diff options
| author | Thomas Bracht Laumann Jespersen <t@laumann.xyz> | 2020-09-28 18:37:07 +0200 |
|---|---|---|
| committer | Stephen Finucane <stephen@that.guru> | 2020-10-01 15:06:41 +0100 |
| commit | b7a6df90802738f729bae144bc618482d9fa6840 (patch) | |
| tree | cbf64904bea96cf7b569178de8259f5da5579bc7 | |
| parent | 8f40045ff48235be2552ce2df16ba493b8b83af7 (diff) | |
| download | patchwork-b7a6df90802738f729bae144bc618482d9fa6840.tar patchwork-b7a6df90802738f729bae144bc618482d9fa6840.tar.gz | |
models: Validate Project.linkname does not contain forward slash
I started by creating a project that contained a forward slash
(importing patches from https://lists.sr.ht/~sircmpwn/sr.ht-dev/) and
it fails to render the "projects" main page.
The specific error reads:
NoReverseMatch at /
Reverse for 'patch-list' with keyword arguments
'{'project_id': 'foo/bar'}' not found. 1 pattern(s) tried:
['project/(?P<project_id>[^/]+)/list/$']
which appears to explicitly disallow forward slashes.
So I think it makes sense to validate that project linkname doesn't
contain forward slahes.
This implementation uses the validate_unicode_slug validator instead of just
rejecting inputs that contain forward slashes.
Signed-off-by: Thomas Bracht Laumann Jespersen <t@laumann.xyz>
Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes: #380
| -rw-r--r-- | patchwork/migrations/0044_add_project_linkname_validation.py | 30 | ||||
| -rw-r--r-- | patchwork/models.py | 4 | ||||
| -rw-r--r-- | releasenotes/notes/issue-380-68aaf6ee232209cc.yaml | 7 |
3 files changed, 40 insertions, 1 deletions
diff --git a/patchwork/migrations/0044_add_project_linkname_validation.py b/patchwork/migrations/0044_add_project_linkname_validation.py new file mode 100644 index 0000000..9319c81 --- /dev/null +++ b/patchwork/migrations/0044_add_project_linkname_validation.py @@ -0,0 +1,30 @@ +# Generated by Django 3.1.1 on 2020-09-29 01:27 + +import django.core.validators +from django.db import migrations, models +import re + + +class Migration(migrations.Migration): + + dependencies = [ + ('patchwork', '0043_merge_patch_submission'), + ] + + operations = [ + migrations.AlterField( + model_name='project', + name='linkname', + field=models.CharField( + max_length=255, + unique=True, + validators=[ + django.core.validators.RegexValidator( + re.compile('^[-\\w]+\\Z'), + 'Enter a valid “slug” consisting of Unicode ' + + 'letters, numbers, underscores, or hyphens.', + 'invalid') + ] + ), + ), + ] diff --git a/patchwork/models.py b/patchwork/models.py index 77ab924..6f90627 100644 --- a/patchwork/models.py +++ b/patchwork/models.py @@ -16,6 +16,7 @@ from django.core.exceptions import ValidationError from django.db import models from django.urls import reverse from django.utils.functional import cached_property +from django.core.validators import validate_unicode_slug from patchwork.fields import HashField from patchwork.hasher import hash_diff @@ -56,7 +57,8 @@ class Person(models.Model): class Project(models.Model): # properties - linkname = models.CharField(max_length=255, unique=True) + linkname = models.CharField(max_length=255, unique=True, + validators=[validate_unicode_slug]) name = models.CharField(max_length=255, unique=True) listid = models.CharField(max_length=255) listemail = models.CharField(max_length=200) diff --git a/releasenotes/notes/issue-380-68aaf6ee232209cc.yaml b/releasenotes/notes/issue-380-68aaf6ee232209cc.yaml new file mode 100644 index 0000000..db76038 --- /dev/null +++ b/releasenotes/notes/issue-380-68aaf6ee232209cc.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Previously, it was possible to create a project with a ``linkname`` + containing invalid URL characters. This would result in broken URLs. We + now validate this field and restrict characters to unicode slugs (unicode + letters, numbers, underscores and hyphens). |