0002-validators-work-around-lack-of-NULL-char-check-in-fo.patch
src/authentic2/__init__.py | ||
---|---|---|
14 | 14 |
# You should have received a copy of the GNU Affero General Public License |
15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
16 | 16 | |
17 |
import django |
|
18 | ||
17 | 19 |
default_app_config = 'authentic2.apps.Authentic2Config' |
20 | ||
21 | ||
22 |
if django.VERSION < (2,): |
|
23 |
from . import validators |
|
24 |
from django.forms import fields |
|
25 |
import rest_framework.fields |
|
26 | ||
27 |
# query-string and form parameters used to query database charfield must be checked for NULL characters |
|
28 |
# https://dev.entrouvert.org/issues/45672 |
|
29 |
# https://dev.entrouvert.org/issues/46625 |
|
30 |
# https://code.djangoproject.com/ticket/30064 |
|
31 |
# https://github.com/django/django/commit/5b4c6b58a097028de970875605680df941ab0a47 |
|
32 |
if not getattr(fields.CharField, 'a2_workaround', False): |
|
33 |
CharField_old__init__ = fields.CharField.__init__ |
|
34 | ||
35 |
def CharField_new_init__(self, *args, **kwargs): |
|
36 |
CharField_old__init__(self, *args, **kwargs) |
|
37 |
self.validators.append(validators.ProhibitNullCharactersValidator()) |
|
38 | ||
39 |
fields.CharField.__init__ = CharField_new_init__ |
|
40 |
fields.CharField.a2_workaround = True |
|
41 |
rest_framework.fields.ProhibitNullCharactersValidator = ProhibitNullCharactersValidator |
src/authentic2/validators.py | ||
---|---|---|
18 | 18 | |
19 | 19 |
import smtplib |
20 | 20 | |
21 |
import django |
|
22 |
from django.utils.deconstruct import deconstructible |
|
21 | 23 |
from django.utils.translation import ugettext_lazy as _ |
22 | 24 |
from django.core.exceptions import ValidationError |
23 | 25 |
from django.core.validators import RegexValidator, EmailValidator as DjangoEmailValidator |
... | ... | |
97 | 99 |
def __init__(self, *args, **kwargs): |
98 | 100 |
self.regex = app_settings.A2_REGISTRATION_FORM_USERNAME_REGEX |
99 | 101 |
super(UsernameValidator, self).__init__(*args, **kwargs) |
102 | ||
103 | ||
104 |
@deconstructible |
|
105 |
class ProhibitNullCharactersValidator: |
|
106 |
"""Validate that the string doesn't contain the null character.""" |
|
107 |
message = _('Null characters are not allowed.') |
|
108 |
code = 'null_characters_not_allowed' |
|
109 | ||
110 |
def __init__(self, message=None, code=None): |
|
111 |
if message is not None: |
|
112 |
self.message = message |
|
113 |
if code is not None: |
|
114 |
self.code = code |
|
115 | ||
116 |
def __call__(self, value): |
|
117 |
if '\x00' in str(value): |
|
118 |
raise ValidationError(self.message, code=self.code) |
|
119 | ||
120 |
def __eq__(self, other): |
|
121 |
return ( |
|
122 |
isinstance(other, self.__class__) |
|
123 |
and self.message == other.message |
|
124 |
and self.code == other.code |
|
125 |
) |
src/authentic2/views.py | ||
---|---|---|
47 | 47 |
from django.http import Http404 |
48 | 48 |
from django.utils.http import urlsafe_base64_decode |
49 | 49 |
from django.views.generic.edit import CreateView |
50 |
from django.forms import CharField |
|
51 | 50 |
from django.http import HttpResponseBadRequest |
52 | 51 |
from django.template import loader |
52 |
from django import forms |
|
53 | 53 | |
54 | 54 |
from authentic2.custom_user.models import iter_attributes |
55 | 55 |
from . import (utils, app_settings, decorators, constants, |
... | ... | |
991 | 991 |
if 'username' in self.fields and app_settings.A2_REGISTRATION_FORM_USERNAME_REGEX: |
992 | 992 |
# Keep existing field label and help_text |
993 | 993 |
old_field = form_class.base_fields['username'] |
994 |
field = CharField( |
|
994 |
field = forms.CharField(
|
|
995 | 995 |
max_length=256, |
996 | 996 |
label=old_field.label, |
997 | 997 |
help_text=old_field.help_text, |
998 |
- |