You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by jo...@apache.org on 2013/07/01 18:53:40 UTC
git commit: [#6412] ticket:385 Allow only [-_a-zA-Z0-9]+ in short urls
Updated Branches:
refs/heads/master faf6a3950 -> 733c0b228
[#6412] ticket:385 Allow only [-_a-zA-Z0-9]+ in short urls
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/733c0b22
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/733c0b22
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/733c0b22
Branch: refs/heads/master
Commit: 733c0b2287f16dcd27b46933c216f082b78bdb6e
Parents: faf6a39
Author: Igor Bondarenko <je...@gmail.com>
Authored: Fri Jun 28 13:06:45 2013 +0000
Committer: Cory Johns <cj...@slashdotmedia.com>
Committed: Mon Jul 1 16:46:28 2013 +0000
----------------------------------------------------------------------
ForgeShortUrl/forgeshorturl/main.py | 12 +++++++++++-
ForgeShortUrl/forgeshorturl/tests/functional/test.py | 10 ++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/733c0b22/ForgeShortUrl/forgeshorturl/main.py
----------------------------------------------------------------------
diff --git a/ForgeShortUrl/forgeshorturl/main.py b/ForgeShortUrl/forgeshorturl/main.py
index d26c69e..3081e81 100644
--- a/ForgeShortUrl/forgeshorturl/main.py
+++ b/ForgeShortUrl/forgeshorturl/main.py
@@ -196,6 +196,16 @@ class RootController(BaseController):
class ShortURLAdminController(DefaultAdminController):
+
+ shorturl_validators = All(
+ validators.NotEmpty(),
+ validators.Regex(
+ r'^[-_a-zA-Z0-9]+$',
+ messages={'invalid': 'must include only letters, numbers, dashes and underscores.'}
+ )
+ )
+
+
def __init__(self, app):
self.app = app
@@ -215,7 +225,7 @@ class ShortURLAdminController(DefaultAdminController):
@expose('jinja:forgeshorturl:templates/form.html')
@validate(dict(full_url=All(validators.URL(add_http=True),
validators.NotEmpty()),
- short_url=validators.NotEmpty()))
+ short_url=shorturl_validators))
def add(self, short_url='', full_url='', description='', private='off',
update=False, **kw):
if update:
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/733c0b22/ForgeShortUrl/forgeshorturl/tests/functional/test.py
----------------------------------------------------------------------
diff --git a/ForgeShortUrl/forgeshorturl/tests/functional/test.py b/ForgeShortUrl/forgeshorturl/tests/functional/test.py
index e162b38..8f0fc64 100644
--- a/ForgeShortUrl/forgeshorturl/tests/functional/test.py
+++ b/ForgeShortUrl/forgeshorturl/tests/functional/test.py
@@ -97,6 +97,16 @@ class TestRootController(TestController):
r = self.app.post('/admin/url/add', params=d)
assert 'exists' in self.webflash(r)
+ def test_shorturl_chars_restrictions(self):
+ d = dict(short_url='', full_url='http://sf.net/')
+ r = self.app.post('/admin/url/add', params=d)
+ assert ShortUrl.query.find(dict(app_config_id=c.app.config._id)).count() == 0
+ assert 'Please enter a value' in self.webflash(r)
+ d = dict(short_url='g*', full_url='http://sf.net/')
+ r = self.app.post('/admin/url/add', params=d)
+ assert ShortUrl.query.find(dict(app_config_id=c.app.config._id)).count() == 0
+ assert 'Short url: must include only letters, numbers, dashes and underscores.' in self.webflash(r)
+
def test_shorturl_remove(self):
self.app.post('/admin/url/add',
params=dict(short_url='g', full_url='http://google.com/'))