entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 39 Releases Activity

api: raise 400 if multiple order_by are given (#89832)
gitea/wcs/pipeline/head This commit looks good Details

This commit is contained in:
Frédéric Péters 2024-04-21 11:08:13 +02:00
parent 4e0b3469f1
commit c191656d4a
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tests/api/test_formdata.py
View File

@ -1266,6 +1266,9 @@ def test_api_list_formdata(pub, local_user):
resp = get_app(pub).get(sign_uri('/api/forms/test/list?full=on&order_by=-foobar', user=local_user))
assert [d['fields']['foobar'] for d in resp.json] == ['FOO BAR %02d' % i for i in range(29, -1, -1)]
# check 400 on multiple order_by
get_app(pub).get(sign_uri('/api/forms/test/list?full=on&order_by=f0,foobar', user=local_user), status=400)
# check fts
resp = get_app(pub).get(sign_uri('/api/forms/test/list?full=on&q=foo', user=local_user))
assert len(resp.json) == 30

2
wcs/qommon/misc.py
View File

@ -1148,7 +1148,7 @@ def get_int_or_400(value):
def get_order_by_or_400(value):
if value in (None, ''):
return None
if not re.match(r'-?[a-z0-9_-]+$', value):
if not (isinstance(value, str) and re.match(r'-?[a-z0-9_-]+$', value)):
raise RequestError()
return value