Docker-in-Docker (DinD) capabilities of public runners deactivated. More info

Commit da650da5 authored by LE GAC Renaud's avatar LE GAC Renaud
Browse files

Add a protection in the controller edit_insert against mal form record_id.

parent 2bbde0ef
......@@ -17,7 +17,8 @@ from harvest_tools import (build_harvester_tool,
from invenio_tools import (load_record,
OAI_URL,
RecordConf,
RecordThesis)
RecordThesis,
REG_INT)
from plugin_dbui import (get_id,
INLINE_ALERT,
Selector,
......@@ -107,6 +108,18 @@ def edit_insert():
table = virtdb.edit_insert_selector
try:
# Protection
#
# NOTE
# With plugin_dbui 0.7.1 it is possible to enter decimal value
# for the record id (e.g by typing 1503,03 in the field)
#
if REG_INT.match(request.vars.Edit_insert_selectorRecord_id) is None:
msg = T("The <i>record id</i> is not well formed.")
msg += "<br>"
msg += T("Use only digit character, no comma, no dot...")
return INLINE_ALERT % (T('Error'), msg)
selector = Selector(table)
for el in fields:
......
......@@ -628,6 +628,7 @@
'Temporary record': 'Enregistrement temporaire',
'Temps': 'Temps',
'The "query" is a condition like "db.table1.field1==\'value\'". Something like "db.table1.field1==db.table2.field2" results in a SQL JOIN.': 'The "query" is a condition like "db.table1.field1==\'value\'". Something like "db.table1.field1==db.table2.field2" results in a SQL JOIN.',
'The <i>record id</i> is not well formed.': 'Le <i>record id</i> est mal formé.',
'The field "%s" is missing ...': 'Le champ "%s" est manquant ...',
'The graph can be rendered as line or stacked chart. The latter is used when the stacked fields are defined. ': 'The graph can be rendered as line or stacked chart. The latter is used when the stacked fields are defined. ',
'The identifier of the record in the invenio store': 'The identifier of the record in the invenio store',
......@@ -682,6 +683,7 @@
'Url': 'Url',
'url': 'url',
'Use (...)&(...) for AND, (...)|(...) for OR, and ~(...) for NOT to build more complex queries.': 'Use (...)&(...) for AND, (...)|(...) for OR, and ~(...) for NOT to build more complex queries.',
'Use only digit character, no comma, no dot...': 'Utiliser seulement des chiffres, pas de virgule, pas de point...',
'User': 'Utilisateur',
'User %(id)s Logged-in': 'User %(id)s Logged-in',
'User %(id)s Logged-out': 'User %(id)s Logged-out',
......
......@@ -27,7 +27,7 @@ from exception import (CdsException,
XmlException)
from inveniostore import InvenioStore
from iterrecord import IterRecord
from iterrecord import IterRecord, REG_INT
from marc12 import Marc12
from record import Record
from recordconf import RecordConf
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment