Changeset 10029

Timestamp:

15 Mar 2013, 07:39:09 (12 years ago)

Author:

Henrik Bettermann

Message:

Let's forbid some mistakenly added characters like character 160.

Location:

main/waeup.kofa/trunk/src/waeup/kofa/browser

Files:

• pages.py (modified) (2 diffs)
• tests/forbidden_file.csv (added)
• tests/test_browser.py (modified) (2 diffs)

main/waeup.kofa/trunk/src/waeup/kofa/browser/pages.py

@@ -73 +73 @@
 from waeup.kofa.students.export import EXPORTER_NAMES as STUDENT_EXPORTERS
 
+FORBIDDEN_CHARACTERS = (160,)
+
 grok.context(IKofaObject)
 grok.templatedir('templates')
@@ -1043 +1045 @@
             logger = self.context.logger
 
-            # XXX: temporary solution to prevent users from
-            # uploading non-ascii files.
-            #for element in filecontent:
-            #    try:
-            #        if ord(element) > 128:
-            #          self.flash(_(
-            #              "Only ASCII files are allowed. "
-            #              "Your file contains non-ASCII characters."))
-            #          logger.info('%s - non-ascii file uploaded: %s' %
-            #              (ob_class, target))
-            #          return
-            #    except TypeError:
-            #        self.flash(_(
-            #            "Only ASCII files are allowed. "
-            #            "Your file contains non-ASCII characters."))
-            #        logger.info('%s - non-ascii file uploaded: %s' %
-            #            (ob_class, target))
-            #        return
+            # Forbid certain characters in import files.
+            for element in filecontent:
+                try:
+                    if ord(element) in FORBIDDEN_CHARACTERS:
+                      self.flash(_(
+                          "Your file contains forbidden characters. "
+                          "Please replace."))
+                      logger.info('%s - invalid file uploaded: %s' %
+                          (ob_class, target))
+                      return
+                except TypeError:
+                    self.flash(_(
+                        "Your file contains forbidden characters. "
+                        "Please replace."))
+                    logger.info('%s - invalid file uploaded: %s' %
+                        (ob_class, target))
+                    return
 
             open(target, 'wb').write(filecontent)

main/waeup.kofa/trunk/src/waeup/kofa/browser/tests/test_browser.py

@@ -36 +36 @@
 
 SAMPLE_FILE = os.path.join(os.path.dirname(__file__), 'test_file.csv')
+FORBIDDEN_FILE = os.path.join(os.path.dirname(__file__), 'forbidden_file.csv')
 
 class UniversitySetup(FunctionalTestCase):
@@ -144 +145 @@
         return
 
+    def test_forbidden_file_upload(self):
+        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+        self.browser.open(self.datacenter_path)
+        self.assertEqual(self.browser.headers['Status'], '200 Ok')
+        self.assertEqual(self.browser.url, self.datacenter_path)
+        self.browser.getLink("Upload data").click()
+        file = open(FORBIDDEN_FILE)
+        ctrl = self.browser.getControl(name='uploadfile:file')
+        file_ctrl = ctrl.mech_control
+        file_ctrl.add_file(file, filename='my_corrupted_file.csv')
+        self.browser.getControl('Upload').click()
+        self.assertTrue(
+            'Your file contains forbidden characters. Please replace.'
+            in self.browser.contents)
+        logfile = os.path.join(
+            self.app['datacenter'].storage, 'logs', 'datacenter.log')
+        logcontent = open(logfile).read()
+        self.assertTrue('zope.mgr - browser.pages.DatacenterUploadPage - '
+            'invalid file uploaded:' in logcontent)
+        return
 
 class DataCenterUIExportTests(UniversitySetup, FunctionalAsyncTestCase):