Mercurial > p > roundup > code
comparison test/test_cgi.py @ 8320:b07165add61b
fix(web): issue2551406 - dont crash when handed invalid @template=a|b|c
Only two template cases (ok and error) are handled. Presence of second
'|' caused crash. Discovered/patch provided by Christof Meerwald
(cmeerw).
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 02 Jun 2025 08:52:39 -0400 |
| parents | 669dfccca898 |
| children | 224ccb8b49ca |
comparison
equal
deleted
inserted
replaced
| 8319:5e6ff4e9cacb | 8320:b07165add61b |
|---|---|
| 2939 print(result) | 2939 print(result) |
| 2940 # sha1sum of classic tracker user.item.template must be found | 2940 # sha1sum of classic tracker user.item.template must be found |
| 2941 sha1sum = '<!-- SHA: 952568414163cd12b2e89e91e59ef336da64fbbe -->' | 2941 sha1sum = '<!-- SHA: 952568414163cd12b2e89e91e59ef336da64fbbe -->' |
| 2942 self.assertNotEqual(-1, result.index(sha1sum)) | 2942 self.assertNotEqual(-1, result.index(sha1sum)) |
| 2943 | 2943 |
| 2944 def testRenderAltTemplatesError(self): | |
| 2945 # check that an error is reported to user when rendering using | |
| 2946 # @template=oktempl|errortmpl|oops|foo | |
| 2947 | |
| 2948 # template names can not include | | |
| 2949 | |
| 2950 # set up the client; | |
| 2951 # run determine_context to set the required client attributes | |
| 2952 # run renderContext(); check result for proper page | |
| 2953 | |
| 2954 # Test ok state template that uses user.forgotten.html | |
| 2955 self.client.form=db_test_base.makeForm({"@template": "forgotten|item|oops|foo"}) | |
| 2956 self.client.path = 'user' | |
| 2957 self.client.determine_context() | |
| 2958 self.client.session_api = MockNull(_sid="1234567890") | |
| 2959 self.assertEqual( | |
| 2960 (self.client.classname, self.client.template, self.client.nodeid), | |
| 2961 ('user', 'forgotten|item|oops|foo', None)) | |
| 2962 self.assertEqual(self.client._ok_message, []) | |
| 2963 | |
| 2964 result = self.client.renderContext() | |
| 2965 print(result) | |
| 2966 # sha1sum of classic tracker user.forgotten.template must be found | |
| 2967 sha1sum = '<!-- SHA: f93570f95f861da40f9c45bbd2b049bb3a7c0fc5 -->' | |
| 2968 self.assertNotEqual(-1, result.index(sha1sum)) | |
| 2969 | |
| 2970 # now set an error in the form to get error template user.item.html | |
| 2971 self.client.form=db_test_base.makeForm({"@template": "forgotten|item|oops|foo", | |
| 2972 "@error_message": "this is an error"}) | |
| 2973 self.client.path = 'user' | |
| 2974 self.client.determine_context() | |
| 2975 result = self.client.renderContext() | |
| 2976 self.assertEqual(result, '<strong>No template file exists for templating "user" with template "item|oops|foo" (neither "user.item|oops|foo" nor "_generic.item|oops|foo")</strong>') | |
| 2944 | 2977 |
| 2945 def testexamine_url(self): | 2978 def testexamine_url(self): |
| 2946 ''' test the examine_url function ''' | 2979 ''' test the examine_url function ''' |
| 2947 | 2980 |
| 2948 def te(url, exception, raises=ValueError): | 2981 def te(url, exception, raises=ValueError): |