From 772157fdb7a74f02078b83787d953afcb9472e2e Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Mar 06 2018 13:42:02 +0000 Subject: Forbid adding tags with a slash in their name to a project Fixes https://pagure.io/pagure/issue/1787 Signed-off-by: Pierre-Yves Chibon --- diff --git a/pagure/ui/issues.py b/pagure/ui/issues.py index e8a6924..f9029d2 100644 --- a/pagure/ui/issues.py +++ b/pagure/ui/issues.py @@ -478,6 +478,13 @@ def update_tags(repo, username=None, namespace=None): if col.strip() ] + for tag in tags: + if '/' in tag: + flask.flash( + 'Tag: %s contains an invalid character: "/"' % tag, + 'error') + error = True + color_pattern = re.compile('^#\w{3,6}$') for color in colors: if not color_pattern.match(color): diff --git a/tests/test_pagure_flask_ui_issues.py b/tests/test_pagure_flask_ui_issues.py index 2a156bd..2fafba8 100644 --- a/tests/test_pagure_flask_ui_issues.py +++ b/tests/test_pagure_flask_ui_issues.py @@ -3288,6 +3288,26 @@ class PagureFlaskIssuestests(tests.Modeltests): ' ', output.data) + # Invalid tag name + data = { + 'tag': 'red/green', + 'tag_description': 'lorem ipsum', + 'tag_color': '#fff', + 'csrf_token': csrf_token, + } + output = self.app.post( + '/test/update/tags', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 200) + self.assertIn( + 'Settings - test - Pagure', output.data) + self.assertIn( + '\n ' + 'Tag: red/green contains an invalid character: "/"', + output.data) + self.assertIn( + ' ', output.data) + # Inconsistent length tags (missing tag field) data = { 'tag': 'red',