forked from github/plane
chore: html validation (#2970)
* chore: changed api serializers * chore: state status code * chore: removed sorted keys
This commit is contained in:
parent
8a8eea38f9
commit
e2524799d2
@ -30,6 +30,11 @@ class CycleSerializer(BaseSerializer):
|
|||||||
model = Cycle
|
model = Cycle
|
||||||
fields = "__all__"
|
fields = "__all__"
|
||||||
read_only_fields = [
|
read_only_fields = [
|
||||||
|
"id",
|
||||||
|
"created_at",
|
||||||
|
"updated_at",
|
||||||
|
"created_by",
|
||||||
|
"updated_by",
|
||||||
"workspace",
|
"workspace",
|
||||||
"project",
|
"project",
|
||||||
"owned_by",
|
"owned_by",
|
||||||
|
@ -1,3 +1,6 @@
|
|||||||
|
from lxml import html
|
||||||
|
|
||||||
|
|
||||||
# Django imports
|
# Django imports
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
|
|
||||||
@ -43,7 +46,6 @@ class IssueSerializer(BaseSerializer):
|
|||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = Issue
|
model = Issue
|
||||||
fields = "__all__"
|
|
||||||
read_only_fields = [
|
read_only_fields = [
|
||||||
"id",
|
"id",
|
||||||
"workspace",
|
"workspace",
|
||||||
@ -53,6 +55,10 @@ class IssueSerializer(BaseSerializer):
|
|||||||
"created_at",
|
"created_at",
|
||||||
"updated_at",
|
"updated_at",
|
||||||
]
|
]
|
||||||
|
exclude = [
|
||||||
|
"description",
|
||||||
|
"description_stripped",
|
||||||
|
]
|
||||||
|
|
||||||
def validate(self, data):
|
def validate(self, data):
|
||||||
if (
|
if (
|
||||||
@ -62,6 +68,15 @@ class IssueSerializer(BaseSerializer):
|
|||||||
):
|
):
|
||||||
raise serializers.ValidationError("Start date cannot exceed target date")
|
raise serializers.ValidationError("Start date cannot exceed target date")
|
||||||
|
|
||||||
|
try:
|
||||||
|
if(data.get("description_html", None) is not None):
|
||||||
|
parsed = html.fromstring(data["description_html"])
|
||||||
|
parsed_str = html.tostring(parsed, encoding='unicode')
|
||||||
|
data["description_html"] = parsed_str
|
||||||
|
|
||||||
|
except Exception as e:
|
||||||
|
raise serializers.ValidationError(f"Invalid HTML: {str(e)}")
|
||||||
|
|
||||||
# Validate assignees are from project
|
# Validate assignees are from project
|
||||||
if data.get("assignees", []):
|
if data.get("assignees", []):
|
||||||
data["assignees"] = ProjectMember.objects.filter(
|
data["assignees"] = ProjectMember.objects.filter(
|
||||||
@ -292,7 +307,6 @@ class IssueCommentSerializer(BaseSerializer):
|
|||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = IssueComment
|
model = IssueComment
|
||||||
fields = "__all__"
|
|
||||||
read_only_fields = [
|
read_only_fields = [
|
||||||
"id",
|
"id",
|
||||||
"workspace",
|
"workspace",
|
||||||
@ -303,6 +317,21 @@ class IssueCommentSerializer(BaseSerializer):
|
|||||||
"created_at",
|
"created_at",
|
||||||
"updated_at",
|
"updated_at",
|
||||||
]
|
]
|
||||||
|
exclude = [
|
||||||
|
"comment_stripped",
|
||||||
|
"comment_json",
|
||||||
|
]
|
||||||
|
|
||||||
|
def validate(self, data):
|
||||||
|
try:
|
||||||
|
if(data.get("comment_html", None) is not None):
|
||||||
|
parsed = html.fromstring(data["comment_html"])
|
||||||
|
parsed_str = html.tostring(parsed, encoding='unicode')
|
||||||
|
data["comment_html"] = parsed_str
|
||||||
|
|
||||||
|
except Exception as e:
|
||||||
