Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Cédric Le Ninivin
erp5
Commits
ac6ad2a8
Commit
ac6ad2a8
authored
Apr 14, 2022
by
Jérome Perrin
Committed by
Cédric Le Ninivin
May 18, 2022
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ERP5Form/EditorField: don't initialize with user input
parent
3b080872
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
51 additions
and
0 deletions
+51
-0
bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testFields.py
...estTemplateItem/portal_components/test.erp5.testFields.py
+41
-0
product/ERP5Form/EditorField.py
product/ERP5Form/EditorField.py
+10
-0
No files found.
bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testFields.py
View file @
ac6ad2a8
...
@@ -39,6 +39,7 @@ from Products.Formulator.Validator import ValidationError
...
@@ -39,6 +39,7 @@ from Products.Formulator.Validator import ValidationError
from
Products.Formulator.StandardFields
import
FloatField
,
StringField
,
\
from
Products.Formulator.StandardFields
import
FloatField
,
StringField
,
\
DateTimeField
,
TextAreaField
,
CheckBoxField
,
ListField
,
LinesField
,
\
DateTimeField
,
TextAreaField
,
CheckBoxField
,
ListField
,
LinesField
,
\
MultiListField
,
IntegerField
MultiListField
,
IntegerField
from
Products.ERP5Form.EditorField
import
EditorField
from
Products.Formulator.MethodField
import
Method
from
Products.Formulator.MethodField
import
Method
from
Products.Formulator.TALESField
import
TALESMethod
from
Products.Formulator.TALESField
import
TALESMethod
...
@@ -1084,6 +1085,45 @@ class TestFieldValueCache(ERP5TypeTestCase):
...
@@ -1084,6 +1085,45 @@ class TestFieldValueCache(ERP5TypeTestCase):
self
.
assertEqual
(
True
,
cache_size
==
self
.
_getCacheSize
(
'ProxyField.get_value'
))
self
.
assertEqual
(
True
,
cache_size
==
self
.
_getCacheSize
(
'ProxyField.get_value'
))
class
TestEditorField
(
ERP5TypeTestCase
):
def
afterSetUp
(
self
):
self
.
field
=
EditorField
(
'test_field'
).
__of__
(
self
.
portal
)
self
.
portal
.
REQUEST
[
'here'
]
=
self
.
portal
def
test_render_editable_textarea
(
self
):
self
.
field
.
values
[
'default'
]
=
'value'
self
.
assertEqual
(
self
.
field
.
render
(
REQUEST
=
self
.
portal
.
REQUEST
),
'<textarea rows="5" cols="40" name="field_test_field" >
\
n
value</textarea>'
)
def
test_render_editable_textarea_REQUEST
(
self
):
self
.
field
.
values
[
'default'
]
=
'default value'
self
.
field
.
values
[
'editable'
]
=
1
self
.
portal
.
REQUEST
.
form
[
self
.
field
.
generate_field_key
(
key
=
self
.
field
.
id
)
]
=
'user <value>'
self
.
assertEqual
(
self
.
field
.
render
(
REQUEST
=
self
.
portal
.
REQUEST
),
'<textarea rows="5" cols="40" name="field_test_field" >
\
n
user <value></textarea>'
)
def
test_render_non_editable_textarea
(
self
):
self
.
field
.
values
[
'default'
]
=
'<not &scaped'
self
.
field
.
values
[
'editable'
]
=
0
self
.
assertEqual
(
self
.
field
.
render
(
REQUEST
=
self
.
portal
.
REQUEST
),
'<div ><not &scaped</div>'
)
def
test_render_non_editable_textarea_REQUEST
(
self
):
self
.
field
.
values
[
'default'
]
=
'trusted value'
self
.
field
.
values
[
'editable'
]
=
0
self
.
portal
.
REQUEST
.
form
[
self
.
field
.
generate_field_key
(
key
=
self
.
field
.
id
)
]
=
'untrusted user value'
self
.
assertEqual
(
self
.
field
.
render
(
REQUEST
=
self
.
portal
.
REQUEST
),
'<div >trusted value</div>'
)
def
makeDummyOid
():
def
makeDummyOid
():
import
time
,
random
import
time
,
random
return
'%s%s'
%
(
time
.
time
(),
random
.
random
())
return
'%s%s'
%
(
time
.
time
(),
random
.
random
())
...
@@ -1103,4 +1143,5 @@ def test_suite():
...
@@ -1103,4 +1143,5 @@ def test_suite():
suite
.
addTest
(
unittest
.
makeSuite
(
TestMultiListField
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestMultiListField
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestProxyField
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestProxyField
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestFieldValueCache
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestFieldValueCache
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestEditorField
))
return
suite
return
suite
product/ERP5Form/EditorField.py
View file @
ac6ad2a8
...
@@ -155,3 +155,13 @@ class EditorField(ZMIField):
...
@@ -155,3 +155,13 @@ class EditorField(ZMIField):
widget
=
EditorWidgetInstance
widget
=
EditorWidgetInstance
validator
=
Validator
.
TextValidatorInstance
validator
=
Validator
.
TextValidatorInstance
def
_get_user_input_value
(
self
,
key
,
REQUEST
):
"""
Try to get a value of the field from the REQUEST
"""
# because non-editable editor fields are used to render raw HTML, we don't
# initialize them with user input.
if
self
.
get_value
(
'editable'
):
return
REQUEST
.
form
[
key
]
raise
KeyError
(
key
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment