0002-validators-work-around-lack-of-NULL-char-check-in-fo.patch
| src/authentic2/__init__.py | ||
|---|---|---|
| 14 | 14 |
# You should have received a copy of the GNU Affero General Public License |
| 15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | 16 | |
| 17 |
import django |
|
| 18 | ||
| 17 | 19 |
default_app_config = 'authentic2.apps.Authentic2Config' |
| 20 | ||
| 21 | ||
| 22 |
if django.VERSION < (2,): |
|
| 23 |
from . import validators |
|
| 24 |
from django.forms import fields |
|
| 25 |
import rest_framework.fields |
|
| 26 | ||
| 27 |
# query-string and form parameters used to query database charfield must be checked for NULL characters |
|
| 28 |
# https://dev.entrouvert.org/issues/45672 |
|
| 29 |
# https://dev.entrouvert.org/issues/46625 |
|
| 30 |
# https://code.djangoproject.com/ticket/30064 |
|
| 31 |
# https://github.com/django/django/commit/5b4c6b58a097028de970875605680df941ab0a47 |
|
| 32 |
if not getattr(fields.CharField, 'a2_workaround', False): |
|
| 33 |
CharField_old__init__ = fields.CharField.__init__ |
|
| 34 | ||
| 35 |
def CharField_new_init__(self, *args, **kwargs): |
|
| 36 |
CharField_old__init__(self, *args, **kwargs) |
|
| 37 |
self.validators.append(validators.ProhibitNullCharactersValidator()) |
|
| 38 | ||
| 39 |
fields.CharField.__init__ = CharField_new_init__ |
|
| 40 |
fields.CharField.a2_workaround = True |
|
| 41 |
rest_framework.fields.ProhibitNullCharactersValidator = ProhibitNullCharactersValidator |
|
| src/authentic2/validators.py | ||
|---|---|---|
| 18 | 18 | |
| 19 | 19 |
import smtplib |
| 20 | 20 | |
| 21 |
import django |
|
| 22 |
from django.utils.deconstruct import deconstructible |
|
| 21 | 23 |
from django.utils.translation import ugettext_lazy as _ |
| 22 | 24 |
from django.core.exceptions import ValidationError |
| 23 | 25 |
from django.core.validators import RegexValidator, EmailValidator as DjangoEmailValidator |
| ... | ... | |
| 97 | 99 |
def __init__(self, *args, **kwargs): |
| 98 | 100 |
self.regex = app_settings.A2_REGISTRATION_FORM_USERNAME_REGEX |
| 99 | 101 |
super(UsernameValidator, self).__init__(*args, **kwargs) |
| 102 | ||
| 103 | ||
| 104 |
@deconstructible |
|
| 105 |
class ProhibitNullCharactersValidator: |
|
| 106 |
"""Validate that the string doesn't contain the null character.""" |
|
| 107 |
message = _('Null characters are not allowed.')
|
|
| 108 |
code = 'null_characters_not_allowed' |
|
| 109 | ||
| 110 |
def __init__(self, message=None, code=None): |
|
| 111 |
if message is not None: |
|
| 112 |
self.message = message |
|
| 113 |
if code is not None: |
|
| 114 |
self.code = code |
|
| 115 | ||
| 116 |
def __call__(self, value): |
|
| 117 |
if '\x00' in str(value): |
|
| 118 |
raise ValidationError(self.message, code=self.code) |
|
| 119 | ||
| 120 |
def __eq__(self, other): |
|
| 121 |
return ( |
|
| 122 |
isinstance(other, self.__class__) |
|
| 123 |
and self.message == other.message |
|
| 124 |
and self.code == other.code |
|
| 125 |
) |
|
| src/authentic2/views.py | ||
|---|---|---|
| 47 | 47 |
from django.http import Http404 |
| 48 | 48 |
from django.utils.http import urlsafe_base64_decode |
| 49 | 49 |
from django.views.generic.edit import CreateView |
| 50 |
from django.forms import CharField |
|
| 51 | 50 |
from django.http import HttpResponseBadRequest |
| 52 | 51 |
from django.template import loader |
| 52 |
from django import forms |
|
| 53 | 53 | |
| 54 | 54 |
from authentic2.custom_user.models import iter_attributes |
| 55 | 55 |
from . import (utils, app_settings, decorators, constants, |
| ... | ... | |
| 991 | 991 |
if 'username' in self.fields and app_settings.A2_REGISTRATION_FORM_USERNAME_REGEX: |
| 992 | 992 |
# Keep existing field label and help_text |
| 993 | 993 |
old_field = form_class.base_fields['username'] |
| 994 |
field = CharField( |
|
| 994 |
field = forms.CharField(
|
|
| 995 | 995 |
max_length=256, |
| 996 | 996 |
label=old_field.label, |
| 997 | 997 |
help_text=old_field.help_text, |
| 998 |
- |
|