opengis: validate indexing template to avoid later crashes (#67381)
This commit is contained in:
parent
ae6ad39e09
commit
e7db96aa4f
|
@ -4,6 +4,8 @@ from __future__ import unicode_literals
|
|||
|
||||
from django.db import migrations, models
|
||||
|
||||
from passerelle.utils.templates import validate_template
|
||||
|
||||
|
||||
def create_indexing_template(apps, schema_editor):
|
||||
Query = apps.get_model('opengis', 'Query')
|
||||
|
@ -27,6 +29,7 @@ class Migration(migrations.Migration):
|
|||
field=models.TextField(
|
||||
blank=True,
|
||||
verbose_name='Indexing template',
|
||||
validators=[validate_template],
|
||||
),
|
||||
),
|
||||
migrations.RunPython(create_indexing_template, lambda x, y: None),
|
||||
|
|
|
@ -34,6 +34,7 @@ from passerelle.base.models import BaseQuery, BaseResource
|
|||
from passerelle.utils.api import endpoint
|
||||
from passerelle.utils.conversion import num2deg, simplify
|
||||
from passerelle.utils.jsonresponse import APIError
|
||||
from passerelle.utils.templates import validate_template
|
||||
|
||||
|
||||
def build_dict_from_xml(elem):
|
||||
|
@ -491,8 +492,7 @@ class Query(BaseQuery):
|
|||
typename = models.CharField(_('Feature type'), max_length=256)
|
||||
filter_expression = models.TextField(_('XML filter'), blank=True)
|
||||
indexing_template = models.TextField(
|
||||
verbose_name=_('Indexing template'),
|
||||
blank=True,
|
||||
verbose_name=_('Indexing template'), blank=True, validators=[validate_template]
|
||||
)
|
||||
computed_properties = JSONField(blank=True, default=dict)
|
||||
|
||||
|
|
|
@ -1035,3 +1035,16 @@ def test_opengis_test_indexing_template_view(mocked_get, admin_user, app, connec
|
|||
resp = app.get('/manage/opengis/%s/query/%s/' % (connector.slug, query.pk))
|
||||
assert url in resp.text
|
||||
assert 'Test template' in resp.text
|
||||
|
||||
|
||||
def test_opengis_query_creation_validates_template(admin_user, app, connector):
|
||||
app = login(app)
|
||||
resp = app.get('/manage/opengis/%s/query/new/' % connector.slug)
|
||||
resp.form['slug'] = 'foo'
|
||||
resp.form['name'] = 'Foo Bar'
|
||||
resp.form['typename'] = 'foo'
|
||||
resp.form['indexing_template'] = '{% if %}'
|
||||
|
||||
resp = resp.form.submit()
|
||||
|
||||
assert 'Unexpected end of expression in if tag' in str(resp.form.html)
|
||||
|
|
Loading…
Reference in New Issue