inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2025-06-17 12:35:46 +00:00
Code Activity

Merge pull request from GHSA-7rq4-qcpw-74gq

Browse Source 
* Create custom ModelResource subclass

- Strips illegal starting characters from string cells
- Prevents formula injection

* Update all existing ModelResource classes to base off InvenTreeResource

* Handle more complex case where an illegal char is hidden behind another one
This commit is contained in:
Oliver
2022-06-15 18:32:35 +10:00
committed by GitHub
parent 76aa3a75f2
commit 57563f6b7a
6 changed files with 57 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
InvenTree/order/admin.py
View File

@ -5,7 +5,8 @@ from django.contrib import admin
import import_export.widgets as widgets
from import_export.admin import ImportExportModelAdmin
from import_export.fields import Field
from import_export.resources import ModelResource
from InvenTree.admin import InvenTreeResource
from .models import (PurchaseOrder, PurchaseOrderExtraLine,
PurchaseOrderLineItem, SalesOrder, SalesOrderAllocation,
@ -97,7 +98,7 @@ class SalesOrderAdmin(ImportExportModelAdmin):
autocomplete_fields = ('customer',)
class PurchaseOrderResource(ModelResource):
class PurchaseOrderResource(InvenTreeResource):
"""Class for managing import / export of PurchaseOrder data."""
# Add number of line items
@ -116,7 +117,7 @@ class PurchaseOrderResource(ModelResource):
]
class PurchaseOrderLineItemResource(ModelResource):
class PurchaseOrderLineItemResource(InvenTreeResource):
"""Class for managing import / export of PurchaseOrderLineItem data."""
part_name = Field(attribute='part__part__name', readonly=True)
@ -135,7 +136,7 @@ class PurchaseOrderLineItemResource(ModelResource):
clean_model_instances = True
class PurchaseOrderExtraLineResource(ModelResource):
class PurchaseOrderExtraLineResource(InvenTreeResource):
"""Class for managing import / export of PurchaseOrderExtraLine data."""
class Meta(GeneralExtraLineMeta):
@ -144,7 +145,7 @@ class PurchaseOrderExtraLineResource(ModelResource):
model = PurchaseOrderExtraLine
class SalesOrderResource(ModelResource):
class SalesOrderResource(InvenTreeResource):
"""Class for managing import / export of SalesOrder data."""
# Add number of line items
@ -163,7 +164,7 @@ class SalesOrderResource(ModelResource):
]
class SalesOrderLineItemResource(ModelResource):
class SalesOrderLineItemResource(InvenTreeResource):
"""Class for managing import / export of SalesOrderLineItem data."""
part_name = Field(attribute='part__name', readonly=True)
@ -192,7 +193,7 @@ class SalesOrderLineItemResource(ModelResource):
clean_model_instances = True
class SalesOrderExtraLineResource(ModelResource):
class SalesOrderExtraLineResource(InvenTreeResource):
"""Class for managing import / export of SalesOrderExtraLine data."""
class Meta(GeneralExtraLineMeta):