Projet

Général

Profil

0001-forms-prevent-autosave-from-overwriting-session-s-da.patch

Benjamin Dauvergne, 28 octobre 2021 21:50

Télécharger (1,88 ko)

Voir les différences: 

Subject: [PATCH] forms: prevent autosave from overwriting session's data
 (#58208)

autosave() needs to write into session's data only when establishing
the draft formdata, after that it's not needed anymore. Preventing it to
further modify magictoken's data prevent race condition between AJAX
call to autosave and normal form's submission by users.

 wcs/forms/root.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
wcs/forms/root.py
1327 1327 

  		




  1328
  1328
  
    
        self.feed_current_data(magictoken)

  		




  1329
  1329
  
    

  		




  1330
  
  
    
        form_data = session.get_by_magictoken(magictoken, {})

  		




  
  1330
  
    
        current_form_data = session.get_by_magictoken(magictoken, {})

  		




  
  1331
  
    
        # prevent autosave to write into session concurrently with user's

  		




  
  1332
  
    
        # submits, only do it when initializing the draft formdata.

  		




  
  1333
  
    
        form_data = current_form_data.copy()

  		




  1331
  1334
  
    
        if not form_data:

  		




  1332
  1335
  
    
            return result_error('missing data')

  		




  1333
  1336
  
    

  		




  ......




  1356
  1359
  
    
        except SubmittedDraftException:

  		




  1357
  1360
  
    
            return result_error('form has already been submitted')

  		




  1358
  1361
  
    

  		




  
  1362
  
    
        # save draft_formdata_id if it changed, otherwise prevent the session

  		




  
  1363
  
    
        # and current filling datas to be overwritten

  		




  
  1364
  
    
        if current_form_data.get('draft_formdata_id') == form_data.get('draft_formdata_id'):

  		




  
  1365
  
    
            get_request().ignore_session = True

  		




  
  1366
  
    
        else:

  		




  
  1367
  
    
            current_form_data['draft_formdata_id'] = form_data.get('draft_formdata_id')

  		




  1359
  1368
  
    
        return json.dumps({'result': 'success'})

  		




  1360
  1369
  
    

  		




  1361
  1370
  
    
    def save_draft(self, data, page_no=None):

  		




  1362
  
  
    
-