Mercurial > p > roundup > code
changeset 8320:b07165add61b
fix(web): issue2551406 - dont crash when handed invalid @template=a|b|c
Only two template cases (ok and error) are handled. Presence of second
'|' caused crash. Discovered/patch provided by Christof Meerwald
(cmeerw).
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 02 Jun 2025 08:52:39 -0400 |
| parents | 5e6ff4e9cacb |
| children | 71e961941be6 |
| files | CHANGES.txt roundup/cgi/client.py test/test_cgi.py |
| diffstat | 3 files changed, 37 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/CHANGES.txt Sun May 11 20:31:16 2025 -0400 +++ b/CHANGES.txt Mon Jun 02 08:52:39 2025 -0400 @@ -92,6 +92,9 @@ - issue2551323: remove functions used for XHTML template support. XHTML was deprecated in Roundup 2.3.0 and an invalid value in 2.4.0. +- issue2551406: 'Templating Error: too many values to unpack' crash + fixed. (reported by and patch Christof Meerwald, commit/test John + Rouillard) Features:
--- a/roundup/cgi/client.py Sun May 11 20:31:16 2025 -0400 +++ b/roundup/cgi/client.py Mon Jun 02 08:52:39 2025 -0400 @@ -2195,7 +2195,7 @@ # templates, just leave view alone. if (view and view.find('|') != -1): # we have alternate templates, parse them apart. - (oktmpl, errortmpl) = view.split("|", 2) + (oktmpl, errortmpl) = view.split("|", 1) # Choose the right template view = errortmpl if self._error_message else oktmpl
--- a/test/test_cgi.py Sun May 11 20:31:16 2025 -0400 +++ b/test/test_cgi.py Mon Jun 02 08:52:39 2025 -0400 @@ -2941,6 +2941,39 @@ sha1sum = '<!-- SHA: 952568414163cd12b2e89e91e59ef336da64fbbe -->' self.assertNotEqual(-1, result.index(sha1sum)) + def testRenderAltTemplatesError(self): + # check that an error is reported to user when rendering using + # @template=oktempl|errortmpl|oops|foo + + # template names can not include | + + # set up the client; + # run determine_context to set the required client attributes + # run renderContext(); check result for proper page + + # Test ok state template that uses user.forgotten.html + self.client.form=db_test_base.makeForm({"@template": "forgotten|item|oops|foo"}) + self.client.path = 'user' + self.client.determine_context() + self.client.session_api = MockNull(_sid="1234567890") + self.assertEqual( + (self.client.classname, self.client.template, self.client.nodeid), + ('user', 'forgotten|item|oops|foo', None)) + self.assertEqual(self.client._ok_message, []) + + result = self.client.renderContext() + print(result) + # sha1sum of classic tracker user.forgotten.template must be found + sha1sum = '<!-- SHA: f93570f95f861da40f9c45bbd2b049bb3a7c0fc5 -->' + self.assertNotEqual(-1, result.index(sha1sum)) + + # now set an error in the form to get error template user.item.html + self.client.form=db_test_base.makeForm({"@template": "forgotten|item|oops|foo", + "@error_message": "this is an error"}) + self.client.path = 'user' + self.client.determine_context() + result = self.client.renderContext() + self.assertEqual(result, '<strong>No template file exists for templating "user" with template "item|oops|foo" (neither "user.item|oops|foo" nor "_generic.item|oops|foo")</strong>') def testexamine_url(self): ''' test the examine_url function '''