misc: limit api/menu-badges parameters to digits (#36387)
This commit is contained in:
parent
b7763d995f
commit
0378b9fed5
|
@ -524,7 +524,7 @@ def error404(request, *args, **kwargs):
|
|||
|
||||
def menu_badges(request):
|
||||
context = {'request': request}
|
||||
page_ids = request.GET.getlist('page[]')
|
||||
page_ids = [x for x in request.GET.getlist('page[]') if x.isdigit()]
|
||||
cells = []
|
||||
for klass in CellBase.get_cell_classes(lambda x: bool(x.get_badge)):
|
||||
cells.extend(klass.objects.filter(page_id__in=page_ids))
|
||||
|
|
|
@ -17,6 +17,8 @@ from combo.data.models import Page
|
|||
from combo.apps.notifications.models import Notification, NotificationsCell
|
||||
from combo.apps.lingo.models import Regie, ActiveItems, PaymentBackend
|
||||
|
||||
from .test_manager import login as login_app
|
||||
|
||||
pytestmark = pytest.mark.django_db
|
||||
|
||||
client = Client()
|
||||
|
@ -83,10 +85,11 @@ def test_notification_api(john_doe, jane_doe):
|
|||
assert notification.acked is True
|
||||
|
||||
|
||||
def test_notification_cell(john_doe, jane_doe):
|
||||
def test_notification_cell(app, john_doe, jane_doe):
|
||||
page = Page(title='notif', slug='test_notification_cell', template_name='standard')
|
||||
page.save()
|
||||
cell = NotificationsCell(page=page, placeholder='content', order=0)
|
||||
cell.save()
|
||||
|
||||
context = {'request': RequestFactory().get('/')}
|
||||
context['synchronous'] = True # to get fresh content
|
||||
|
@ -141,6 +144,10 @@ def test_notification_cell(john_doe, jane_doe):
|
|||
assert 'notiother' in content
|
||||
assert cell.get_badge(context) == {'badge': '1'}
|
||||
|
||||
app = login_app(app, username='jane.doe', password='jane.doe')
|
||||
resp = app.get('/api/menu-badges/?page[]=%s' % page.id)
|
||||
assert resp.json == {'1': {'badge': '1'}}
|
||||
|
||||
|
||||
def test_notification_ws(john_doe):
|
||||
|
||||
|
|
Loading…
Reference in New Issue