[03/50] [abbrv] git commit: [#6412] ticket:385 Allow only [-_a-zA-Z0-9]+ in short urls

[br...@apache.org]

[#6412] ticket:385 Allow only [-_a-zA-Z0-9]+ in short urls


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/733c0b22
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/733c0b22
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/733c0b22

Branch: refs/heads/db/6277
Commit: 733c0b2287f16dcd27b46933c216f082b78bdb6e
Parents: faf6a39
Author: Igor Bondarenko <je...@gmail.com>
Authored: Fri Jun 28 13:06:45 2013 +0000
Committer: Cory Johns <cj...@slashdotmedia.com>
Committed: Mon Jul 1 16:46:28 2013 +0000

----------------------------------------------------------------------
 ForgeShortUrl/forgeshorturl/main.py                  | 12 +++++++++++-
 ForgeShortUrl/forgeshorturl/tests/functional/test.py | 10 ++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/733c0b22/ForgeShortUrl/forgeshorturl/main.py
----------------------------------------------------------------------
diff --git a/ForgeShortUrl/forgeshorturl/main.py b/ForgeShortUrl/forgeshorturl/main.py
index d26c69e..3081e81 100644
--- a/ForgeShortUrl/forgeshorturl/main.py
+++ b/ForgeShortUrl/forgeshorturl/main.py
@@ -196,6 +196,16 @@ class RootController(BaseController):
 
 
 class ShortURLAdminController(DefaultAdminController):
+
+    shorturl_validators = All(
+        validators.NotEmpty(),
+        validators.Regex(
+            r'^[-_a-zA-Z0-9]+$',
+            messages={'invalid': 'must include only letters, numbers, dashes and underscores.'}
+        )
+    )
+
+
     def __init__(self, app):
         self.app = app
 
@@ -215,7 +225,7 @@ class ShortURLAdminController(DefaultAdminController):
     @expose('jinja:forgeshorturl:templates/form.html')
     @validate(dict(full_url=All(validators.URL(add_http=True),
                                 validators.NotEmpty()),
-                   short_url=validators.NotEmpty()))
+                   short_url=shorturl_validators))
     def add(self, short_url='', full_url='', description='', private='off',
             update=False, **kw):
         if update:

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/733c0b22/ForgeShortUrl/forgeshorturl/tests/functional/test.py
----------------------------------------------------------------------
diff --git a/ForgeShortUrl/forgeshorturl/tests/functional/test.py b/ForgeShortUrl/forgeshorturl/tests/functional/test.py
index e162b38..8f0fc64 100644
--- a/ForgeShortUrl/forgeshorturl/tests/functional/test.py
+++ b/ForgeShortUrl/forgeshorturl/tests/functional/test.py
@@ -97,6 +97,16 @@ class TestRootController(TestController):
         r = self.app.post('/admin/url/add', params=d)
         assert 'exists' in self.webflash(r)
 
+    def test_shorturl_chars_restrictions(self):
+        d = dict(short_url='', full_url='http://sf.net/')
+        r = self.app.post('/admin/url/add', params=d)
+        assert ShortUrl.query.find(dict(app_config_id=c.app.config._id)).count() == 0
+        assert 'Please enter a value' in self.webflash(r)
+        d = dict(short_url='g*', full_url='http://sf.net/')
+        r = self.app.post('/admin/url/add', params=d)
+        assert ShortUrl.query.find(dict(app_config_id=c.app.config._id)).count() == 0
+        assert 'Short url: must include only letters, numbers, dashes and underscores.' in self.webflash(r)
+
     def test_shorturl_remove(self):
         self.app.post('/admin/url/add',
                 params=dict(short_url='g', full_url='http://google.com/'))