Part name validation fix (#3870)

* Check that part name format is actually valid * Expand exception handling when generating part "full_name" * Do not enforce client-side sanitization of form data - Form data sanitization is now handled server side
2024-08-30 18:33:04 +00:00 · 2022-10-28 15:56:16 +11:00 · 2022-10-28 15:56:16 +11:00 · 61c6054049
commit 61c6054049
parent 1c17977f4d
3 changed files with 19 additions and 9 deletions
--- a/InvenTree/InvenTree/validators.py
+++ b/InvenTree/InvenTree/validators.py
@ -8,6 +8,7 @@ from django.core import validators
 from django.core.exceptions import FieldDoesNotExist, ValidationError
 from django.utils.translation import gettext_lazy as _

+from jinja2 import Template
 from moneyed import CURRENCIES

 import common.models
@ -158,14 +159,19 @@ def validate_overage(value):
    )


-def validate_part_name_format(self):
+def validate_part_name_format(value):
    """Validate part name format.

    Make sure that each template container has a field of Part Model
    """
+
+    # Make sure that the field_name exists in Part model
+    from part.models import Part
+
    jinja_template_regex = re.compile('{{.*?}}')
    field_name_regex = re.compile('(?<=part\\.)[A-z]+')
-    for jinja_template in jinja_template_regex.findall(str(self)):
+
+    for jinja_template in jinja_template_regex.findall(str(value)):
        # make sure at least one and only one field is present inside the parser
        field_names = field_name_regex.findall(jinja_template)
        if len(field_names) < 1:
@ -173,9 +179,6 @@ def validate_part_name_format(self):
                'value': 'At least one field must be present inside a jinja template container i.e {{}}'
            })

-        # Make sure that the field_name exists in Part model
-        from part.models import Part
-
        for field_name in field_names:
            try:
                Part._meta.get_field(field_name)
@ -184,4 +187,14 @@ def validate_part_name_format(self):
                    'value': f'{field_name} does not exist in Part Model'
                })

+    # Attempt to render the template with a dummy Part instance
+    p = Part(name='test part', description='some test part')
+
+    try:
+        Template(value).render({'part': p})
+    except Exception as exc:
+        raise ValidationError({
+            'value': str(exc)
+        })
+
    return True
--- a/InvenTree/part/models.py
+++ b/InvenTree/part/models.py
@ -671,7 +671,7 @@ class Part(InvenTreeBarcodeMixin, MetadataMixin, MPTTModel):

            return full_name

-        except AttributeError as attr_err:
+        except Exception as attr_err:

            logger.warning(f"exception while trying to create full name for part {self.name}", attr_err)

--- a/InvenTree/templates/js/translated/forms.js
+++ b/InvenTree/templates/js/translated/forms.js
@ -205,9 +205,6 @@ function constructChangeForm(fields, options) {
        },
        success: function(data) {

-            // Ensure the data are fully sanitized before we operate on it
-            data = sanitizeData(data);
-
            // An optional function can be provided to process the returned results,
            // before they are rendered to the form
            if (options.processResults) {