thunderstrike/plane
thunderstrike/plane
2
0
Fork 0
forked from github/plane
Code Pull Requests Activity

chore: html validation (#2970)

Browse Source 
* chore: changed api serializers

* chore: state status code

* chore: removed sorted keys
This commit is contained in:
Bavisetti Narayan 2023-12-05 13:39:09 +05:30 committed by GitHub
parent 8a8eea38f9
commit e2524799d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 47 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apiserver/plane/api/serializers/cycle.py
View File

@ -30,6 +30,11 @@ class CycleSerializer(BaseSerializer):
model = Cycle model = Cycle
fields = "__all__" fields = "__all__"
read_only_fields = [ read_only_fields = [
"id",
"created_at",
"updated_at",
"created_by",
"updated_by",
"workspace", "workspace",
"project", "project",
"owned_by", "owned_by",

33
apiserver/plane/api/serializers/issue.py
View File

@ -1,3 +1,6 @@
from lxml import html
# Django imports # Django imports
from django.utils import timezone from django.utils import timezone
@ -43,7 +46,6 @@ class IssueSerializer(BaseSerializer):
class Meta: class Meta:
model = Issue model = Issue
fields = "__all__"
read_only_fields = [ read_only_fields = [
"id", "id",
"workspace", "workspace",
@ -53,6 +55,10 @@ class IssueSerializer(BaseSerializer):
"created_at", "created_at",
"updated_at", "updated_at",
] ]
exclude = [
"description",
"description_stripped",
]
def validate(self, data): def validate(self, data):
if ( if (
@ -61,6 +67,15 @@ class IssueSerializer(BaseSerializer):
and data.get("start_date", None) > data.get("target_date", None) and data.get("start_date", None) > data.get("target_date", None)
): ):
raise serializers.ValidationError("Start date cannot exceed target date") raise serializers.ValidationError("Start date cannot exceed target date")
try:
if(data.get("description_html", None) is not None):
parsed = html.fromstring(data["description_html"])
parsed_str = html.tostring(parsed, encoding='unicode')
data["description_html"] = parsed_str
except Exception as e:
raise serializers.ValidationError(f"Invalid HTML: {str(e)}")
# Validate assignees are from project # Validate assignees are from project
if data.get("assignees", []): if data.get("assignees", []):
@ -292,7 +307,6 @@ class IssueCommentSerializer(BaseSerializer):
class Meta: class Meta:
model = IssueComment model = IssueComment
fields = "__all__"
read_only_fields = [ read_only_fields = [
"id", "id",
"workspace", "workspace",
@ -303,6 +317,21 @@ class IssueCommentSerializer(BaseSerializer):
"created_at", "created_at",
"updated_at", "updated_at",
] ]
exclude = [
"comment_stripped",
"comment_json",
]
def validate(self, data):
try:
if(data.get("comment_html", None) is not None):
parsed = html.fromstring(data["comment_html"])
parsed_str = html.tostring(parsed, encoding='unicode')
data["comment_html"] = parsed_str
except Exception as e:
raise serializers.ValidationError(f"Invalid HTML: {str(e)}")
return data
class IssueActivitySerializer(BaseSerializer): class IssueActivitySerializer(BaseSerializer):

1
apiserver/plane/api/serializers/project.py
View File

@ -21,6 +21,7 @@ class ProjectSerializer(BaseSerializer):
fields = "__all__" fields = "__all__"
read_only_fields = [ read_only_fields = [
"id", "id",
'emoji',
"workspace", "workspace",
"created_at", "created_at",
"updated_at", "updated_at",

5
apiserver/plane/api/serializers/state.py
View File

@ -16,6 +16,11 @@ class StateSerializer(BaseSerializer):
model = State model = State
fields = "__all__" fields = "__all__"
read_only_fields = [ read_only_fields = [
"id",
"created_by",
"updated_by",
"created_at",
"updated_at",
"workspace", "workspace",
"project", "project",
] ]

2
apiserver/plane/api/views/state.py
View File

@ -64,7 +64,7 @@ class StateAPIEndpoint(BaseAPIView):
) )
if state.default: if state.default:
return Response({"error": "Default state cannot be deleted"}, status=False) return Response({"error": "Default state cannot be deleted"}, status=status.HTTP_400_BAD_REQUEST)
# Check for any issues in the state # Check for any issues in the state
issue_exist = Issue.issue_objects.filter(state=state_id).exists() issue_exist = Issue.issue_objects.filter(state=state_id).exists()

2
apiserver/plane/app/views/state.py
View File

@ -77,7 +77,7 @@ class StateViewSet(BaseViewSet):
) )
if state.default: if state.default:
return Response({"error": "Default state cannot be deleted"}, status=False) return Response({"error": "Default state cannot be deleted"}, status=status.HTTP_400_BAD_REQUEST)
# Check for any issues in the state # Check for any issues in the state
issue_exist = Issue.issue_objects.filter(state=pk).exists() issue_exist = Issue.issue_objects.filter(state=pk).exists()

2
apiserver/plane/bgtasks/webhook_task.py
View File

@ -109,7 +109,7 @@ def webhook_task(self, webhook, slug, event, event_data, action):
if webhook.secret_key: if webhook.secret_key:
hmac_signature = hmac.new( hmac_signature = hmac.new(
webhook.secret_key.encode("utf-8"), webhook.secret_key.encode("utf-8"),
json.dumps(payload, sort_keys=True).encode("utf-8"), json.dumps(payload).encode("utf-8"),
hashlib.sha256, hashlib.sha256,
) )
signature = hmac_signature.hexdigest() signature = hmac_signature.hexdigest()

2
apiserver/plane/utils/issue_filters.py
View File

@ -63,7 +63,7 @@ def date_filter(filter, date_term, queries):
duration=int(digit), duration=int(digit),
subsequent=date_query[1], subsequent=date_query[1],
term=term, term=term,
date_filter="created_at__date", date_filter=date_term,
offset=date_query[2], offset=date_query[2],
) )
else: else:

1
apiserver/requirements/base.txt
View File

@ -38,3 +38,4 @@ beautifulsoup4==4.12.2
dj-database-url==2.1.0 dj-database-url==2.1.0
posthog==3.0.2 posthog==3.0.2
cryptography==41.0.5 cryptography==41.0.5
lxml==4.9.3