Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Import export fix (#5677)

Browse Source 
* Update django-import-export

* Add custom handler to ensure data import is not too excessive
This commit is contained in:
Oliver 2023-10-09 11:48:17 +11:00 committed by GitHub
parent 608ca75763
commit e9e505edd4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
InvenTree/InvenTree/admin.py
View File

@ -5,6 +5,7 @@ from django.http.request import HttpRequest
from djmoney.contrib.exchange.admin import RateAdmin from djmoney.contrib.exchange.admin import RateAdmin
from djmoney.contrib.exchange.models import Rate from djmoney.contrib.exchange.models import Rate
from import_export.exceptions import ImportExportError
from import_export.resources import ModelResource from import_export.resources import ModelResource
@ -15,8 +16,39 @@ class InvenTreeResource(ModelResource):
Ref: https://owasp.org/www-community/attacks/CSV_Injection Ref: https://owasp.org/www-community/attacks/CSV_Injection
""" """
MAX_IMPORT_ROWS = 1000
MAX_IMPORT_COLS = 100
def import_data_inner(
self,
dataset,
dry_run,
raise_errors,
using_transactions,
collect_failed_rows,
rollback_on_validation_errors=None,
**kwargs
):
"""Override the default import_data_inner function to provide better error handling"""
if len(dataset) > self.MAX_IMPORT_ROWS:
raise ImportExportError(f"Dataset contains too many rows (max {self.MAX_IMPORT_ROWS})")
if len(dataset.headers) > self.MAX_IMPORT_COLS:
raise ImportExportError(f"Dataset contains too many columns (max {self.MAX_IMPORT_COLS})")
return super().import_data_inner(
dataset,
dry_run,
raise_errors,
using_transactions,
collect_failed_rows,
rollback_on_validation_errors=rollback_on_validation_errors,
**kwargs
)
def export_resource(self, obj): def export_resource(self, obj):
"""Custom function to override default row export behaviour. """Custom function to override default row export behavior.
Specifically, strip illegal leading characters to prevent formula injection Specifically, strip illegal leading characters to prevent formula injection
""" """

2
requirements.in
View File

@ -13,7 +13,7 @@ django-filter # Extended filtering options
django-flags # Feature flags django-flags # Feature flags
django-formtools # Form wizard tools django-formtools # Form wizard tools
django-ical # iCal export for calendar views django-ical # iCal export for calendar views
django-import-export==2.5.0 # Data import / export for admin interface django-import-export>=3.3.1 # Data import / export for admin interface
django-maintenance-mode # Shut down application while reloading etc. django-maintenance-mode # Shut down application while reloading etc.
django-markdownify # Markdown rendering django-markdownify # Markdown rendering
django-money<3.0.0 # Django app for currency management # FIXED 2022-06-26 to make sure py-moneyed is not conflicting django-money<3.0.0 # Django app for currency management # FIXED 2022-06-26 to make sure py-moneyed is not conflicting

2
requirements.txt
View File

@ -105,7 +105,7 @@ django-formtools==2.4.1
# via -r requirements.in # via -r requirements.in
django-ical==1.9.2 django-ical==1.9.2
# via -r requirements.in # via -r requirements.in
django-import-export==2.5.0 django-import-export==3.3.1
# via -r requirements.in # via -r requirements.in
django-js-asset==2.1.0 django-js-asset==2.1.0
# via django-mptt # via django-mptt