Repository :
http://git.fedorahosted.org/cgit/copr.git
On branch : master
---------------------------------------------------------------
commit 8d83ed0326209aa67138a403717e706cc46560a0
Author: Adam Samalik <asamalik(a)redhat.com>
Date: Tue Apr 8 15:37:59 2014 +0200
validate chroots in POST requests with API
---------------------------------------------------------------
.../coprs/views/api_ns/api_general.py | 20 ++++++++++++++++++--
1 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/frontend/coprs_frontend/coprs/views/api_ns/api_general.py
b/frontend/coprs_frontend/coprs/views/api_ns/api_general.py
index 0a5cd9f..c5b43eb 100644
--- a/frontend/coprs_frontend/coprs/views/api_ns/api_general.py
+++ b/frontend/coprs_frontend/coprs/views/api_ns/api_general.py
@@ -68,7 +68,15 @@ def api_new_copr(username):
form = forms.CoprFormFactory.create_form_cls()(csrf_enabled=False)
httpcode = 200
- if form.validate_on_submit():
+
+ # are there any arguments in POST which our form doesn't know?
+ if sum([1 for post_key in flask.request.form.keys() \
+ if post_key not in form.__dict__.keys()]):
+ output = {"output": "notok", "error":
+ "Unknown arguments passed (non-existing chroot probably)"}
+ httpcode = 500
+
+ elif form.validate_on_submit():
infos = []
try:
copr = coprs_logic.CoprsLogic.add(
@@ -209,7 +217,15 @@ def copr_new_build(username, coprname):
else:
form = forms.BuildFormFactory.create_form_cls(
copr.active_chroots)(csrf_enabled=False)
- if form.validate_on_submit() and flask.g.user.can_build_in(copr):
+
+ # are there any arguments in POST which our form doesn't know?
+ if sum([1 for post_key in flask.request.form.keys() \
+ if post_key not in form.__dict__.keys()]):
+ output = {"output": "notok", "error":
+ "Unknown arguments passed (non-existing chroot probably)"}
+ httpcode = 500
+
+ elif form.validate_on_submit() and flask.g.user.can_build_in(copr):
# we're checking authorization above for now
# and also creating separate build for each package
pkgs=form.pkgs.data.replace('\n', ' ').split(" ")