Mercurial > p > roundup > code
changeset 4624:21705126dafa
Committed edited fix for issue2550712 by Cedric Krier.
| author | Bernhard Reiter <bernhard@intevation.de> |
|---|---|
| date | Mon, 14 May 2012 17:46:15 +0200 |
| parents | 4f9c3858b671 |
| children | 59de7ad827e2 |
| files | CHANGES.txt roundup/cgi/actions.py test/test_cgi.py |
| diffstat | 3 files changed, 27 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/CHANGES.txt Mon May 14 14:17:07 2012 +0200 +++ b/CHANGES.txt Mon May 14 17:46:15 2012 +0200 @@ -43,6 +43,8 @@ Reported and fixed by Ralf Hemmecke. (Bernhard) - issue2550715: IndexError when requesting non-existing file via http. Reported and fixed by Cédric Krier. (Bernhard) +- issue2550712: exportcsvaction errors poorly when given invalid columns. + Reported by Will Kahn-Greene, fixed by Cédric Krier. (Bernhard) - issue2550695: 'No sort or group' settings not retained when editing queries. Reported and fixed by John Kristensen. Tested by Satchidanand Haridas. (Bernhard)
--- a/roundup/cgi/actions.py Mon May 14 14:17:07 2012 +0200 +++ b/roundup/cgi/actions.py Mon May 14 17:46:15 2012 +0200 @@ -1035,6 +1035,18 @@ columns = request.columns klass = self.db.getclass(request.classname) + # check if all columns exist on class + # the exception must be raised before sending header + props = klass.getprops() + for cname in columns: + if cname not in props: + # TODO raise exceptions.NotFound(.....) does not give message + # so using SeriousError instead + self.client.response_code = 404 + raise exceptions.SeriousError( + self._('Column "%(column)s" not found on %(class)s') + % {'column': cgi.escape(cname), 'class': request.classname}) + # full-text search if request.search_text: matches = self.db.indexer.search(
--- a/test/test_cgi.py Mon May 14 14:17:07 2012 +0200 +++ b/test/test_cgi.py Mon May 14 17:46:15 2012 +0200 @@ -930,6 +930,16 @@ '8,resolved\r\n', output.getvalue()) + def testCSVExportBadColumnName(self): + cl = self._make_client({'@columns': 'falseid,name'}, nodeid=None, + userid='1') + cl.classname = 'status' + output = StringIO.StringIO() + cl.request = MockNull() + cl.request.wfile = output + self.assertRaises(exceptions.SeriousError, + actions.ExportCSVAction(cl).handle) + def testCSVExportFailPermission(self): cl = self._make_client({'@columns': 'id,email,password'}, nodeid=None, userid='2') @@ -937,7 +947,9 @@ output = StringIO.StringIO() cl.request = MockNull() cl.request.wfile = output - self.assertRaises(exceptions.Unauthorised, + # used to be self.assertRaises(exceptions.Unauthorised, + # but not acting like the column name is not found + self.assertRaises(exceptions.SeriousError, actions.ExportCSVAction(cl).handle)