diff options
author | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2014-05-05 13:40:39 +0200 |
---|---|---|
committer | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2014-05-05 13:40:39 +0200 |
commit | 9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea (patch) | |
tree | 7de83599fb3a24632f1fc78735b573ec49bf31c4 | |
parent | Fixed a security problem. (diff) | |
download | newspipe-9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea.tar.gz newspipe-9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea.tar.bz2 newspipe-9fd38b735abb6d5485a9e34c8c330a0a7d9cbeea.zip |
Improved forms validation.
-rw-r--r-- | messages.pot | 84 | ||||
-rw-r--r-- | pyaggr3g470r/forms.py | 25 | ||||
-rw-r--r-- | pyaggr3g470r/models.py | 5 | ||||
-rw-r--r-- | pyaggr3g470r/translations/fr/LC_MESSAGES/messages.mo | bin | 9531 -> 9898 bytes | |||
-rw-r--r-- | pyaggr3g470r/translations/fr/LC_MESSAGES/messages.po | 98 |
5 files changed, 124 insertions, 88 deletions
diff --git a/messages.pot b/messages.pot index 5bdf75f6..a2295726 100644 --- a/messages.pot +++ b/messages.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PROJECT VERSION\n" "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2014-05-05 12:19+0200\n" +"POT-Creation-Date: 2014-05-05 13:39+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -17,84 +17,96 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Generated-By: Babel 1.3\n" -#: pyaggr3g470r/forms.py:38 pyaggr3g470r/forms.py:93 +#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:100 msgid "First name" msgstr "" -#: pyaggr3g470r/forms.py:38 pyaggr3g470r/forms.py:93 +#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:100 msgid "Please enter your first name." msgstr "" -#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:94 +#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:101 msgid "Last name" msgstr "" -#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:94 +#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:101 msgid "Please enter your last name." msgstr "" -#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:95 +#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:102 #: pyaggr3g470r/templates/admin/dashboard.html:14 msgid "Email" msgstr "" -#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:95 +#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:102 msgid "Please enter your email." msgstr "" -#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:58 pyaggr3g470r/forms.py:96 +#: pyaggr3g470r/forms.py:42 pyaggr3g470r/forms.py:65 pyaggr3g470r/forms.py:103 msgid "Password" msgstr "" -#: pyaggr3g470r/forms.py:43 +#: pyaggr3g470r/forms.py:42 pyaggr3g470r/forms.py:65 +msgid "Please enter a password." +msgstr "" + +#: pyaggr3g470r/forms.py:44 pyaggr3g470r/templates/login.html:29 msgid "Sign up" msgstr "" -#: pyaggr3g470r/forms.py:57 -msgid "Please enter your email address." +#: pyaggr3g470r/forms.py:53 pyaggr3g470r/forms.py:113 +msgid "" +"This firstname has invalid characters. Please use letters, numbers, dots " +"and underscores only." msgstr "" -#: pyaggr3g470r/forms.py:58 -msgid "Please enter a password." +#: pyaggr3g470r/forms.py:56 pyaggr3g470r/forms.py:116 +msgid "" +"This lastname has invalid characters. Please use letters, numbers, dots " +"and underscores only." msgstr "" -#: pyaggr3g470r/forms.py:59 pyaggr3g470r/templates/login.html:5 +#: pyaggr3g470r/forms.py:64 +msgid "Please enter your email address." +msgstr "" + +#: pyaggr3g470r/forms.py:66 pyaggr3g470r/templates/login.html:5 msgid "Log In" msgstr "" -#: pyaggr3g470r/forms.py:72 +#: pyaggr3g470r/forms.py:79 msgid "Invalid email or password" msgstr "" -#: pyaggr3g470r/forms.py:77 