From a12f582d9255bc0c32ceb7abbdb39dc8e68c38b5 Mon Sep 17 00:00:00 2001 From: Jessica McKellar Date: Thu, 13 Sep 2012 17:48:20 -0400 Subject: [PATCH] Don't let people try to send zephyrs to empty class names. Also strip leading and trailing whitespace, so 'Bar' and 'Bar' aren't separate classes. (imported from commit a39c220d1a4c4d179f4adbf5e1391436eda32f4f) --- zephyr/static/js/zephyr.js | 29 +++++++++++++++++++++++------ zephyr/views.py | 4 ++-- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/zephyr/static/js/zephyr.js b/zephyr/static/js/zephyr.js index edc1b7195e..1c4ba0dcd2 100644 --- a/zephyr/static/js/zephyr.js +++ b/zephyr/static/js/zephyr.js @@ -55,6 +55,10 @@ function show_compose(tabname) { } } +function compose_class_name() { + return $.trim($("#class").val()); +} + $(function () { var status_classes = 'alert-error alert-success alert-info'; var send_status = $('#send-status'); @@ -73,9 +77,22 @@ $(function () { if ($("#class-message:visible")[0] === undefined) {// we're not dealing with classes return true; } + + var zephyr_class = compose_class_name(); + if (zephyr_class === "") { + // You can't try to send to an empty class. + send_status.removeClass(status_classes) + .addClass('alert-error') + .text('Please specify a class') + .stop(true).fadeTo(0,1); + buttons.removeAttr('disabled'); + $('#class-message input:not(:hidden):first').focus().select(); + return false; + } + var okay = true; $.ajax({ - url: "subscriptions/exists/" + $("#class").val(), + url: "subscriptions/exists/" + zephyr_class, async: false, success: function (data) { if (data === "False") { @@ -83,10 +100,10 @@ $(function () { okay = false; send_status.removeClass(status_classes); send_status.toggle(); - $('#class-dne-name').text($("#class").val()); + $('#class-dne-name').text(zephyr_class); $('#class-dne').show(); $('#create-it').focus().click(function () { - sub($("#class").val()); + sub(compose_class_name()); $("#class-message form").ajaxSubmit(); $('#class-dne').stop(true).fadeOut(500); }); @@ -95,15 +112,15 @@ $(function () { } } }); - if (okay && class_list.indexOf($("#class").val()) === -1) { + if (okay && class_list.indexOf(zephyr_class) === -1) { // You're not subbed to the class okay = false; send_status.removeClass(status_classes); send_status.toggle(); - $('#class-nosub-name').text($("#class").val()); + $('#class-nosub-name').text(zephyr_class); $('#class-nosub').show(); $('#sub-it').focus().click(function () { - sub($("#class").val()); + sub(compose_class_name()); $("#class-message form").ajaxSubmit(); $('#class-nosub').stop(true).fadeOut(500); }); diff --git a/zephyr/views.py b/zephyr/views.py index f10b34a651..5284b3114c 100644 --- a/zephyr/views.py +++ b/zephyr/views.py @@ -181,12 +181,12 @@ def zephyr_backend(request, sender): zephyr_type_name = request.POST["type"] if zephyr_type_name == 'class': - if "class" not in request.POST: + if "class" not in request.POST or not request.POST["class"]: return json_error("Missing class") if "instance" not in request.POST: return json_error("Missing instance") - class_name = request.POST['class'] + class_name = request.POST['class'].strip() if ZephyrClass.objects.filter(name=class_name, realm=user_profile.realm): my_class = ZephyrClass.objects.get(name=class_name, realm=user_profile.realm) else: