manager: add validation of redirect url template syntax (#55363)

2021-07-03 12:54:38 +02:00 · 2021-07-03 12:54:38 +02:00 · 88f0138995
parent 75a0f2dab7
commit 88f0138995
2 changed files with 16 additions and 0 deletions
--- a/combo/manager/forms.py
+++ b/combo/manager/forms.py
@ -20,6 +20,7 @@ from django import forms
 from django.conf import settings
 from django.contrib.auth.models import Group
 from django.core.exceptions import ValidationError
+from django.template import Template, TemplateSyntaxError
 from django.template.loader import TemplateDoesNotExist, get_template
 from django.utils.translation import ugettext_lazy as _

@ -175,6 +176,15 @@ class PageEditRedirectionForm(forms.ModelForm):
        model = Page
        fields = ('redirect_url',)

+    def clean_redirect_url(self):
+        value = self.cleaned_data.get('redirect_url')
+        if value:
+            try:
+                Template(value)
+            except TemplateSyntaxError as e:
+                raise ValidationError(_('syntax error: %s') % e)
+        return value
+
    def save(self, *args, **kwargs):
        page = super(PageEditRedirectionForm, self).save(*args, **kwargs)
        page.redirect_url = page.redirect_url.strip()
--- a/tests/test_manager.py
+++ b/tests/test_manager.py
@ -278,6 +278,12 @@ def test_edit_page(app, admin_user):
    resp = resp.follow()
    assert 'http://www.example.net' in resp.text
    assert Page.objects.all()[0].redirect_url == 'http://www.example.net'
+    # redirection (error handling)
+    resp = resp.click(href='.*/redirection')
+    resp.form['redirect_url'].value = '{{ foo bar }}'
+    resp = resp.form.submit()
+    assert 'syntax error:' in resp.text
+    resp = resp.click('Cancel')
    # exclude from nav
    resp = resp.click(href='.*/include-in-navigation')
    resp.form['include_in_navigation'].checked = False