inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2025-05-04 22:38:49 +00:00
Code

Part name validation fix (#3870)

Browse Source 
* Check that part name format is actually valid

* Expand exception handling when generating part "full_name"

* Do not enforce client-side sanitization of form data

- Form data sanitization is now handled server side
This commit is contained in:
Oliver 2022-10-28 15:56:16 +11:00 committed by GitHub
parent 1c17977f4d
commit 61c6054049
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
InvenTree/InvenTree/validators.py
View File

@ -8,6 +8,7 @@ from django.core import validators
from django.core.exceptions import FieldDoesNotExist, ValidationError from django.core.exceptions import FieldDoesNotExist, ValidationError
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from jinja2 import Template
from moneyed import CURRENCIES from moneyed import CURRENCIES
import common.models import common.models
@ -158,14 +159,19 @@ def validate_overage(value):
) )
def validate_part_name_format(self): def validate_part_name_format(value):
"""Validate part name format. """Validate part name format.
Make sure that each template container has a field of Part Model Make sure that each template container has a field of Part Model
""" """
# Make sure that the field_name exists in Part model
from part.models import Part
jinja_template_regex = re.compile('{{.*?}}') jinja_template_regex = re.compile('{{.*?}}')
field_name_regex = re.compile('(?<=part\\.)[A-z]+') field_name_regex = re.compile('(?<=part\\.)[A-z]+')
for jinja_template in jinja_template_regex.findall(str(self)):
for jinja_template in jinja_template_regex.findall(str(value)):
# make sure at least one and only one field is present inside the parser # make sure at least one and only one field is present inside the parser
field_names = field_name_regex.findall(jinja_template) field_names = field_name_regex.findall(jinja_template)
if len(field_names) < 1: if len(field_names) < 1:
@ -173,9 +179,6 @@ def validate_part_name_format(self):
'value': 'At least one field must be present inside a jinja template container i.e {{}}' 'value': 'At least one field must be present inside a jinja template container i.e {{}}'
}) })
# Make sure that the field_name exists in Part model
from part.models import Part
for field_name in field_names: for field_name in field_names:
try: try:
Part._meta.get_field(field_name) Part._meta.get_field(field_name)
@ -184,4 +187,14 @@ def validate_part_name_format(self):
'value': f'{field_name} does not exist in Part Model' 'value': f'{field_name} does not exist in Part Model'
}) })
# Attempt to render the template with a dummy Part instance
p = Part(name='test part', description='some test part')
try:
Template(value).render({'part': p})
except Exception as exc:
raise ValidationError({
'value': str(exc)
})
return True return True

2
InvenTree/part/models.py
View File

@ -671,7 +671,7 @@ class Part(InvenTreeBarcodeMixin, MetadataMixin, MPTTModel):
return full_name return full_name
except AttributeError as attr_err: except Exception as attr_err:
logger.warning(f"exception while trying to create full name for part {self.name}", attr_err) logger.warning(f"exception while trying to create full name for part {self.name}", attr_err)

3
InvenTree/templates/js/translated/forms.js
View File

@ -205,9 +205,6 @@ function constructChangeForm(fields, options) {
}, },
success: function(data) { success: function(data) {
// Ensure the data are fully sanitized before we operate on it
data = sanitizeData(data);
// An optional function can be provided to process the returned results, // An optional function can be provided to process the returned results,
// before they are rendered to the form // before they are rendered to the form
if (options.processResults) { if (options.processResults) {