0001-misc-forbid-some-reserved-values-keywords-to-be-used.patch

Frédéric Péters, 27 décembre 2021 15:59

Voir les différences: en ligne côte à côte

Subject: [PATCH] misc: forbid some reserved values/keywords to be used as
 varname (#30234)

 tests/admin_pages/test_form.py | 27 +++++++++++++++++++++
 wcs/qommon/form.py             | 44 ++++++++++++++++++++++++++++++++++
 2 files changed, 71 insertions(+)

         app.get('/backoffice/forms/1/fields/', status=200)  # ok, no error
     def test_form_field_varname_values(pub):
         create_superuser(pub)
         create_role(pub)
         FormDef.wipe()
         formdef = FormDef()
         formdef.name = 'form title'
         formdef.fields = [fields.StringField(id='1', label='1st field', type='string')]
         formdef.store()
         app = login(get_app(pub))
         resp = app.get('/backoffice/forms/1/fields/1/')
         resp.forms[0]['varname'] = 'id'
         resp = resp.forms[0].submit('submit')
         assert 'this value is reserved for internal use.' in resp.text
         resp.forms[0]['varname'] = '0123'
         resp = resp.forms[0].submit('submit')
         assert 'must only consist of letters, numbers, or underscore' in resp.text
         resp.forms[0]['varname'] = 'plop'
         resp = resp.forms[0].submit('submit')
         formdef.refresh_from_storage()
         assert formdef.fields[0].varname == 'plop'
     def test_form_delete_field(pub):
         create_superuser(pub)
         create_role(pub)

             ValidatedStringWidget._parse(self, request)
             if self.error:
                 self.error = _('must only consist of letters, numbers, or underscore')
             # forbid id/text to be used as identifier, as they would clash against
             # "native" id/text keys in datasources, and forbid all reserved Python
             # keywords so varnames can be used in dotted expressions (form.var.plop).
             # https://docs.python.org/3/reference/lexical_analysis.html#keywords
             if self.value in (
                 'id',
                 'text',
                 'and',
                 'as',
                 'assert',
                 'async',
                 'await',
                 'break',
                 'class',
                 'continue',
                 'def',
                 'del',
                 'elif',
                 'else',
                 'except',
                 'False',
                 'finally',
                 'for',
                 'from',
                 'global',
                 'if',
                 'import',
                 'in',
                 'is',
                 'lambda',
                 'None',
                 'nonlocal',
                 'not',
                 'or',
                 'pass',
                 'raise',
                 'return',
                 'True',
                 'try',
                 'while',
                 'with',
                 'yield',
             ):
                 self.error = _('this value is reserved for internal use.')
     class SlugWidget(ValidatedStringWidget):
+    -

Projet

Général

Profil

Produits Entr'ouvert » w.c.s.

0001-misc-forbid-some-reserved-values-keywords-to-be-used.patch