0001-fields-add-validation-on-comment-field-30618.patch
tests/test_admin_pages.py | ||
---|---|---|
1583 | 1583 |
resp = app.get('/backoffice/forms/1/fields/1/') |
1584 | 1584 |
assert 'WysiwygTextWidget' not in resp.body |
1585 | 1585 | |
1586 |
def test_form_comment_field_textwidget_validation(pub): |
|
1587 |
create_superuser(pub) |
|
1588 |
FormDef.wipe() |
|
1589 |
formdef = FormDef() |
|
1590 |
formdef.name = 'form title' |
|
1591 |
# legacy, ezt syntax in a non-html field will be presented as a textarea |
|
1592 |
formdef.fields = [fields.CommentField(id='1', type='comment', |
|
1593 |
label='[if-any toto]hello world[end]')] |
|
1594 |
formdef.store() |
|
1595 |
app = login(get_app(pub)) |
|
1596 |
resp = app.get('/backoffice/forms/1/fields/1/') |
|
1597 | ||
1598 |
# bad {% %} Django template syntax |
|
1599 |
assert 'WysiwygTextWidget' not in resp.body |
|
1600 |
resp.form.fields['label'][0].value = '{% if cond %}no endif provided' |
|
1601 |
resp = resp.form.submit('submit') |
|
1602 |
assert 'syntax error in Django template: Unclosed tag on line 1' in resp.body |
|
1603 | ||
1604 |
# bad {{ }} Django template syntax |
|
1605 |
assert 'WysiwygTextWidget' not in resp.body |
|
1606 |
resp.form.fields['label'][0].value = '{{0+0}}' |
|
1607 |
resp = resp.form.submit('submit') |
|
1608 |
assert 'syntax error in Django template: Could not parse' in resp.body |
|
1609 | ||
1610 |
# bad EZT syntax |
|
1611 |
assert 'WysiwygTextWidget' not in resp.body |
|
1612 |
resp.form.fields['label'][0].value = '[end]' |
|
1613 |
resp = resp.form.submit('submit') |
|
1614 |
assert 'syntax error in ezt template: unmatched [end]' in resp.body |
|
1615 | ||
1616 |
# good syntax |
|
1617 |
assert 'WysiwygTextWidget' not in resp.body |
|
1618 |
resp.form.fields['label'][0].value = '{{variable}}' |
|
1619 |
resp = resp.form.submit('submit') |
|
1620 |
assert FormDef.get(formdef.id).fields[0].label == '{{variable}}' |
|
1621 | ||
1622 |
def test_form_comment_field_wysiwygtextwidget_validation(pub): |
|
1623 |
create_superuser(pub) |
|
1624 |
create_role() |
|
1625 | ||
1626 |
FormDef.wipe() |
|
1627 |
formdef = FormDef() |
|
1628 |
formdef.name = 'form title' |
|
1629 |
formdef.fields = [fields.CommentField(id='1', label='a comment field', type='comment')] |
|
1630 |
formdef.store() |
|
1631 | ||
1632 |
app = login(get_app(pub)) |
|
1633 |
resp = app.get('/backoffice/forms/1/fields/1/') |
|
1634 |
assert 'a comment field' in resp.body |
|
1635 | ||
1636 |
# bad {% %} Django template syntax |
|
1637 |
assert 'WysiwygTextWidget' in resp.body |
|
1638 |
resp.form.fields['label'][0].value = '{% if cond %}no endif provided' |
|
1639 |
resp = resp.form.submit('submit') |
|
1640 |
assert 'syntax error in Django template: Unclosed tag on line 1' in resp.body |
|
1641 | ||
1642 |
# bad {{ }} Django template syntax |
|
1643 |
assert 'WysiwygTextWidget' in resp.body |
|
1644 |
resp.form.fields['label'][0].value = '{{0+0}}' |
|
1645 |
resp = resp.form.submit('submit') |
|
1646 |
assert 'syntax error in Django template: Could not parse' in resp.body |
|
1647 | ||
1648 |
# bad EZT syntax |
|
1649 |
assert 'WysiwygTextWidget' in resp.body |
