ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

server/tags: add tag category color sanitization

Browse source
This commit is contained in:
rr- 2016-05-10 12:17:42 +02:00
parent 14a20e55f8
commit 03498b2d8e
2 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
server/szurubooru/func/tag_categories.py
View file

@ -51,6 +51,8 @@ def update_category_name(category, name):
def update_category_color(category, color): def update_category_color(category, color):
if not color: if not color:
raise InvalidTagCategoryNameError('Color cannot be empty.') raise InvalidTagCategoryNameError('Color cannot be empty.')
if not re.match(r'^#?[a-z]+$', color):
raise InvalidTagCategoryNameError('Invalid color.')
if util.value_exceeds_column_size(color, db.TagCategory.color): if util.value_exceeds_column_size(color, db.TagCategory.color):
raise InvalidTagCategoryColorError('Color is too long.') raise InvalidTagCategoryColorError('Color is too long.')
category.color = color category.color = color

1
server/szurubooru/tests/api/test_tag_category_updating.py
View file

@ -56,6 +56,7 @@ def test_simple_updating(test_ctx):
{'name': '!bad'}, {'name': '!bad'},
{'color': None}, {'color': None},
{'color': ''}, {'color': ''},
{'color': '; float:left'},
]) ])
def test_trying_to_pass_invalid_input(test_ctx, input): def test_trying_to_pass_invalid_input(test_ctx, input):
db.session.add(test_ctx.tag_category_factory(name='meta', color='black')) db.session.add(test_ctx.tag_category_factory(name='meta', color='black'))