mirror of
https://github.com/zulip/zulip.git
synced 2025-11-06 06:53:25 +00:00
Streams: Disallow certain markdown characters in stream names.
This commit is contained in:
Rhea Parekh
showell
@@ -140,6 +140,16 @@ casper.then(function () {
|
|||||||
casper.click('form#stream_creation_form button.button.white');
|
casper.click('form#stream_creation_form button.button.white');
|
||||||
casper.fill('form#add_new_subscription', {stream_name: ' '});
|
casper.fill('form#add_new_subscription', {stream_name: ' '});
|
||||||
casper.click('#add_new_subscription .create_stream_button');
|
casper.click('#add_new_subscription .create_stream_button');
|
||||||
|
casper.fill('form#stream_creation_form', {stream_name: 'Waseemio@'});
|
||||||
|
casper.click('form#stream_creation_form button.button.sea-green');
|
||||||
|
});
|
||||||
|
});
|
||||||
|
casper.then(function () {
|
||||||
|
casper.waitForSelectorText('#stream_name_error', 'Stream names cannot contain #, *, `, or @.', function () {
|
||||||
|
casper.test.assertTextExists('Stream names cannot contain #, *, `, or @.', "Can't create a stream with invalid characters");
|
||||||
|
casper.click('form#stream_creation_form button.button.white');
|
||||||
|
casper.fill('form#add_new_subscription', {stream_name: ' '});
|
||||||
|
casper.click('#add_new_subscription .create_stream_button');
|
||||||
casper.fill('form#stream_creation_form', {stream_name: 'Waseemio'});
|
casper.fill('form#stream_creation_form', {stream_name: 'Waseemio'});
|
||||||
casper.click('form#stream_creation_form button.button.sea-green');
|
casper.click('form#stream_creation_form button.button.sea-green');
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -33,6 +33,11 @@ var stream_name_error = (function () {
|
|||||||
$("#stream_name_error").show();
|
$("#stream_name_error").show();
|
||||||
};
|
};
|
||||||
|
|
||||||
|
self.report_invalid_chars = function () {
|
||||||
|
$("#stream_name_error").text(i18n.t("Stream names cannot contain #, *, `, or @."));
|
||||||
|
$("#stream_name_error").show();
|
||||||
|
};
|
||||||
|
|
||||||
self.select = function () {
|
self.select = function () {
|
||||||
$("#create_stream_name").focus().select();
|
$("#create_stream_name").focus().select();
|
||||||
};
|
};
|
||||||
@@ -66,6 +71,13 @@ var stream_name_error = (function () {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Keep characters in sync with Stream.NAME_INVALID_CHARS
|
||||||
|
if (/[#*`@]/.test(stream_name)) {
|
||||||
|
self.report_invalid_chars();
|
||||||
|
self.select();
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// If we got this far, then we think we have a new unique stream
|
// If we got this far, then we think we have a new unique stream
|
||||||
// name, so we'll submit to the server. (It's still plausible,
|
// name, so we'll submit to the server. (It's still plausible,
|
||||||
// however, that there's some invite-only stream that we don't
|
// however, that there's some invite-only stream that we don't
|
||||||
|
|||||||
@@ -1650,6 +1650,9 @@ def check_stream_name(stream_name: Text) -> None:
|
|||||||
raise JsonableError(_("Invalid stream name '%s'" % (stream_name)))
|
raise JsonableError(_("Invalid stream name '%s'" % (stream_name)))
|
||||||
if len(stream_name) > Stream.MAX_NAME_LENGTH:
|
if len(stream_name) > Stream.MAX_NAME_LENGTH:
|
||||||
raise JsonableError(_("Stream name too long (limit: %s characters)" % (Stream.MAX_NAME_LENGTH)))
|
raise JsonableError(_("Stream name too long (limit: %s characters)" % (Stream.MAX_NAME_LENGTH)))
|
||||||
|
if set(stream_name).intersection(Stream.NAME_INVALID_CHARS):
|
||||||
|
raise JsonableError(_("Invalid characters in stream name (disallowed characters: %s)."
|
||||||
|
% ((', ').join(Stream.NAME_INVALID_CHARS))))
|
||||||
for i in stream_name:
|
for i in stream_name:
|
||||||
if ord(i) == 0:
|
if ord(i) == 0:
|
||||||
raise JsonableError(_("Stream name '%s' contains NULL (0x00) characters." % (stream_name)))
|
raise JsonableError(_("Stream name '%s' contains NULL (0x00) characters." % (stream_name)))
|
||||||
|
|||||||
@@ -851,6 +851,8 @@ def generate_email_token_for_stream() -> str:
|
|||||||
|
|
||||||
class Stream(models.Model):
|
class Stream(models.Model):
|
||||||
MAX_NAME_LENGTH = 60
|
MAX_NAME_LENGTH = 60
|
||||||
|
# Keep in sync with stream_create.js
|
||||||
|
NAME_INVALID_CHARS = ['*', '@', '`', '#']
|
||||||
name = models.CharField(max_length=MAX_NAME_LENGTH, db_index=True) # type: Text
|
name = models.CharField(max_length=MAX_NAME_LENGTH, db_index=True) # type: Text
|
||||||
realm = models.ForeignKey(Realm, db_index=True, on_delete=CASCADE) # type: Realm
|
realm = models.ForeignKey(Realm, db_index=True, on_delete=CASCADE) # type: Realm
|
||||||
invite_only = models.NullBooleanField(default=False) # type: Optional[bool]
|
invite_only = models.NullBooleanField(default=False) # type: Optional[bool]
|
||||||
|
|||||||
@@ -1409,6 +1409,22 @@ class SubscriptionRestApiTest(ZulipTestCase):
|
|||||||
self.assert_json_error(result,
|
self.assert_json_error(result,
|
||||||
"Stream name too long (limit: 60 characters)")
|
"Stream name too long (limit: 60 characters)")
|
||||||
|
|
||||||
|
def test_stream_name_has_invalid_characters(self) -> None:
|
||||||
|
email = self.example_email('hamlet')
|
||||||
|
self.login(email)
|
||||||
|
|
||||||
|
stream_name = "a*"
|
||||||
|
request = {
|
||||||
|
'delete': ujson.dumps([stream_name])
|
||||||
|
}
|
||||||
|
result = self.client_patch(
|
||||||
|
"/api/v1/users/me/subscriptions",
|
||||||
|
request,
|
||||||
|
**self.api_auth(email)
|
||||||
|
)
|
||||||
|
self.assert_json_error(result,
|
||||||
|
"Invalid characters in stream name (disallowed characters: *, @, `, #).")
|
||||||
|
|
||||||
def test_stream_name_contains_null(self) -> None:
|
def test_stream_name_contains_null(self) -> None:
|
||||||
email = self.example_email('hamlet')
|
email = self.example_email('hamlet')
|
||||||
self.login(email)
|
self.login(email)
|
||||||
|
|||||||
Reference in New Issue
Block a user