|
1650 |
resp.form.fields['label'][0].value = '[end]' |
|
1651 |
resp = resp.form.submit('submit') |
|
1652 |
assert 'syntax error in ezt template: unmatched [end]' in resp.body |
|
1653 | ||
1654 |
# good syntax |
|
1655 |
assert 'WysiwygTextWidget' in resp.body |
|
1656 |
resp.form.fields['label'][0].value = '{{variable}}' |
|
1657 |
resp = resp.form.submit('submit') |
|
1658 |
assert FormDef.get(formdef.id).fields[0].label == '{{variable}}' |
|
1659 | ||
1586 | 1660 |
def test_form_edit_map_field(pub): |
1587 | 1661 |
create_superuser(pub) |
1588 | 1662 |
create_role() |
wcs/fields.py | ||
---|---|---|
641 | 641 |
def fill_admin_form(self, form): |
642 | 642 |
if self.label and (self.label[0] != '<' and '[end]' in self.label): |
643 | 643 |
form.add(TextWidget, 'label', title=_('Label'), value=self.label, |
644 |
validation_function=ComputedExpressionWidget.validate_template, |
|
644 | 645 |
required=True, cols=70, rows=3, render_br=False) |
645 | 646 |
else: |
646 | 647 |
form.add(WysiwygTextWidget, 'label', title=_('Label'), |
648 |
validation_function=ComputedExpressionWidget.validate_template, |
|
647 | 649 |
value=self.get_html_content(), required=True) |
648 | 650 |
form.add(StringWidget, 'extra_css_class', title = _('Extra classes for CSS styling'), |
649 | 651 |
value=self.extra_css_class, size=30, advanced=(not self.extra_css_class)) |
wcs/qommon/form.py | ||
---|---|---|
517 | 517 |
self.validation_function = kwargs.pop('validation_function', None) |
518 | 518 |
super(TextWidget, self).__init__(name, *args, **kwargs) |
519 | 519 | |
520 |
def _parse(self, request): |
|
520 |
def _parse(self, request, use_validation_function=True):
|
|
521 | 521 |
quixote.form.TextWidget._parse(self, request) |
522 | 522 |
if self.value is not None: |
523 | 523 |
try: |
... | ... | |
528 | 528 |
uvalue = self.value.decode(get_publisher().site_charset) |
529 | 529 |
if len(uvalue) > maxlength: |
530 | 530 |
self.error = _('too many characters (limit is %d)') % maxlength |
531 |
if self.validation_function: |
|
531 |
if use_validation_function and self.validation_function:
|
|
532 | 532 |
try: |
533 | 533 |
self.validation_function(self.value) |
534 | 534 |
except ValueError as e: |
... | ... | |
1480 | 1480 | |
1481 | 1481 |
class WysiwygTextWidget(TextWidget): |
1482 | 1482 |
def _parse(self, request): |
1483 |
TextWidget._parse(self, request) |
|
1483 |
TextWidget._parse(self, request, use_validation_function=False)
|
|
1484 | 1484 |
if self.value: |
1485 | 1485 |
if _sanitizeHTML: |
1486 | 1486 |
self.value = _sanitizeHTML(self.value, get_request().charset, 'text/html') |
... | ... | |
1494 | 1494 |
def unquote_django(matchobj): |
1495 | 1495 |
return parser.unescape(unicode(matchobj.group(0), charset)).encode(charset) |
1496 | 1496 |
self.value = re.sub('{[{%](.*?)[%}]}', unquote_django, self.value) |
1497 |
if self.validation_function: |
|
1498 |
try: |
|
1499 |
self.validation_function(self.value) |
|
1500 |
except ValueError as e: |
|
1501 |
self.error = str(e) |
|
1497 | 1502 | |
1498 | 1503 |
def add_media(self): |
1499 | 1504 |
get_response().add_javascript(['qommon.wysiwyg.js']) |
1500 |
- |