aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2014-05-05 13:40:39 +0200
committerCédric Bonhomme <cedric@cedricbonhomme.org>2014-05-05 13:40:39 +0200
commit9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea (patch)
tree7de83599fb3a24632f1fc78735b573ec49bf31c4
parentFixed a security problem. (diff)
downloadnewspipe-9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea.tar.gz
newspipe-9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea.tar.bz2
newspipe-9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea.zip
Improved forms validation.
-rw-r--r--messages.pot84
-rw-r--r--pyaggr3g470r/forms.py25
-rw-r--r--pyaggr3g470r/models.py5
-rw-r--r--pyaggr3g470r/translations/fr/LC_MESSAGES/messages.mobin9531 -> 9898 bytes
-rw-r--r--pyaggr3g470r/translations/fr/LC_MESSAGES/messages.po98
5 files changed, 124 insertions, 88 deletions
diff --git a/messages.pot b/messages.pot
index 5bdf75f6..a2295726 100644
--- a/messages.pot
+++ b/messages.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PROJECT VERSION\n"
"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
-"POT-Creation-Date: 2014-05-05 12:19+0200\n"
+"POT-Creation-Date: 2014-05-05 13:39+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,84 +17,96 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Generated-By: Babel 1.3\n"
-#: pyaggr3g470r/forms.py:38 pyaggr3g470r/forms.py:93
+#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:100
msgid "First name"
msgstr ""
-#: pyaggr3g470r/forms.py:38 pyaggr3g470r/forms.py:93
+#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:100
msgid "Please enter your first name."
msgstr ""
-#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:94
+#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:101
msgid "Last name"
msgstr ""
-#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:94
+#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:101
msgid "Please enter your last name."
msgstr ""
-#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:95
+#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:102
#: pyaggr3g470r/templates/admin/dashboard.html:14
msgid "Email"
msgstr ""
-#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:95
+#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:102
msgid "Please enter your email."
msgstr ""
-#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:58 pyaggr3g470r/forms.py:96
+#: pyaggr3g470r/forms.py:42 pyaggr3g470r/forms.py:65 pyaggr3g470r/forms.py:103
msgid "Password"
msgstr ""
-#: pyaggr3g470r/forms.py:43
+#: pyaggr3g470r/forms.py:42 pyaggr3g470r/forms.py:65
+msgid "Please enter a password."
+msgstr ""
+
+#: pyaggr3g470r/forms.py:44 pyaggr3g470r/templates/login.html:29
msgid "Sign up"
msgstr ""
-#: pyaggr3g470r/forms.py:57
-msgid "Please enter your email address."
+#: pyaggr3g470r/forms.py:53 pyaggr3g470r/forms.py:113
+msgid ""
+"This firstname has invalid characters. Please use letters, numbers, dots "
+"and underscores only."
msgstr ""
-#: pyaggr3g470r/forms.py:58
-msgid "Please enter a password."
+#: pyaggr3g470r/forms.py:56 pyaggr3g470r/forms.py:116
+msgid ""
+"This lastname has invalid characters. Please use letters, numbers, dots "
+"and underscores only."
msgstr ""
-#: pyaggr3g470r/forms.py:59 pyaggr3g470r/templates/login.html:5
+#: pyaggr3g470r/forms.py:64
+msgid "Please enter your email address."
+msgstr ""
+
+#: pyaggr3g470r/forms.py:66 pyaggr3g470r/templates/login.html:5
msgid "Log In"
msgstr ""
-#: pyaggr3g470r/forms.py:72
+#: pyaggr3g470r/forms.py:79
msgid "Invalid email or password"
msgstr ""
-#: pyaggr3g470r/forms.py:77 pyaggr3g470r/templates/feeds.html:11
+#: pyaggr3g470r/forms.py:84 pyaggr3g470r/templates/feeds.html:11
msgid "Title"
msgstr ""
-#: pyaggr3g470r/forms.py:77
+#: pyaggr3g470r/forms.py:84
msgid "Please enter a title."
msgstr ""
-#: pyaggr3g470r/forms.py:78 pyaggr3g470r/templates/admin/user.html:30
+#: pyaggr3g470r/forms.py:85 pyaggr3g470r/templates/admin/user.html:30
msgid "Feed link"
msgstr ""
-#: pyaggr3g470r/forms.py:78
+#: pyaggr3g470r/forms.py:85
msgid "Please enter a link for the feed."
