misc: only allow ascii numbers in IBAN and other checks (#41819)

2020-04-17 12:22:37 +02:00 · 2020-04-17 12:22:37 +02:00 · 9c0a2851ed
parent 5f1450de0a
commit 9c0a2851ed
2 changed files with 9 additions and 4 deletions
--- a/tests/test_widgets.py
+++ b/tests/test_widgets.py
@ -828,6 +828,7 @@ def test_wcsextrastringwidget_iban_validation():
                 'FR76 2004 1000 0101 2345 6%02 068',
                 'FR76 hello 234 6789 1234 6789 123',
                 'FRxx 2004 1000 0101 2345 6Z02 068',
+                 'FR76 3000 6000 011² 3456 7890 189',  # ²
            ]:
        widget = WcsExtraStringWidget('test', value='foo', required=False)
        widget.field = fakefield
--- a/wcs/qommon/misc.py
+++ b/wcs/qommon/misc.py
@ -701,13 +701,17 @@ def validate_luhn(string_value, length=None):
    return True


+def is_ascii_digit(string_value):
+    return string_value and all((x in '0123456789' for x in string_value))
+
+
 def validate_siren(string_value):
    return validate_luhn(string_value, length=9)


 def validate_siret(string_value):
    # special case : La Poste
-    if not string_value.isdigit():
+    if not is_ascii_digit(string_value):
        return False
    if (string_value.startswith('356000000')
            and len(string_value) == 14
@ -733,7 +737,7 @@ def validate_nir(string_value):
        string_value = string_value.replace('2A', '19', 1)
    elif dept == '2B':
        string_value = string_value.replace('2B', '18', 1)
-    if not string_value.isdigit():
+    if not is_ascii_digit(string_value):
        return False
    month = int(string_value[3:5])
    if month < 50 and month not in list(range(1, 13)) + [20] + list(range(30, 43)):
@ -751,7 +755,7 @@ def validate_iban(string_value):
    bban = string_value[4:]
    if not (country_code.isalpha() and country_code.isupper()):
        return False
-    if not iban_key.isdigit():
+    if not is_ascii_digit(iban_key):
        return False
    dummy_iban = bban + country_code + '00'
    dummy_iban_converted = ''
@ -760,6 +764,6 @@ def validate_iban(string_value):
            dummy_iban_converted += str(ord(car) - ord('A') + 10)
        else:
            dummy_iban_converted += car
-    if not dummy_iban_converted.isdigit():
+    if not is_ascii_digit(dummy_iban_converted):
        return False
    return int(iban_key) == 98 - int(dummy_iban_converted) % 97