diff mbox series

[v3] models: Validate Project.linkname does not contain forward slash

Message ID 20200928163707.16359-1-t@laumann.xyz
State Accepted
Headers show
Series [v3] models: Validate Project.linkname does not contain forward slash | expand

Commit Message

Thomas Bracht Laumann Jespersen Sept. 28, 2020, 4:37 p.m. UTC
I started by creating a project that contained a forward slash
(importing patches from https://lists.sr.ht/~sircmpwn/sr.ht-dev/) and
it fails to render the "projects" main page.

The specific error reads:

    NoReverseMatch at /

    Reverse for 'patch-list' with keyword arguments
    '{'project_id': 'foo/bar'}' not found. 1 pattern(s) tried:
    ['project/(?P<project_id>[^/]+)/list/$']

which appears to explicitly disallow forward slashes.

So I think it makes sense to validate that project linkname doesn't
contain forward slahes.

This implementation uses the validate_unicode_slug validator instead of just
rejecting inputs that contain forward slashes.

Signed-off-by: Thomas Bracht Laumann Jespersen <t@laumann.xyz>
---
 .../0044_add_project_linkname_validation.py   | 30 +++++++++++++++++++
 patchwork/models.py                           |  4 ++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 patchwork/migrations/0044_add_project_linkname_validation.py

Comments

Stephen Finucane Oct. 1, 2020, 3:43 p.m. UTC | #1
On Mon, 2020-09-28 at 18:37 +0200, Thomas Bracht Laumann Jespersen wrote:
> I started by creating a project that contained a forward slash
> (importing patches from https://lists.sr.ht/~sircmpwn/sr.ht-dev/) and
> it fails to render the "projects" main page.
> 
> The specific error reads:
> 
>     NoReverseMatch at /
> 
>     Reverse for 'patch-list' with keyword arguments
>     '{'project_id': 'foo/bar'}' not found. 1 pattern(s) tried:
>     ['project/(?P<project_id>[^/]+)/list/$']
> 
> which appears to explicitly disallow forward slashes.
> 
> So I think it makes sense to validate that project linkname doesn't
> contain forward slahes.
> 
> This implementation uses the validate_unicode_slug validator instead of just
> rejecting inputs that contain forward slashes.
> 
> Signed-off-by: Thomas Bracht Laumann Jespersen <t@laumann.xyz>

Thanks! Applied.
diff mbox series

Patch

diff --git a/patchwork/migrations/0044_add_project_linkname_validation.py b/patchwork/migrations/0044_add_project_linkname_validation.py
new file mode 100644
index 0000000..9319c81
--- /dev/null
+++ b/patchwork/migrations/0044_add_project_linkname_validation.py
@@ -0,0 +1,30 @@ 
+# Generated by Django 3.1.1 on 2020-09-29 01:27
+
+import django.core.validators
+from django.db import migrations, models
+import re
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('patchwork', '0043_merge_patch_submission'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='project',
+            name='linkname',
+            field=models.CharField(
+                max_length=255,
+                unique=True,
+                validators=[
+                    django.core.validators.RegexValidator(
+                        re.compile('^[-\\w]+\\Z'),
+                        'Enter a valid “slug” consisting of Unicode ' +
+                        'letters, numbers, underscores, or hyphens.',
+                        'invalid')
+                ]
+            ),
+        ),
+    ]
diff --git a/patchwork/models.py b/patchwork/models.py
index 77ab924..6f90627 100644
--- a/patchwork/models.py
+++ b/patchwork/models.py
@@ -16,6 +16,7 @@  from django.core.exceptions import ValidationError
 from django.db import models
 from django.urls import reverse
 from django.utils.functional import cached_property
+from django.core.validators import validate_unicode_slug
 
 from patchwork.fields import HashField
 from patchwork.hasher import hash_diff
@@ -56,7 +57,8 @@  class Person(models.Model):
 class Project(models.Model):
     # properties
 
-    linkname = models.CharField(max_length=255, unique=True)
+    linkname = models.CharField(max_length=255, unique=True,
+                                validators=[validate_unicode_slug])
     name = models.CharField(max_length=255, unique=True)
     listid = models.CharField(max_length=255)
     listemail = models.CharField(max_length=200)