msgstr ""
-#: pyaggr3g470r/forms.py:79 pyaggr3g470r/templates/admin/user.html:31
+#: pyaggr3g470r/forms.py:86 pyaggr3g470r/templates/admin/user.html:31
msgid "Site link"
msgstr ""
-#: pyaggr3g470r/forms.py:80
+#: pyaggr3g470r/forms.py:87
msgid "Email notification"
msgstr ""
-#: pyaggr3g470r/forms.py:81
+#: pyaggr3g470r/forms.py:88
msgid "Check for updates"
msgstr ""
-#: pyaggr3g470r/forms.py:82 pyaggr3g470r/forms.py:97
+#: pyaggr3g470r/forms.py:89 pyaggr3g470r/forms.py:104
msgid "Save"
msgstr ""
@@ -189,11 +201,11 @@ msgid "Feed"
msgstr ""
#: pyaggr3g470r/views.py:581 pyaggr3g470r/views.py:637
-#: pyaggr3g470r/views.py:695
+#: pyaggr3g470r/views.py:697
msgid "successfully updated."
msgstr ""
-#: pyaggr3g470r/views.py:593 pyaggr3g470r/views.py:706
+#: pyaggr3g470r/views.py:593 pyaggr3g470r/views.py:707
msgid "successfully created."
msgstr ""
@@ -209,12 +221,12 @@ msgstr ""
msgid "Add a feed"
msgstr ""
-#: pyaggr3g470r/views.py:619 pyaggr3g470r/views.py:746
+#: pyaggr3g470r/views.py:619 pyaggr3g470r/views.py:747
msgid "successfully deleted."
msgstr ""
-#: pyaggr3g470r/views.py:637 pyaggr3g470r/views.py:695
-#: pyaggr3g470r/views.py:706 pyaggr3g470r/views.py:746
+#: pyaggr3g470r/views.py:637 pyaggr3g470r/views.py:697
+#: pyaggr3g470r/views.py:707 pyaggr3g470r/views.py:747
msgid "User"
msgstr ""
@@ -222,16 +234,16 @@ msgstr ""
msgid "Your account has been deleted."
msgstr ""
-#: pyaggr3g470r/views.py:658 pyaggr3g470r/views.py:732
-#: pyaggr3g470r/views.py:748
+#: pyaggr3g470r/views.py:658 pyaggr3g470r/views.py:733
+#: pyaggr3g470r/views.py:749
msgid "This user does not exist."
msgstr ""
-#: pyaggr3g470r/views.py:715
+#: pyaggr3g470r/views.py:716
msgid "Edit the user"
msgstr ""
-#: pyaggr3g470r/views.py:718 pyaggr3g470r/templates/admin/dashboard.html:35
+#: pyaggr3g470r/views.py:719 pyaggr3g470r/templates/admin/dashboard.html:35
msgid "Add a new user"
msgstr ""
@@ -475,14 +487,6 @@ msgstr ""
msgid "Your Password"
msgstr ""
-#: pyaggr3g470r/templates/login.html:30
-msgid "Account creation"
-msgstr ""
-
-#: pyaggr3g470r/templates/login.html:30
-msgid "Request an account."
-msgstr ""
-
#: pyaggr3g470r/templates/management.html:5
msgid "Your subscriptions"
msgstr ""
diff --git a/pyaggr3g470r/forms.py b/pyaggr3g470r/forms.py
index 6a11362c..61cd4c2a 100644
--- a/pyaggr3g470r/forms.py
+++ b/pyaggr3g470r/forms.py
@@ -30,6 +30,7 @@ from flask import flash
from flask.ext.wtf import Form
from flask.ext.babel import lazy_gettext
from wtforms import TextField, TextAreaField, PasswordField, BooleanField, SubmitField, validators
+from flask.ext.wtf.html5 import EmailField
from flask_wtf import RecaptchaField
from pyaggr3g470r.models import User
@@ -37,8 +38,8 @@ from pyaggr3g470r.models import User
class SignupForm(Form):
firstname = TextField(lazy_gettext("First name"), [validators.Required(lazy_gettext("Please enter your first name."))])
lastname = TextField(lazy_gettext("Last name"), [validators.Required(lazy_gettext("Please enter your last name."))])
- email = TextField(lazy_gettext("Email"), [validators.Required(lazy_gettext("Please enter your email."))])
