Mercurial > p > roundup > code
comparison roundup/cgi/templating.py @ 5095:d3ba0b254dbb
The patch to implement:
Validate properties specified for sorting and grouping in index
views. Original patch from martin.v.loewis via:
https://hg.python.org/tracker/roundup/rev/439bd3060df2
Applied by John Rouillard with some modification to properly
identify if the bad property is a sort or grouping property. Tests
added.
has an issue with the current code base. Apparently sometime it can be
entered without self.classname being defined. As a result the property
lookup fails. So guard it by checking for self.classname in a couple
of spots and if self.classname is not set just append the property
and let the target action sort it out.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 22 Jun 2016 21:29:14 -0400 |
| parents | 92d33d3125a0 |
| children | 8901cc4ef0e0 |
comparison
equal
deleted
inserted
replaced
| 5094:92d33d3125a0 | 5095:d3ba0b254dbb |
|---|---|
| 2515 fields = handleListCGIValue(self.form[key]) | 2515 fields = handleListCGIValue(self.form[key]) |
| 2516 if dirkey in self.form: | 2516 if dirkey in self.form: |
| 2517 dirs.append(self.form.getfirst(dirkey)) | 2517 dirs.append(self.form.getfirst(dirkey)) |
| 2518 if fields: # only try other special char if nothing found | 2518 if fields: # only try other special char if nothing found |
| 2519 break | 2519 break |
| 2520 cls = self.client.db.getclass(self.classname) | 2520 |
| 2521 # sometimes requests come in without a class | |
| 2522 # chances are they won't have any filter params, | |
| 2523 # in that case anyway but... | |
| 2524 if self.classname: | |
| 2525 cls = self.client.db.getclass(self.classname) | |
| 2521 for f, d in map(None, fields, dirs): | 2526 for f, d in map(None, fields, dirs): |
| 2522 if f.startswith('-'): | 2527 if f.startswith('-'): |
| 2523 dir, propname = '-', f[1:] | 2528 dir, propname = '-', f[1:] |
| 2524 elif d: | 2529 elif d: |
| 2525 dir, propname = '-', f | 2530 dir, propname = '-', f |
| 2526 else: | 2531 else: |
| 2527 dir, propname = '+', f | 2532 dir, propname = '+', f |
| 2528 if cls.get_transitive_prop(propname) is None: | 2533 # if no classname, just append the propname unchecked. |
| 2534 # this may be valid for some actions that bypass classes. | |
| 2535 if self.classname and cls.get_transitive_prop(propname) is None: | |
| 2529 self.client.add_error_message("Unknown %s property %s"%(name, propname)) | 2536 self.client.add_error_message("Unknown %s property %s"%(name, propname)) |
| 2530 else: | 2537 else: |
| 2531 var.append((dir, propname)) | 2538 var.append((dir, propname)) |
| 2532 | 2539 |
| 2533 def _form_has_key(self, name): | 2540 def _form_has_key(self, name): |