From de58cbe82731b6592bb0b5b4da3a8a91bdf8a939 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Wed, 8 Apr 2020 10:02:09 +0200 Subject: [PATCH 2/2] lingo: validate service_options in forms (#41439) --- combo/apps/lingo/models.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/combo/apps/lingo/models.py b/combo/apps/lingo/models.py index b5cc3632..670aaf97 100644 --- a/combo/apps/lingo/models.py +++ b/combo/apps/lingo/models.py @@ -35,7 +35,7 @@ from django.utils.translation import ugettext_lazy as _ from django.utils import timezone, dateparse, six from django.core.mail import EmailMultiAlternatives from django.urls import reverse -from django.core.exceptions import ObjectDoesNotExist, PermissionDenied +from django.core.exceptions import ObjectDoesNotExist, PermissionDenied, ValidationError from django.utils.encoding import python_2_unicode_compatible from django.utils.formats import localize from django.utils.http import urlencode @@ -89,6 +89,11 @@ def build_remote_item(data, regie): no_online_payment_reason=data.get('no_online_payment_reason')) +def validate_dict(value): + if not isinstance(value, dict): + raise ValidationError(_('Value must a JSON object')) + + @python_2_unicode_compatible class PaymentBackend(models.Model): label = models.CharField(verbose_name=_('Label'), max_length=64) @@ -97,7 +102,10 @@ class PaymentBackend(models.Model): help_text=_('The identifier is used in webservice calls.')) service = models.CharField( verbose_name=_('Payment Service'), max_length=64, choices=SERVICES) - service_options = JSONField(blank=True, verbose_name=_('Payment Service Options')) + service_options = JSONField( + blank=True, + verbose_name=_('Payment Service Options'), + validators=[validate_dict]) def __str__(self): return self.label -- 2.24.0