- password = PasswordField(lazy_gettext("Password"))
+ email = EmailField(lazy_gettext("Email"), [validators.Length(min=6, max=35), validators.Required(lazy_gettext("Please enter your email."))])
+ password = PasswordField(lazy_gettext("Password"), [validators.Required(lazy_gettext("Please enter a password.")), validators.Length(min=6, max=100)])
recaptcha = RecaptchaField()
submit = SubmitField(lazy_gettext("Sign up"))
@@ -48,14 +49,20 @@ class SignupForm(Form):
def validate(self):
if not Form.validate(self):
return False
+ if self.firstname.data != User.make_valid_nickname(self.firstname.data):
+ self.firstname.errors.append(lazy_gettext('This firstname has invalid characters. Please use letters, numbers, dots and underscores only.'))
+ return False
+ if self.lastname.data != User.make_valid_nickname(self.lastname.data):
+ self.lastname.errors.append(lazy_gettext('This lastname has invalid characters. Please use letters, numbers, dots and underscores only.'))
+ return False
return True
class SigninForm(Form):
"""
Sign in form.
"""
- email = TextField("Email", [validators.Required(lazy_gettext("Please enter your email address."))])
- password = PasswordField(lazy_gettext('Password'), [validators.Required(lazy_gettext("Please enter a password."))])
+ email = EmailField("Email", [validators.Length(min=6, max=35), validators.Required(lazy_gettext("Please enter your email address."))])
+ password = PasswordField(lazy_gettext('Password'), [validators.Required(lazy_gettext("Please enter a password.")), validators.Length(min=6, max=100)])
submit = SubmitField(lazy_gettext("Log In"))
def __init__(self, *args, **kwargs):
@@ -92,8 +99,8 @@ class AddFeedForm(Form):
class ProfileForm(Form):
firstname = TextField(lazy_gettext("First name"), [validators.Required(lazy_gettext("Please enter your first name."))])
lastname = TextField(lazy_gettext("Last name"), [validators.Required(lazy_gettext("Please enter your last name."))])
- email = TextField(lazy_gettext("Email"), [validators.Required(lazy_gettext("Please enter your email."))])
- password = PasswordField(lazy_gettext("Password"))
+ email = EmailField(lazy_gettext("Email"), [validators.Length(min=6, max=35), validators.Required(lazy_gettext("Please enter your email."))])
+ password = PasswordField(lazy_gettext("Password"), [validators.Length(min=6, max=100)])
submit = SubmitField(lazy_gettext("Save"))
def __init__(self, *args, **kwargs):
@@ -102,4 +109,10 @@ class ProfileForm(Form):
def validate(self):
if not Form.validate(self):
return False
+ if self.firstname.data != User.make_valid_nickname(self.firstname.data):
+ self.firstname.errors.append(lazy_gettext('This firstname has invalid characters. Please use letters, numbers, dots and underscores only.'))
+ return False
+ if self.lastname.data != User.make_valid_nickname(self.lastname.data):
+ self.lastname.errors.append(lazy_gettext('This lastname has invalid characters. Please use letters, numbers, dots and underscores only.'))
+ return False
return True
diff --git a/pyaggr3g470r/models.py b/pyaggr3g470r/models.py
index 6c6df180..dcbe221c 100644
--- a/pyaggr3g470r/models.py
+++ b/pyaggr3g470r/models.py
@@ -26,6 +26,7 @@ __revision__ = "$Date: 2014/04/12 $"
__copyright__ = "Copyright (c) Cedric Bonhomme"
__license__ = "GPLv3"
+import re
import json
from datetime import datetime
from sqlalchemy import asc, desc
@@ -48,6 +49,10 @@ class User(db.Model, UserMixin):
last_seen = db.Column(db.DateTime(), default=datetime.now)
feeds = db.relationship('Feed', backref = 'subscriber', lazy = 'dynamic', cascade='all,delete-orphan')
+ @staticmethod
+ def make_valid_nickname(nickname):
+ return re.sub('[^a-zA-Z0-9_\.\-]', '', nickname)
+
def get_id(self):
"""
Return the id (email) of the user.
