Issue 1815895
Created on 2007-10-18 15:45 by mephinet, last changed 2008-09-08 18:09 by anonymous.
|
| msg2904 |
Author: [hidden] (mephinet) |
Date: 2007-10-18 15:45 |
|
If a template realizes the input of a link field not using an drop-down box, but with a text input field instead, it becomes possible to enter invalid keys.
In that case, instead of an error message, an IndexError is raised.
To reproduce, open e.g. the issue.item.html of the demo or the classic tracker, and replace
context/assignedto/menu
with
context/assignedto/field
Now it is possible to enter invalid user names into the assigned-to field.
If you do so, instead of the error message, an IndexError is raised:
<type 'exceptions.IndexError'>: no such user johndoe
1. While evaluating the standard:'context/assignedto/field' expression on line 77
[...]
File "roundup/cgi/templating.py", line 1815, in field
value = linkcl.get(self._value, k)
File "/roundup/backends/back_anydbm.py", line 939, in get
d = self.db.getnode(self.classname, nodeid)
File "roundup/backends/back_anydbm.py", line 335, in getnode
raise IndexError, "no such %s %s"%(classname, nodeid)
IndexError: no such user johndoe
The attached patch fixes the problem by reusing the logic already in place via the `lookupKeys` and `lookupIds` functions.
I was unable to come up with a unittest that reproduces the behavior, since the test/test_templating.py seems to be dysfunctional, but if you give me a hint where to start, I'll definitely give it another try...
|
| msg2905 |
Author: [hidden] (richard) |
Date: 2007-11-02 23:16 |
|
Accepted, thanks!
Small changes to style to match existing codebase.
|
| msg2906 |
Author: [hidden] (anonymous) |
Date: 2008-09-08 18:09 |
|
BUu2lB <a href="http://rqmdftzyvbne.com/">rqmdftzyvbne</a>, [url=http://flsaakunhcso.com/]flsaakunhcso[/url], [link=http://feoxnmujpvse.com/]feoxnmujpvse[/link], http://gppmqmwsdcle.com/
|
|
| Date |
User |
Action |
Args |
| 2007-10-18 15:45:21 | mephinet | create | |
|