Show More
| @@ -424,7 +424,8 b' def PullRequestForm(repo_id):' | |||||
| 424 | def GistForm(lifetime_options): |
|
424 | def GistForm(lifetime_options): | |
| 425 | class _GistForm(formencode.Schema): |
|
425 | class _GistForm(formencode.Schema): | |
| 426 |
|
426 | |||
| 427 | filename = v.UnicodeString(strip=True, required=False) |
|
427 | filename = All(v.BasePath()(), | |
|
|
428 | v.UnicodeString(strip=True, required=False)) | |||
| 428 | description = v.UnicodeString(required=False, if_missing='') |
|
429 | description = v.UnicodeString(required=False, if_missing='') | |
| 429 | lifetime = v.OneOf(lifetime_options) |
|
430 | lifetime = v.OneOf(lifetime_options) | |
| 430 | content = v.UnicodeString(required=True, not_empty=True) |
|
431 | content = v.UnicodeString(required=True, not_empty=True) | |
| @@ -120,6 +120,9 b' class GistModel(BaseModel):' | |||||
| 120 |
|
120 | |||
| 121 | processed_mapping = {} |
|
121 | processed_mapping = {} | |
| 122 | for filename in gist_mapping: |
|
122 | for filename in gist_mapping: | |
|
|
123 | if filename != os.path.basename(filename): | |||
|
|
124 | raise Exception('Filename cannot be inside a directory') | |||
|
|
125 | ||||
| 123 | content = gist_mapping[filename]['content'] |
|
126 | content = gist_mapping[filename]['content'] | |
| 124 | #TODO: expand support for setting explicit lexers |
|
127 | #TODO: expand support for setting explicit lexers | |
| 125 | # if lexer is None: |
|
128 | # if lexer is None: | |
| @@ -768,7 +768,8 b' def ValidIp():' | |||||
| 768 | messages = dict( |
|
768 | messages = dict( | |
| 769 | badFormat=_('Please enter a valid IPv4 or IpV6 address'), |
|
769 | badFormat=_('Please enter a valid IPv4 or IpV6 address'), | |
| 770 | illegalBits=_('The network size (bits) must be within the range' |
|
770 | illegalBits=_('The network size (bits) must be within the range' | |
| 771 |
' of 0-32 (not %(bits)r)') |
|
771 | ' of 0-32 (not %(bits)r)') | |
|
|
772 | ) | |||
| 772 |
|
773 | |||
| 773 | def to_python(self, value, state): |
|
774 | def to_python(self, value, state): | |
| 774 | v = super(_validator, self).to_python(value, state) |
|
775 | v = super(_validator, self).to_python(value, state) | |
| @@ -800,10 +801,27 b' def FieldKey():' | |||||
| 800 | class _validator(formencode.validators.FancyValidator): |
|
801 | class _validator(formencode.validators.FancyValidator): | |
| 801 | messages = dict( |
|
802 | messages = dict( | |
| 802 | badFormat=_('Key name can only consist of letters, ' |
|
803 | badFormat=_('Key name can only consist of letters, ' | |
| 803 |
'underscore, dash or numbers') |
|
804 | 'underscore, dash or numbers') | |
|
|
805 | ) | |||
| 804 |
|
806 | |||
| 805 | def validate_python(self, value, state): |
|
807 | def validate_python(self, value, state): | |
| 806 | if not re.match('[a-zA-Z0-9_-]+$', value): |
|
808 | if not re.match('[a-zA-Z0-9_-]+$', value): | |
| 807 | raise formencode.Invalid(self.message('badFormat', state), |
|
809 | raise formencode.Invalid(self.message('badFormat', state), | |
| 808 | value, state) |
|
810 | value, state) | |
| 809 | return _validator |
|
811 | return _validator | |
|
|
812 | ||||
|
|
813 | ||||
|
|
814 | def BasePath(): | |||
|
|
815 | class _validator(formencode.validators.FancyValidator): | |||
|
|
816 | messages = dict( | |||
|
|
817 | badPath=_('Filename cannot be inside a directory') | |||
|
|
818 | ) | |||
|
|
819 | ||||
|
|
820 | def _to_python(self, value, state): | |||
|
|
821 | return value | |||
|
|
822 | ||||
|
|
823 | def validate_python(self, value, state): | |||
|
|
824 | if value != os.path.basename(value): | |||
|
|
825 | raise formencode.Invalid(self.message('badPath', state), | |||
|
|
826 | value, state) | |||
|
|
827 | return _validator | |||
| @@ -75,6 +75,16 b' class TestGistsController(TestController' | |||||
| 75 | response.mustcontain('gist test') |
|
75 | response.mustcontain('gist test') | |
| 76 | response.mustcontain('<div class="ui-btn green badge">Public gist</div>') |
|
76 | response.mustcontain('<div class="ui-btn green badge">Public gist</div>') | |
| 77 |
|
77 | |||
|
|
78 | def test_create_with_path_with_dirs(self): | |||
|
|
79 | self.log_user() | |||
|
|
80 | response = self.app.post(url('gists'), | |||
|
|
81 | params={'lifetime': -1, | |||
|
|
82 | 'content': 'gist test', | |||
|
|
83 | 'filename': '/home/foo', | |||
|
|
84 | 'public': 'public'}, | |||
|
|
85 | status=200) | |||
|
|
86 | response.mustcontain('Filename cannot be inside a directory') | |||
|
|
87 | ||||
| 78 | def test_access_expired_gist(self): |
|
88 | def test_access_expired_gist(self): | |
| 79 | self.log_user() |
|
89 | self.log_user() | |
| 80 | gist = _create_gist('never-see-me') |
|
90 | gist = _create_gist('never-see-me') | |
General Comments 0
You need to be logged in to leave comments.
Login now