pyaggr3g470r/templates/feeds.html:11 +#: pyaggr3g470r/forms.py:84 pyaggr3g470r/templates/feeds.html:11 msgid "Title" msgstr "" -#: pyaggr3g470r/forms.py:77 +#: pyaggr3g470r/forms.py:84 msgid "Please enter a title." msgstr "" -#: pyaggr3g470r/forms.py:78 pyaggr3g470r/templates/admin/user.html:30 +#: pyaggr3g470r/forms.py:85 pyaggr3g470r/templates/admin/user.html:30 msgid "Feed link" msgstr "" -#: pyaggr3g470r/forms.py:78 +#: pyaggr3g470r/forms.py:85 msgid "Please enter a link for the feed." msgstr "" -#: pyaggr3g470r/forms.py:79 pyaggr3g470r/templates/admin/user.html:31 +#: pyaggr3g470r/forms.py:86 pyaggr3g470r/templates/admin/user.html:31 msgid "Site link" msgstr "" -#: pyaggr3g470r/forms.py:80 +#: pyaggr3g470r/forms.py:87 msgid "Email notification" msgstr "" -#: pyaggr3g470r/forms.py:81 +#: pyaggr3g470r/forms.py:88 msgid "Check for updates" msgstr "" -#: pyaggr3g470r/forms.py:82 pyaggr3g470r/forms.py:97 +#: pyaggr3g470r/forms.py:89 pyaggr3g470r/forms.py:104 msgid "Save" msgstr "" @@ -189,11 +201,11 @@ msgid "Feed" msgstr "" #: pyaggr3g470r/views.py:581 pyaggr3g470r/views.py:637 -#: pyaggr3g470r/views.py:695 +#: pyaggr3g470r/views.py:697 msgid "successfully updated." msgstr "" -#: pyaggr3g470r/views.py:593 pyaggr3g470r/views.py:706 +#: pyaggr3g470r/views.py:593 pyaggr3g470r/views.py:707 msgid "successfully created." msgstr "" @@ -209,12 +221,12 @@ msgstr "" msgid "Add a feed" msgstr "" -#: pyaggr3g470r/views.py:619 pyaggr3g470r/views.py:746 +#: pyaggr3g470r/views.py:619 pyaggr3g470r/views.py:747 msgid "successfully deleted." msgstr "" -#: pyaggr3g470r/views.py:637 pyaggr3g470r/views.py:695 -#: pyaggr3g470r/views.py:706 pyaggr3g470r/views.py:746 +#: pyaggr3g470r/views.py:637 pyaggr3g470r/views.py:697 +#: pyaggr3g470r/views.py:707 pyaggr3g470r/views.py:747 msgid "User" msgstr "" @@ -222,16 +234,16 @@ msgstr "" msgid "Your account has been deleted." msgstr "" -#: pyaggr3g470r/views.py:658 pyaggr3g470r/views.py:732 -#: pyaggr3g470r/views.py:748 +#: pyaggr3g470r/views.py:658 pyaggr3g470r/views.py:733 +#: pyaggr3g470r/views.py:749 msgid "This user does not exist." msgstr "" -#: pyaggr3g470r/views.py:715 +#: pyaggr3g470r/views.py:716 msgid "Edit the user" msgstr "" -#: pyaggr3g470r/views.py:718 pyaggr3g470r/templates/admin/dashboard.html:35 +#: pyaggr3g470r/views.py:719 pyaggr3g470r/templates/admin/dashboard.html:35 msgid "Add a new user" msgstr "" @@ -475,14 +487,6 @@ msgstr "" msgid "Your Password" msgstr "" -#: pyaggr3g470r/templates/login.html:30 -msgid "Account creation" -msgstr "" - -#: pyaggr3g470r/templates/login.html:30 -msgid "Request an account." -msgstr "" - #: pyaggr3g470r/templates/management.html:5 msgid "Your subscriptions" msgstr "" diff --git a/pyaggr3g470r/forms.py b/pyaggr3g470r/forms.py index 6a11362c..61cd4c2a 100644 --- a/pyaggr3g470r/forms.py +++ b/pyaggr3g470r/forms.py @@ -30,6 +30,7 @@ from flask import flash from flask.ext.wtf import Form from flask.ext.babel import lazy_gettext from wtforms import TextField, TextAreaField, PasswordField, BooleanField, SubmitField, validators +from flask.ext.wtf.html5 import EmailField from flask_wtf import RecaptchaField from pyaggr3g470r.models import User @@ -37,8 +38,8 @@ from pyaggr3g470r.models import User class SignupForm(Form): firstname = TextField(lazy_gettext("First name"), [validators.Required(lazy_gettext("Please enter your first name."))]) lastname = TextField(lazy_gettext("Last name"), [validators.Required(lazy_gettext("Please enter your last name."))]) - email = TextField(lazy_gettext("Email"), [validators.Required(lazy_gettext("Please enter your email."))]) - password = PasswordField(lazy_gettext("Password")) + email = EmailField(lazy_gettext("Email"), [validators.Length(min=6, max=35), validators.Required(lazy_gettext("Please enter your email."))]) + password = PasswordField(lazy_gettext("Password"), [validators.Required(lazy_gettext("Please enter a password.")), validators.Length(min=6, max=100)]) recaptcha = RecaptchaField() submit = SubmitField(lazy_gettext("Sign up")) @@ -48,14 +49,20 @@ class SignupForm(Form): def validate(self): if not Form.validate(self): return False + if self.firstname.data != User.make_valid_nickname(self.firstname.data): + self.firstname.errors.append(lazy_gettext('This firstname has invalid characters. Please use letters, numbers, dots and underscores only.')) + return False + if self.lastname.data != User.make_valid_nickname(self.lastname.data): + self.lastname.errors.append(lazy_gettext('This lastname has invalid characters. Please use letters, numbers, dots and underscores only.')) + return False return True class SigninForm(Form): """ Sign in form. """ - email = TextField("Email", [validators.Required(lazy_gettext("Please enter your email address."))]) - password = PasswordField(lazy_gettext('Password'), [validators.Required(lazy_gettext("Please enter a password."))]) + email = EmailField("Email", [validators.Length(min=6, max=35), validators.Required(lazy_gettext("Please enter your email address."))]) + password = PasswordField(lazy_gettext('Password'), [validators.Required(lazy_gettext("Please enter a password.")), validators.Length(min=6, max=100)]) submit = SubmitField(lazy_gettext("Log In")) def __init__(self, *args, **kwargs): @@ -92,8 +99,8 @@ class AddFeedForm(Form): class ProfileForm(Form): firstname = TextField(lazy_gettext("First name"), [validators.Required(lazy_gettext("Please enter your first name."))]) lastname = TextField(lazy_gettext("Last name"), [validators.Required(lazy_gettext("Please enter your last name."))]) - email = TextField(lazy_gettext("Email"), [validators.Required(lazy_gettext("Please enter your email."))]) - password = PasswordField(lazy_gettext("Password")) + email = EmailField(lazy_gettext("Email"), [validators.Length(min=6, max=35), validators.Required(lazy_gettext("Please enter your email."))]) + password = PasswordField(lazy_gettext("Password"), [validators.Length(min=6, max=100)]) submit = SubmitField(lazy_gettext("Save")) def __init__(self, *args, **kwargs): @@ -102,4 +109,10 @@ class ProfileForm(Form): def validate(self): if not Form.validate(self): return False + if self.firstname.data != User.make_valid_nickname(self.firstname.data): + self.firstname.errors.append(lazy_gettext('This firstname has invalid characters. Please use letters, numbers, dots and underscores only.')) + return False + if self.lastname.data != User.make_valid_nickname(self.lastname.data): + self.lastname.errors.append(lazy_gettext('This lastname has invalid characters. Please use letters, numbers, dots and underscores only.')) + return False return True diff --git a/pyaggr3g470r/models.py b/pyaggr3g470r/models.py index 6c6df180..dcbe221c 100644 --- a/pyaggr3g470r/models.py +++ b/pyaggr3g470r/models.py @@ -26,6 +26,7 @@ __revision__ = "$Date: 2014/04/12 $" __copyright__ = "Copyright (c) Cedric Bonhomme" __license__ = "GPLv3" +import re import json from datetime import datetime from sqlalchemy import asc, desc @@ -48,6 +49,10 @@ class User(db.Model, UserMixin): last_seen = db.Column(db.DateTime(), default=datetime.now) feeds = db.relationship('Feed', backref = 'subscriber', lazy = 'dynamic', cascade='all,delete-orphan') + @staticmethod + def make_valid_nickname(nickname): + return re.sub('[^a-zA-Z0-9_\.\-]', '', nickname) + def get_id(self): """ Return the id (email) of the user. diff --git a/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.mo b/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.mo Binary files differindex b1ecc508..930ffe2a 100644 --- a/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.mo +++ b/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.mo diff --git a/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.po b/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.po index ff548119..eac8cfe2 100644 --- a/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.po +++ b/pyaggr3g470r/translations/fr/LC_MESSAGES/messages.po @@ -7,8 +7,8 @@ msgid "" msgstr "" "Project-Id-Version: PROJECT VERSION\n" "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2014-05-05 12:19+0200\n" -"PO-Revision-Date: 2014-05-05 12:20+0100\n" +"POT-Creation-Date: 2014-05-05 13:39+0200\n" +"PO-Revision-Date: 2014-05-05 13:39+0100\n" "Last-Translator: Cédric Bonhomme <cedric@cedricbonhomme.org>\n" "Language-Team: fr <LL@li.org>\n" "Language: fr\n" @@ -19,84 +19,100 @@ msgstr "" "Generated-By: Babel 1.3\n" "X-Generator: Poedit 1.5.4\n" -#: pyaggr3g470r/forms.py:38 pyaggr3g470r/forms.py:93 +#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:100 msgid "First name" msgstr "Prénom" -#: pyaggr3g470r/forms.py:38 pyaggr3g470r/forms.py:93 +#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:100 msgid "Please enter your first name." msgstr "S'il vous plaît, entrez votre prénom." -#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:94 +#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:101 msgid "Last name" msgstr "Nom de famille" -#: pyaggr3g470r/forms.py:39 pyaggr3g470r/forms.py:94 +#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:101 msgid "Please enter your last name." msgstr "S'il vous plaît, entrez votre nom de famille." -#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:95 +#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:102 #: pyaggr3g470r/templates/admin/dashboard.html:14 msgid "Email" msgstr "Email" -#: pyaggr3g470r/forms.py:40 pyaggr3g470r/forms.py:95 +#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:102 msgid "Please enter your email." msgstr "S'il vous plaît, entrez votre email." -#: pyaggr3g470r/forms.py:41 pyaggr3g470r/forms.py:58 pyaggr3g470r/forms.py:96 +#: pyaggr3g470r/forms.py:42 pyaggr3g470r/forms.py:65 pyaggr3g470r/forms.py:103 msgid "Password" msgstr "Mot de passe" -#: pyaggr3g470r/forms.py:43 +#: pyaggr3g470r/forms.py:42 pyaggr3g470r/forms.py:65 +msgid "Please enter a password." +msgstr "S'il vous plaît entrer un mot de passe." + +#: pyaggr3g470r/forms.py:44 pyaggr3g470r/templates/login.html:29 msgid "Sign up" msgstr "S'inscrire" -#: pyaggr3g470r/forms.py:57 +#: pyaggr3g470r/forms.py:53 pyaggr3g470r/forms.py:113 +msgid "" +"This firstname has invalid characters. Please use letters, numbers, dots and " +"underscores only." +msgstr "" +"Ce prénom a des caractères non valides. S'il vous plaît utiliser des " +"lettres, des chiffres, des points et '_' seulement." + +#: pyaggr3g470r/forms.py:56 pyaggr3g470r/forms.py:116 +msgid "" +"This lastname has invalid characters. Please use letters, numbers, dots and " +"underscores only." +msgstr "" +"Ce nom de famille a des caractères non valides. S'il vous plaît utiliser des " +"lettres, des chiffres, des points et '_' seulement." + +#: pyaggr3g470r/forms.py:64 msgid "Please enter your email address." msgstr "S'il vous plaît, entrez votre adresse email." -#: pyaggr3g470r/forms.py:58 -msgid "Please enter a password." -msgstr "S'il vous plaît entrer un mot de passe." - -#: pyaggr3g470r/forms.py:59 pyaggr3g470r/templates/login.html:5 +#: pyaggr3g470r/forms.py:66 