|
raise serializers.ValidationError(f"Invalid HTML: {str(e)}")
|
||||||
|
return data
|
||||||
|
|
||||||
|
|
||||||
class IssueActivitySerializer(BaseSerializer):
|
class IssueActivitySerializer(BaseSerializer):
|
||||||
|
@ -21,6 +21,7 @@ class ProjectSerializer(BaseSerializer):
|
|||||||
fields = "__all__"
|
fields = "__all__"
|
||||||
read_only_fields = [
|
read_only_fields = [
|
||||||
"id",
|
"id",
|
||||||
|
'emoji',
|
||||||
"workspace",
|
"workspace",
|
||||||
"created_at",
|
"created_at",
|
||||||
"updated_at",
|
"updated_at",
|
||||||
|
@ -16,6 +16,11 @@ class StateSerializer(BaseSerializer):
|
|||||||
model = State
|
model = State
|
||||||
fields = "__all__"
|
fields = "__all__"
|
||||||
read_only_fields = [
|
read_only_fields = [
|
||||||
|
"id",
|
||||||
|
"created_by",
|
||||||
|
"updated_by",
|
||||||
|
"created_at",
|
||||||
|
"updated_at",
|
||||||
"workspace",
|
"workspace",
|
||||||
"project",
|
"project",
|
||||||
]
|
]
|
||||||
|
@ -64,7 +64,7 @@ class StateAPIEndpoint(BaseAPIView):
|
|||||||
)
|
)
|
||||||
|
|
||||||
if state.default:
|
if state.default:
|
||||||
return Response({"error": "Default state cannot be deleted"}, status=False)
|
return Response({"error": "Default state cannot be deleted"}, status=status.HTTP_400_BAD_REQUEST)
|
||||||
|
|
||||||
# Check for any issues in the state
|
# Check for any issues in the state
|
||||||
issue_exist = Issue.issue_objects.filter(state=state_id).exists()
|
issue_exist = Issue.issue_objects.filter(state=state_id).exists()
|
||||||
|
@ -77,7 +77,7 @@ class StateViewSet(BaseViewSet):
|
|||||||
)
|
)
|
||||||
|
|
||||||
if state.default:
|
if state.default:
|
||||||
return Response({"error": "Default state cannot be deleted"}, status=False)
|
return Response({"error": "Default state cannot be deleted"}, status=status.HTTP_400_BAD_REQUEST)
|
||||||
|
|
||||||
# Check for any issues in the state
|
# Check for any issues in the state
|
||||||
issue_exist = Issue.issue_objects.filter(state=pk).exists()
|
issue_exist = Issue.issue_objects.filter(state=pk).exists()
|
||||||
|
@ -109,7 +109,7 @@ def webhook_task(self, webhook, slug, event, event_data, action):
|
|||||||
if webhook.secret_key:
|
if webhook.secret_key:
|
||||||
hmac_signature = hmac.new(
|
hmac_signature = hmac.new(
|
||||||
webhook.secret_key.encode("utf-8"),
|
webhook.secret_key.encode("utf-8"),
|
||||||
json.dumps(payload, sort_keys=True).encode("utf-8"),
|
json.dumps(payload).encode("utf-8"),
|
||||||
hashlib.sha256,
|
hashlib.sha256,
|
||||||
)
|
)
|
||||||
signature = hmac_signature.hexdigest()
|
signature = hmac_signature.hexdigest()
|
||||||
|
@ -63,7 +63,7 @@ def date_filter(filter, date_term, queries):
|
|||||||
duration=int(digit),
|
duration=int(digit),
|
||||||
subsequent=date_query[1],
|
subsequent=date_query[1],
|
||||||
term=term,
|
term=term,
|
||||||
date_filter="created_at__date",
|
date_filter=date_term,
|
||||||
offset=date_query[2],
|
offset=date_query[2],
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
|
@ -38,3 +38,4 @@ beautifulsoup4==4.12.2
|
|||||||
dj-database-url==2.1.0
|
dj-database-url==2.1.0
|
||||||
posthog==3.0.2
|
posthog==3.0.2
|
||||||
cryptography==41.0.5
|
cryptography==41.0.5
|
||||||
|
lxml==4.9.3
|
||||||
|
Loading…
Reference in New Issue
Block a user