diff --git a/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.mo b/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.mo
index b1ecc508..930ffe2a 100644
--- a/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.mo
+++ b/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.mo
Binary files differ
diff --git a/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.po b/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.po
index ff548119..eac8cfe2 100644
--- a/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.po
+++ b/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.po
@@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: PROJECT VERSION\n"
"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
-"POT-Creation-Date: 2014-05-05 12:19+0200\n"
-"PO-Revision-Date: 2014-05-05 12:20+0100\n"
+"POT-Creation-Date: 2014-05-05 13:39+0200\n"
+"PO-Revision-Date: 2014-05-05 13:39+0100\n"
"Last-Translator: Cédric Bonhomme <cedric@cedricbonhomme.org>\n"
"Language-Team: fr <LL@li.org>\n"
"Language: fr\n"
@@ -19,84 +19,100 @@ msgstr ""
"Generated-By: Babel 1.3\n"
"X-Generator: Poedit 1.5.4\n"
-#: pyaggr3g470r/forms.py:38 pyaggr3g470r/forms.py:93
+#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:100
msgid "First name"
msgstr "Prénom"
-#: pyaggr3g470r/forms.py:38 pyaggr3g470r/forms.py:93
+#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:100
msgid "Please enter your first name."
msgstr "S'il vous plaît, entrez votre prénom."
-#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:94
+#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:101
msgid "Last name"
msgstr "Nom de famille"
-#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:94
+#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:101
msgid "Please enter your last name."
msgstr "S'il vous plaît, entrez votre nom de famille."
-#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:95
+#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:102
#: pyaggr3g470r/templates/admin/dashboard.html:14
msgid "Email"
msgstr "Email"
-#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:95
+#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:102
msgid "Please enter your email."
msgstr "S'il vous plaît, entrez votre email."
-#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:58 pyaggr3g470r/forms.py:96
+#: pyaggr3g470r/forms.py:42 pyaggr3g470r/forms.py:65 pyaggr3g470r/forms.py:103
msgid "Password"
msgstr "Mot de passe"
-#: pyaggr3g470r/forms.py:43
+#: pyaggr3g470r/forms.py:42 pyaggr3g470r/forms.py:65
+msgid "Please enter a password."
+msgstr "S'il vous plaît entrer un mot de passe."
+
+#: pyaggr3g470r/forms.py:44 pyaggr3g470r/templates/login.html:29
msgid "Sign up"
msgstr "S'inscrire"
-#: pyaggr3g470r/forms.py:57
+#: pyaggr3g470r/forms.py:53 pyaggr3g470r/forms.py:113
+msgid ""
+"This firstname has invalid characters. Please use letters, numbers, dots and "
+"underscores only."
+msgstr ""
+"Ce prénom a des caractères non valides. S'il vous plaît utiliser des "
+"lettres, des chiffres, des points et '_' seulement."
+
+#: pyaggr3g470r/forms.py:56 pyaggr3g470r/forms.py:116
+msgid ""
+"This lastname has invalid characters. Please use letters, numbers, dots and "
+"underscores only."
+msgstr ""
+"Ce nom de famille a des caractères non valides. S'il vous plaît utiliser des "
+"lettres, des chiffres, des points et '_' seulement."
+
+#: pyaggr3g470r/forms.py:64
msgid "Please enter your email address."
msgstr "S'il vous plaît, entrez votre adresse email."
-#: pyaggr3g470r/forms.py:58
-msgid "Please enter a password."
-msgstr "S'il vous plaît entrer un mot de passe."
-
-#: pyaggr3g470r/forms.py:59 pyaggr3g470r/templates/login.html:5
+#: pyaggr3g470r/forms.py:66 pyaggr3g470r/templates/login.html:5
msgid "Log In"
msgstr "Connexion"
-#: pyaggr3g470r/forms.py:72
+#: pyaggr3g470r/forms.py:79
msgid "Invalid email or password"
msgstr "E-mail ou mot de passe invalide"
-#: pyaggr3g470r/forms.py:77 pyaggr3g470r/templates/feeds.html:11
+#: pyaggr3g470r/forms.py:84 pyaggr3g470r/templates/feeds.html:11
msgid "Title"
msgstr "Titre"
-#: pyaggr3g470r/forms.py:77
+#: pyaggr3g470r/forms.py:84
msgid "Please enter a title."
msgstr "S'il vous plaît, entrez un titre."
