Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
erp5
Commits
45de0345
Commit
45de0345
authored
Apr 14, 2022
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ERP5Form/EditorField: don't initialize with user input
parent
c45c2295
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
51 additions
and
0 deletions
+51
-0
bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testFields.py
...estTemplateItem/portal_components/test.erp5.testFields.py
+41
-0
product/ERP5Form/EditorField.py
product/ERP5Form/EditorField.py
+10
-0
No files found.
bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testFields.py
View file @
45de0345
...
@@ -42,6 +42,7 @@ from Products.Formulator.StandardFields import FloatField, StringField,\
...
@@ -42,6 +42,7 @@ from Products.Formulator.StandardFields import FloatField, StringField,\
DateTimeField
,
TextAreaField
,
CheckBoxField
,
ListField
,
LinesField
,
\
DateTimeField
,
TextAreaField
,
CheckBoxField
,
ListField
,
LinesField
,
\
MultiListField
,
IntegerField
MultiListField
,
IntegerField
from
Products.ERP5Form.CaptchaField
import
CaptchaField
from
Products.ERP5Form.CaptchaField
import
CaptchaField
from
Products.ERP5Form.EditorField
import
EditorField
from
Products.Formulator.MethodField
import
Method
from
Products.Formulator.MethodField
import
Method
from
Products.Formulator.TALESField
import
TALESMethod
from
Products.Formulator.TALESField
import
TALESMethod
...
@@ -1260,6 +1261,45 @@ class TestCaptchaField(ERP5TypeTestCase):
...
@@ -1260,6 +1261,45 @@ class TestCaptchaField(ERP5TypeTestCase):
})
})
class
TestEditorField
(
ERP5TypeTestCase
):
def
afterSetUp
(
self
):
self
.
field
=
EditorField
(
'test_field'
).
__of__
(
self
.
portal
)
self
.
portal
.
REQUEST
[
'here'
]
=
self
.
portal
def
test_render_editable_textarea
(
self
):
self
.
field
.
values
[
'default'
]
=
'value'
self
.
assertEqual
(
self
.
field
.
render
(
REQUEST
=
self
.
portal
.
REQUEST
),
'<textarea rows="5" cols="40" name="field_test_field" >
\
n
value</textarea>'
)
def
test_render_editable_textarea_REQUEST
(
self
):
self
.
field
.
values
[
'default'
]
=
'default value'
self
.
field
.
values
[
'editable'
]
=
1
self
.
portal
.
REQUEST
.
form
[
self
.
field
.
generate_field_key
(
key
=
self
.
field
.
id
)
]
=
'user <value>'
self
.
assertEqual
(
self
.
field
.
render
(
REQUEST
=
self
.
portal
.
REQUEST
),
'<textarea rows="5" cols="40" name="field_test_field" >
\
n
user <value></textarea>'
)
def
test_render_non_editable_textarea
(
self
):
self
.
field
.
values
[
'default'
]
=
'<not &scaped'
self
.
field
.
values
[
'editable'
]
=
0
self
.
assertEqual
(
self
.
field
.
render
(
REQUEST
=
self
.
portal
.
REQUEST
),
'<div ><not &scaped</div>'
)
def
test_render_non_editable_textarea_REQUEST
(
self
):
self
.
field
.
values
[
'default'
]
=
'trusted value'
self
.
field
.
values
[
'editable'
]
=
0
self
.
portal
.
REQUEST
.
form
[
self
.
field
.
generate_field_key
(
key
=
self
.
field
.
id
)
]
=
'untrusted user value'
self
.
assertEqual
(
self
.
field
.
render
(
REQUEST
=
self
.
portal
.
REQUEST
),
'<div >trusted value</div>'
)
def
makeDummyOid
():
def
makeDummyOid
():
import
time
,
random
import
time
,
random
return
'%s%s'
%
(
time
.
time
(),
random
.
random
())
return
'%s%s'
%
(
time
.
time
(),
random
.
random
())
...
@@ -1280,4 +1320,5 @@ def test_suite():
...
@@ -1280,4 +1320,5 @@ def test_suite():
suite
.
addTest
(
unittest
.
makeSuite
(
TestProxyField
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestProxyField
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestFieldValueCache
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestFieldValueCache
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestCaptchaField
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestCaptchaField
))
suite
.
addTest
(
unittest
.
makeSuite
(
TestEditorField
))
return
suite
return
suite
product/ERP5Form/EditorField.py
View file @
45de0345
...
@@ -155,3 +155,13 @@ class EditorField(ZMIField):
...
@@ -155,3 +155,13 @@ class EditorField(ZMIField):
widget
=
EditorWidgetInstance
widget
=
EditorWidgetInstance
validator
=
Validator
.
TextValidatorInstance
validator
=
Validator
.
TextValidatorInstance
def
_get_user_input_value
(
self
,
key
,
REQUEST
):
"""
Try to get a value of the field from the REQUEST
"""
# because non-editable editor fields are used to render raw HTML, we don't
# initialize them with user input.
if
self
.
get_value
(
'editable'
):
return
REQUEST
.
form
[
key
]
raise
KeyError
(
key
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment