From: richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
Date: Wed, 26 Mar 2003 06:46:17 +0000 (+0000)
Subject: handle invalid data input in forms better
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=7af551f672e93b8f1bf38c99a3e126dc1ec30db0;p=roundup.git

handle invalid data input in forms better


git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1634 57a73879-2fb5-44c3-a270-3262357dd7e2
---

diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
index 86c1c83..086ba5f 100644
--- a/roundup/cgi/client.py
+++ b/roundup/cgi/client.py
@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.110 2003-03-26 03:35:00 richard Exp $
+# $Id: client.py,v 1.111 2003-03-26 06:46:17 richard Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -1732,36 +1732,41 @@ You should then receive another email with the new password.
                 # other types should be None'd if there's no value
                 value = None
             else:
-                if isinstance(proptype, hyperdb.String):
-                    if (hasattr(value, 'filename') and
-                            value.filename is not None):
-                        # skip if the upload is empty
-                        if not value.filename:
-                            continue
-                        # this String is actually a _file_
-                        # try to determine the file content-type
-                        filename = value.filename.split('\\')[-1]
-                        if propdef.has_key('name'):
-                            props['name'] = filename
-                        # use this info as the type/filename properties
-                        if propdef.has_key('type'):
-                            props['type'] = mimetypes.guess_type(filename)[0]
-                            if not props['type']:
-                                props['type'] = "application/octet-stream"
-                        # finally, read the content
-                        value = value.value
-                    else:
-                        # normal String fix the CRLF/CR -> LF stuff
-                        value = fixNewlines(value)
-
-                elif isinstance(proptype, hyperdb.Date):
-                    value = date.Date(value, offset=timezone)
-                elif isinstance(proptype, hyperdb.Interval):
-                    value = date.Interval(value)
-                elif isinstance(proptype, hyperdb.Boolean):
-                    value = value.lower() in ('yes', 'true', 'on', '1')
-                elif isinstance(proptype, hyperdb.Number):
-                    value = float(value)
+                # handle ValueErrors for all these in a similar fashion
+                try:
+                    if isinstance(proptype, hyperdb.String):
+                        if (hasattr(value, 'filename') and
+                                value.filename is not None):
+                            # skip if the upload is empty
+                            if not value.filename:
+                                continue
+                            # this String is actually a _file_
+                            # try to determine the file content-type
+                            fn = value.filename.split('\\')[-1]
+                            if propdef.has_key('name'):
+                                props['name'] = fn
+                            # use this info as the type/filename properties
+                            if propdef.has_key('type'):
+                                props['type'] = mimetypes.guess_type(fn)[0]
+                                if not props['type']:
+                                    props['type'] = "application/octet-stream"
+                            # finally, read the content
+                            value = value.value
+                        else:
+                            # normal String fix the CRLF/CR -> LF stuff
+                            value = fixNewlines(value)
+
+                    elif isinstance(proptype, hyperdb.Date):
+                        value = date.Date(value, offset=timezone)
+                    elif isinstance(proptype, hyperdb.Interval):
+                        value = date.Interval(value)
+                    elif isinstance(proptype, hyperdb.Boolean):
+                        value = value.lower() in ('yes', 'true', 'on', '1')
+                    elif isinstance(proptype, hyperdb.Number):
+                        value = float(value)
+                except ValueError, msg:
+                    raise ValueError, _('Error with %s property: %s')%(
+                        propname, msg)
 
             # get the old value
             if nodeid and not nodeid.startswith('-'):
diff --git a/test/test_cgi.py b/test/test_cgi.py
index b1c89cf..85319e3 100644
--- a/test/test_cgi.py
+++ b/test/test_cgi.py
@@ -8,7 +8,7 @@
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 #
-# $Id: test_cgi.py,v 1.13 2003-03-18 00:37:25 richard Exp $
+# $Id: test_cgi.py,v 1.14 2003-03-26 06:46:17 richard Exp $
 
 import unittest, os, shutil, errno, sys, difflib, cgi, re
 
@@ -385,6 +385,9 @@ class FormTestCase(unittest.TestCase):
             ({('test', None): {}}, []))
         self.assertRaises(ValueError, self.parseForm, {'number': ['', '']})
 
+    def testInvalidNumber(self):
+        self.assertRaises(ValueError, self.parseForm, {'number': 'hi, mum!'})
+
     def testSetNumber(self):
         self.assertEqual(self.parseForm({'number': '1'}),
             ({('test', None): {'number': 1}}, []))
@@ -415,6 +418,9 @@ class FormTestCase(unittest.TestCase):
             ({('test', None): {}}, []))
         self.assertRaises(ValueError, self.parseForm, {'date': ['', '']})
 
+    def testInvalidDate(self):
+        self.assertRaises(ValueError, self.parseForm, {'date': '12'})
+
     def testSetDate(self):
         self.assertEqual(self.parseForm({'date': '2003-01-01'}),
             ({('test', None): {'date': date.Date('2003-01-01')}}, []))