-#: pyaggr3g470r/forms.py:78 pyaggr3g470r/templates/admin/user.html:30
+#: pyaggr3g470r/forms.py:85 pyaggr3g470r/templates/admin/user.html:30
msgid "Feed link"
msgstr "Lien du flux"
-#: pyaggr3g470r/forms.py:78
+#: pyaggr3g470r/forms.py:85
msgid "Please enter a link for the feed."
msgstr "S'il vous plaît, entrez un lien pour le flux."
-#: pyaggr3g470r/forms.py:79 pyaggr3g470r/templates/admin/user.html:31
+#: pyaggr3g470r/forms.py:86 pyaggr3g470r/templates/admin/user.html:31
msgid "Site link"
msgstr "Lien du site"
-#: pyaggr3g470r/forms.py:80
+#: pyaggr3g470r/forms.py:87
msgid "Email notification"
msgstr "Notification par email"
-#: pyaggr3g470r/forms.py:81
+#: pyaggr3g470r/forms.py:88
msgid "Check for updates"
msgstr "Vérifier les mises à jour"
-#: pyaggr3g470r/forms.py:82 pyaggr3g470r/forms.py:97
+#: pyaggr3g470r/forms.py:89 pyaggr3g470r/forms.py:104
msgid "Save"
msgstr "Sauver"
@@ -191,11 +207,11 @@ msgid "Feed"
msgstr "Flux"
#: pyaggr3g470r/views.py:581 pyaggr3g470r/views.py:637
-#: pyaggr3g470r/views.py:695
+#: pyaggr3g470r/views.py:697
msgid "successfully updated."
msgstr "mis à jour avec succès."
-#: pyaggr3g470r/views.py:593 pyaggr3g470r/views.py:706
+#: pyaggr3g470r/views.py:593 pyaggr3g470r/views.py:707
msgid "successfully created."
msgstr "créé avec succès."
@@ -211,12 +227,12 @@ msgstr "Éditez ce flux"
msgid "Add a feed"
msgstr "Ajouter un flux"
-#: pyaggr3g470r/views.py:619 pyaggr3g470r/views.py:746
+#: pyaggr3g470r/views.py:619 pyaggr3g470r/views.py:747
msgid "successfully deleted."
msgstr "supprimé avec succès."
-#: pyaggr3g470r/views.py:637 pyaggr3g470r/views.py:695
-#: pyaggr3g470r/views.py:706 pyaggr3g470r/views.py:746
+#: pyaggr3g470r/views.py:637 pyaggr3g470r/views.py:697
+#: pyaggr3g470r/views.py:707 pyaggr3g470r/views.py:747
msgid "User"
msgstr "Utilisateur"
@@ -224,16 +240,16 @@ msgstr "Utilisateur"
msgid "Your account has been deleted."
msgstr "Votre compte a été supprimé."
-#: pyaggr3g470r/views.py:658 pyaggr3g470r/views.py:732
-#: pyaggr3g470r/views.py:748
+#: pyaggr3g470r/views.py:658 pyaggr3g470r/views.py:733
+#: pyaggr3g470r/views.py:749
msgid "This user does not exist."
msgstr "Cet utilisateur n'existe pas."
-#: pyaggr3g470r/views.py:715
+#: pyaggr3g470r/views.py:716
msgid "Edit the user"
msgstr "Éditer cet utilisateur"
-#: pyaggr3g470r/views.py:718 pyaggr3g470r/templates/admin/dashboard.html:35
+#: pyaggr3g470r/views.py:719 pyaggr3g470r/templates/admin/dashboard.html:35
msgid "Add a new user"
msgstr "Ajouter un nouvel utilisateur"
@@ -482,14 +498,6 @@ msgstr "Votre email"
msgid "Your Password"
msgstr "Votre mot de passe"
-#: pyaggr3g470r/templates/login.html:30
-msgid "Account creation"
-msgstr "Ouverture de compte"
-
-#: pyaggr3g470r/templates/login.html:30
-msgid "Request an account."
-msgstr "Demander un compte."
-
#: pyaggr3g470r/templates/management.html:5
msgid "Your subscriptions"
msgstr "Vos abonnements"
@@ -629,3 +637,9 @@ msgstr "Nombre d'articles"
#: pyaggr3g470r/templates/admin/user.html:53
msgid "Add a new feed"
msgstr "Ajouter un flux"
+
+#~ msgid "Account creation"
+#~ msgstr "Ouverture de compte"
+
+#~ msgid "Request an account."
+#~ msgstr "Demander un compte."
bgstack15