Django template syntax

  		




  
  1637
  
    
    assert 'WysiwygTextWidget' in resp.body

  		




  
  1638
  
    
    resp.form.fields['label'][0].value = '{% if cond %}no endif provided'

  		




  
  1639
  
    
    resp = resp.form.submit('submit')

  		




  
  1640
  
    
    assert 'syntax error in Django template: Unclosed tag on line 1' in resp.body

  		




  
  1641
  
    

  		




  
  1642
  
    
    # bad {{ }} Django template syntax

  		




  
  1643
  
    
    assert 'WysiwygTextWidget' in resp.body

  		




  
  1644
  
    
    resp.form.fields['label'][0].value = '{{0+0}}'

  		




  
  1645
  
    
    resp = resp.form.submit('submit')

  		




  
  1646
  
    
    assert 'syntax error in Django template: Could not parse' in resp.body

  		




  
  1647
  
    

  		




  
  1648
  
    
    # bad EZT syntax

  		




  
  1649
  
    
    assert 'WysiwygTextWidget' in resp.body

  		




  
  1650
  
    
    resp.form.fields['label'][0].value = '[end]'

  		




  
  1651
  
    
    resp = resp.form.submit('submit')

  		




  
  1652
  
    
    assert 'syntax error in ezt template: unmatched [end]' in resp.body

  		




  
  1653
  
    

  		




  
  1654
  
    
    # good syntax

  		




  
  1655
  
    
    assert 'WysiwygTextWidget' in resp.body

  		




  
  1656
  
    
    resp.form.fields['label'][0].value = '{{variable}}'

  		




  
  1657
  
    
    resp = resp.form.submit('submit')

  		




  
  1658
  
    
    assert FormDef.get(formdef.id).fields[0].label == '{{variable}}'

  		




  
  1659
  
    

  		




  1586
  1660
  
    
def test_form_edit_map_field(pub):

  		




  1587
  1661
  
    
    create_superuser(pub)

  		




  1588
  1662
  
    
    create_role()

  		












  

    
      wcs/fields.py
    
  





  641
  641
  
    
    def fill_admin_form(self, form):

  		




  642
  642
  
    
        if self.label and (self.label[0] != '<' and '[end]' in self.label):

  		




  643
  643
  
    
            form.add(TextWidget, 'label', title=_('Label'), value=self.label,

  		




  
  644
  
    
                    validation_function=ComputedExpressionWidget.validate_template,

  		




  644
  645
  
    
                    required=True, cols=70, rows=3, render_br=False)

  		




  645
  646
  
    
        else:

  		




  646
  647
  
    
            form.add(WysiwygTextWidget, 'label', title=_('Label'),

  		




  
  648
  
    
                    validation_function=ComputedExpressionWidget.validate_template,

  		




  647
  649
  
    
                    value=self.get_html_content(), required=True)

  		




  648
  650
  
    
        form.add(StringWidget, 'extra_css_class', title = _('Extra classes for CSS styling'),

  		




  649
  651
  
    
                value=self.extra_css_class, size=30, advanced=(not self.extra_css_class))

  		












  

    
      wcs/qommon/form.py
    
  





  517
  517
  
    
        self.validation_function = kwargs.pop('validation_function', None)

  		




  518
  518
  
    
        super(TextWidget, self).__init__(name, *args, **kwargs)

  		




  519
  519
  
    

  		




  520
  
  
    
    def _parse(self, request):

  		




  
  520
  
    
    def _parse(self, request, use_validation_function=True):

  		




  521
  521
  
    
        quixote.form.TextWidget._parse(self, request)

  		




  522
  522
  
    
        if self.value is not None:

  		




  523
  523
  
    
            try:

  		




  ......




  528
  528
  
    
                uvalue = self.value.decode(get_publisher().site_charset)

  		




  529
  529
  
    
                if len(uvalue) > maxlength:

  		




  530
  530
  
    
                    self.error = _('too many characters (limit is %d)') % maxlength

  		




  531
  
  
    
            if self.validation_function:

  		




  
  531
  
    
            if use_validation_function and self.validation_function:

  		




  532
  532
  
    
                try:

  		




  533
  533
  
    
                    self.validation_function(self.value)

  		




  534
  534
  
    
                except ValueError as e:

  		




  ......




  1480
  1480
  
    

  		




  1481
  1481
  
    
class WysiwygTextWidget(TextWidget):

  		




  1482
  1482
  
    
    def _parse(self, request):

  		




  1483
  
  
    
        TextWidget._parse(self, request)

  		




  
  1483
  
    
        TextWidget._parse(self, request, use_validation_function=False)

  		




  1484
  1484
  
    
        if self.value:

  		




  1485
  1485
  
    
            if _sanitizeHTML:

  		




  1486
  1486
  
    
                self.value = _sanitizeHTML(self.value, get_request().charset, 'text/html')

  		




  ......




  1494
  1494
  
    
            def unquote_django(matchobj):

  		




  1495
  1495
  
    
                return parser.unescape(unicode(matchobj.group(0), charset)).encode(charset)

  		




  1496
  1496
  
    
            self.value = re.sub('{[{%](.*?)[%}]}', unquote_django, self.value)

  		




  
  1497
  
    
            if self.validation_function:

  		




  
  1498
  
    
                try:

  		




  
  1499
  
    
                    self.validation_function(self.value)

  		




  
  1500
  
    
                except ValueError as e:

  		




  
  1501
  
    
                    self.error = str(e)

  		




  1497
  1502
  
    

  		




  1498
  1503
  
    
    def add_media(self):

  		




  1499
  1504
  
    
        get_response().add_javascript(['qommon.wysiwyg.js'])

  		




  1500
  
  
    
-