From 166c2c98d8e2300e567b05cc6a4ce133c2db2b0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Mon, 24 Oct 2016 21:11:42 +0200 Subject: [PATCH] admin: only allow digits in workflow global trigger timeout (#13724) --- tests/test_admin_pages.py | 3 +++ wcs/qommon/form.py | 5 +++++ wcs/workflows.py | 3 ++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/test_admin_pages.py b/tests/test_admin_pages.py index 0899f6b..27195f5 100644 --- a/tests/test_admin_pages.py +++ b/tests/test_admin_pages.py @@ -2208,6 +2208,9 @@ def test_workflows_global_actions_timeout_triggers(pub): assert 'Timeout (not configured)' in resp.body resp = resp.click(href='triggers/%s/' % Workflow.get(workflow.id).global_actions[0].triggers[0].id, index=0) + resp.form['timeout'] = 'foobar' + resp = resp.form.submit('submit') + assert 'wrong format' in resp.body resp.form['timeout'] = '3' resp = resp.form.submit('submit') diff --git a/wcs/qommon/form.py b/wcs/qommon/form.py index 4123101..43a22e5 100644 --- a/wcs/qommon/form.py +++ b/wcs/qommon/form.py @@ -1213,6 +1213,11 @@ class ValidatedStringWidget(StringWidget): '''StringWidget which checks the value entered is correct according to a regex''' regex = None + def __init__(self, *args, **kwargs): + if 'regex' in kwargs: + self.regex = kwargs.pop('regex') + super(ValidatedStringWidget, self).__init__(*args, **kwargs) + def _parse(self, request): StringWidget._parse(self, request) if self.regex and self.value is not None: diff --git a/wcs/workflows.py b/wcs/workflows.py index f26d02d..f4e33ee 100644 --- a/wcs/workflows.py +++ b/wcs/workflows.py @@ -1039,8 +1039,9 @@ class WorkflowGlobalActionTimeoutTrigger(WorkflowGlobalActionTrigger): 'data-dynamic-display-value': _('Latest arrival in status')} ) - form.add(StringWidget, 'timeout', title=_('Timeout'), + form.add(ValidatedStringWidget, 'timeout', title=_('Timeout'), value=self.timeout, + regex=r'^\d*$', hint=_('Number of days, relative to anchor point.')) return form -- 2.10.1