pyaggr3g470r/templates/login.html:5 msgid "Log In" msgstr "Connexion" -#: pyaggr3g470r/forms.py:72 +#: pyaggr3g470r/forms.py:79 msgid "Invalid email or password" msgstr "E-mail ou mot de passe invalide" -#: pyaggr3g470r/forms.py:77 pyaggr3g470r/templates/feeds.html:11 +#: pyaggr3g470r/forms.py:84 pyaggr3g470r/templates/feeds.html:11 msgid "Title" msgstr "Titre" -#: pyaggr3g470r/forms.py:77 +#: pyaggr3g470r/forms.py:84 msgid "Please enter a title." msgstr "S'il vous plaît, entrez un titre." -#: pyaggr3g470r/forms.py:78 pyaggr3g470r/templates/admin/user.html:30 +#: pyaggr3g470r/forms.py:85 pyaggr3g470r/templates/admin/user.html:30 msgid "Feed link" msgstr "Lien du flux" -#: pyaggr3g470r/forms.py:78 +#: pyaggr3g470r/forms.py:85 msgid "Please enter a link for the feed." msgstr "S'il vous plaît, entrez un lien pour le flux." -#: pyaggr3g470r/forms.py:79 pyaggr3g470r/templates/admin/user.html:31 +#: pyaggr3g470r/forms.py:86 pyaggr3g470r/templates/admin/user.html:31 msgid "Site link" msgstr "Lien du site" -#: pyaggr3g470r/forms.py:80 +#: pyaggr3g470r/forms.py:87 msgid "Email notification" msgstr "Notification par email" -#: pyaggr3g470r/forms.py:81 +#: pyaggr3g470r/forms.py:88 msgid "Check for updates" msgstr "Vérifier les mises à jour" -#: pyaggr3g470r/forms.py:82 pyaggr3g470r/forms.py:97 +#: pyaggr3g470r/forms.py:89 pyaggr3g470r/forms.py:104 msgid "Save" msgstr "Sauver" @@ -191,11 +207,11 @@ msgid "Feed" msgstr "Flux" #: pyaggr3g470r/views.py:581 pyaggr3g470r/views.py:637 -#: pyaggr3g470r/views.py:695 +#: pyaggr3g470r/views.py:697 msgid "successfully updated." msgstr "mis à jour avec succès." -#: pyaggr3g470r/views.py:593 pyaggr3g470r/views.py:706 +#: pyaggr3g470r/views.py:593 pyaggr3g470r/views.py:707 msgid "successfully created." msgstr "créé avec succès." @@ -211,12 +227,12 @@ msgstr "Éditez ce flux" msgid "Add a feed" msgstr "Ajouter un flux" -#: pyaggr3g470r/views.py:619 pyaggr3g470r/views.py:746 +#: pyaggr3g470r/views.py:619 pyaggr3g470r/views.py:747 msgid "successfully deleted." msgstr "supprimé avec succès." -#: pyaggr3g470r/views.py:637 pyaggr3g470r/views.py:695 -#: pyaggr3g470r/views.py:706 pyaggr3g470r/views.py:746 +#: pyaggr3g470r/views.py:637 pyaggr3g470r/views.py:697 +#: pyaggr3g470r/views.py:707 pyaggr3g470r/views.py:747 msgid "User" msgstr "Utilisateur" @@ -224,16 +240,16 @@ msgstr "Utilisateur" msgid "Your account has been deleted." msgstr "Votre compte a été supprimé." -#: pyaggr3g470r/views.py:658 pyaggr3g470r/views.py:732 -#: pyaggr3g470r/views.py:748 +#: pyaggr3g470r/views.py:658 pyaggr3g470r/views.py:733 +#: pyaggr3g470r/views.py:749 msgid "This user does not exist." msgstr "Cet utilisateur n'existe pas." -#: pyaggr3g470r/views.py:715 +#: pyaggr3g470r/views.py:716 msgid "Edit the user" msgstr "Éditer cet utilisateur" -#: pyaggr3g470r/views.py:718 pyaggr3g470r/templates/admin/dashboard.html:35 +#: pyaggr3g470r/views.py:719 pyaggr3g470r/templates/admin/dashboard.html:35 msgid "Add a new user" msgstr "Ajouter un nouvel utilisateur" @@ -482,14 +498,6 @@ msgstr "Votre email" msgid "Your Password" msgstr "Votre mot de passe" -#: pyaggr3g470r/templates/login.html:30 -msgid "Account creation" -msgstr "Ouverture de compte" - -#: pyaggr3g470r/templates/login.html:30 -msgid "Request an account." -msgstr "Demander un compte." - #: pyaggr3g470r/templates/management.html:5 msgid "Your subscriptions" msgstr "Vos abonnements" @@ -629,3 +637,9 @@ msgstr "Nombre d'articles" #: pyaggr3g470r/templates/admin/user.html:53 msgid "Add a new feed" msgstr "Ajouter un flux" + +#~ msgid "Account creation" +#~ msgstr "Ouverture de compte" + +#~ msgid "Request an account." +#~ msgstr "Demander un compte." |