voussoir
/
etiquette
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Experiment: Remove character whitelist for tag names. 

I have always felt bad about forbidding unicode in tag names,
but I want to make sure I have a grip on sanitization / preventing
abuse before allowing it. I think stripping control characters is
enough and any abuse can be handled manually.
Of course that's all fiction because there are no users except myself.
master
voussoir 2020-09-17 18:52:00 -07:00
parent 26b9371f26
commit 39b7f3cd98
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etiquette/constants.py
View File

@ -291,7 +291,7 @@ DEFAULT_CONFIGURATION = {
'tag': { 'tag': {
'min_length': 1, 'min_length': 1,
'max_length': 32, 'max_length': 32,
'valid_chars': string.ascii_lowercase + string.digits + '_()', # 'valid_chars': string.ascii_lowercase + string.digits + '_()',
}, },
'user': { 'user': {

12
etiquette/objects.py
View File

@ -1206,17 +1206,19 @@ class Tag(ObjectBase, GroupableMixin):
return description return description
@staticmethod @staticmethod
def normalize_name(name, valid_chars=None, min_length=None, max_length=None): def normalize_name(name, min_length=None, max_length=None):
original_name = name original_name = name
if valid_chars is None: # if valid_chars is None:
valid_chars = constants.DEFAULT_CONFIGURATION['tag']['valid_chars'] # valid_chars = constants.DEFAULT_CONFIGURATION['tag']['valid_chars']
name = name.lower().strip() name = name.lower()
name = helpers.remove_control_characters(name)
name = name.strip(' .+') name = name.strip(' .+')
name = name.split('+')[0].split('.')[-1] name = name.split('+')[0].split('.')[-1]
name = name.replace('-', '_') name = name.replace('-', '_')
name = name.replace(' ', '_') name = name.replace(' ', '_')
name = ''.join(c for c in name if c in valid_chars) name = name.replace('=', '')
# name = ''.join(c for c in name if c in valid_chars)
if min_length is not None and len(name) < min_length: if min_length is not None and len(name) < min_length:
raise exceptions.TagTooShort(original_name) raise exceptions.TagTooShort(original_name)

2
etiquette/photodb.py
View File

@ -1192,7 +1192,7 @@ class PDBTagMixin:
def normalize_tagname(self, tagname): def normalize_tagname(self, tagname):
tagname = objects.Tag.normalize_name( tagname = objects.Tag.normalize_name(
tagname, tagname,
valid_chars=self.config['tag']['valid_chars'], # valid_chars=self.config['tag']['valid_chars'],
min_length=self.config['tag']['min_length'], min_length=self.config['tag']['min_length'],
max_length=self.config['tag']['max_length'], max_length=self.config['tag']['max_length'],
) )