From b7a6df90802738f729bae144bc618482d9fa6840 Mon Sep 17 00:00:00 2001 From: Thomas Bracht Laumann Jespersen Date: Mon, 28 Sep 2020 18:37:07 +0200 Subject: models: Validate Project.linkname does not contain forward slash I started by creating a project that contained a forward slash (importing patches from https://lists.sr.ht/~sircmpwn/sr.ht-dev/) and it fails to render the "projects" main page. The specific error reads: NoReverseMatch at / Reverse for 'patch-list' with keyword arguments '{'project_id': 'foo/bar'}' not found. 1 pattern(s) tried: ['project/(?P[^/]+)/list/$'] which appears to explicitly disallow forward slashes. So I think it makes sense to validate that project linkname doesn't contain forward slahes. This implementation uses the validate_unicode_slug validator instead of just rejecting inputs that contain forward slashes. Signed-off-by: Thomas Bracht Laumann Jespersen Signed-off-by: Stephen Finucane Closes: #380 --- .../0044_add_project_linkname_validation.py | 30 ++++++++++++++++++++++ patchwork/models.py | 4 ++- releasenotes/notes/issue-380-68aaf6ee232209cc.yaml | 7 +++++ 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 patchwork/migrations/0044_add_project_linkname_validation.py create mode 100644 releasenotes/notes/issue-380-68aaf6ee232209cc.yaml diff --git a/patchwork/migrations/0044_add_project_linkname_validation.py b/patchwork/migrations/0044_add_project_linkname_validation.py new file mode 100644 index 0000000..9319c81 --- /dev/null +++ b/patchwork/migrations/0044_add_project_linkname_validation.py @@ -0,0 +1,30 @@ +# Generated by Django 3.1.1 on 2020-09-29 01:27 + +import django.core.validators +from django.db import migrations, models +import re + + +class Migration(migrations.Migration): + + dependencies = [ + ('patchwork', '0043_merge_patch_submission'), + ] + + operations = [ + migrations.AlterField( + model_name='project', + name='linkname', + field=models.CharField( + max_length=255, + unique=True, + validators=[ + django.core.validators.RegexValidator( + re.compile('^[-\\w]+\\Z'), + 'Enter a valid “slug” consisting of Unicode ' + + 'letters, numbers, underscores, or hyphens.', + 'invalid') + ] + ), + ), + ] diff --git a/patchwork/models.py b/patchwork/models.py index 77ab924..6f90627 100644 --- a/patchwork/models.py +++ b/patchwork/models.py @@ -16,6 +16,7 @@ from django.core.exceptions import ValidationError from django.db import models from django.urls import reverse from django.utils.functional import cached_property +from django.core.validators import validate_unicode_slug from patchwork.fields import HashField from patchwork.hasher import hash_diff @@ -56,7 +57,8 @@ class Person(models.Model): class Project(models.Model): # properties - linkname = models.CharField(max_length=255, unique=True) + linkname = models.CharField(max_length=255, unique=True, + validators=[validate_unicode_slug]) name = models.CharField(max_length=255, unique=True) listid = models.CharField(max_length=255) listemail = models.CharField(max_length=200) diff --git a/releasenotes/notes/issue-380-68aaf6ee232209cc.yaml b/releasenotes/notes/issue-380-68aaf6ee232209cc.yaml new file mode 100644 index 0000000..db76038 --- /dev/null +++ b/releasenotes/notes/issue-380-68aaf6ee232209cc.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Previously, it was possible to create a project with a ``linkname`` + containing invalid URL characters. This would result in broken URLs. We + now validate this field and restrict characters to unicode slugs (unicode + letters, numbers, underscores and hyphens). -- cgit v1.2.3