CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Bleach 6 update (#4610)

Browse Source 
* Update bleach requirement from ==5.0.* to ==6.2.*

Updates the requirements on [bleach](https://github.com/mozilla/bleach) to permit the latest version.
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](https://github.com/mozilla/bleach/compare/v5.0.0...v6.2.0)

---
updated-dependencies:
- dependency-name: bleach
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update bleach parameter types

* Fix tests

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
Mira
2024-11-11 15:34:40 +01:00
committed by GitHub
parent 9ec161561b
commit 3170744c56
8 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pyproject.toml
View File

@@ -29,7 +29,7 @@ dependencies = [
"arabic-reshaper==3.0.0", # Support for Arabic in reportlab "arabic-reshaper==3.0.0", # Support for Arabic in reportlab
"babel", "babel",
"BeautifulSoup4==4.12.*", "BeautifulSoup4==4.12.*",
"bleach==5.0.*", "bleach==6.2.*",
"celery==5.4.*", "celery==5.4.*",
"chardet==5.2.*", "chardet==5.2.*",
"cryptography>=3.4.2", "cryptography>=3.4.2",

4
src/pretix/base/invoice.py
View File

@@ -289,7 +289,7 @@ class BaseReportlabInvoiceRenderer(BaseInvoiceRenderer):
def _clean_text(self, text, tags=None): def _clean_text(self, text, tags=None):
return self._normalize(bleach.clean( return self._normalize(bleach.clean(
text, text,
tags=tags or [] tags=set(tags) if tags else set()
).strip().replace('<br>', '<br />').replace('\n', '<br />\n')) ).strip().replace('<br>', '<br />').replace('\n', '<br />\n'))
@@ -461,7 +461,7 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
def _draw_event(self, canvas): def _draw_event(self, canvas):
def shorten(txt): def shorten(txt):
txt = str(txt) txt = str(txt)
txt = bleach.clean(txt, tags=[]).strip() txt = bleach.clean(txt, tags=set()).strip()
p = Paragraph(self._normalize(txt.strip().replace('\n', '<br />\n')), style=self.stylesheet['Normal']) p = Paragraph(self._normalize(txt.strip().replace('\n', '<br />\n')), style=self.stylesheet['Normal'])
p_size = p.wrap(self.event_width, self.event_height) p_size = p.wrap(self.event_width, self.event_height)

2
src/pretix/base/settings.py
View File

@@ -550,7 +550,7 @@ DEFAULTS = {
'serializer_class': serializers.BooleanField, 'serializer_class': serializers.BooleanField,
'type': bool, 'type': bool,
'form_kwargs': dict( 'form_kwargs': dict(
label=_("Require a business addresses"), label=_("Require a business address"),
help_text=_('This will require users to enter a company name.'), help_text=_('This will require users to enter a company name.'),
widget=forms.CheckboxInput(attrs={'data-checkbox-dependency': '#id_invoice_address_required'}), widget=forms.CheckboxInput(attrs={'data-checkbox-dependency': '#id_invoice_address_required'}),
) )

16
src/pretix/base/templatetags/rich_text.py
View File

@@ -54,7 +54,7 @@ from tlds import tld_set
register = template.Library() register = template.Library()
ALLOWED_TAGS_SNIPPET = [ ALLOWED_TAGS_SNIPPET = {
'a', 'a',
'abbr', 'abbr',
'acronym', 'acronym',
@@ -68,8 +68,8 @@ ALLOWED_TAGS_SNIPPET = [
'strike', 'strike',
's', 's',
# Update doc/user/markdown.rst if you change this! # Update doc/user/markdown.rst if you change this!
] }
ALLOWED_TAGS = ALLOWED_TAGS_SNIPPET + [ ALLOWED_TAGS = ALLOWED_TAGS_SNIPPET | {
'blockquote', 'blockquote',
'li', 'li',
'ol', 'ol',
@@ -91,7 +91,7 @@ ALLOWED_TAGS = ALLOWED_TAGS_SNIPPET + [
'h6', 'h6',
'pre', 'pre',
# Update doc/user/markdown.rst if you change this! # Update doc/user/markdown.rst if you change this!
] }
ALLOWED_ATTRIBUTES = { ALLOWED_ATTRIBUTES = {
'a': ['href', 'title', 'class'], 'a': ['href', 'title', 'class'],
@@ -106,7 +106,7 @@ ALLOWED_ATTRIBUTES = {
# Update doc/user/markdown.rst if you change this! # Update doc/user/markdown.rst if you change this!
} }
ALLOWED_PROTOCOLS = ['http', 'https', 'mailto', 'tel'] ALLOWED_PROTOCOLS = {'http', 'https', 'mailto', 'tel'}
URL_RE = SimpleLazyObject(lambda: build_url_re(tlds=sorted(tld_set, key=len, reverse=True))) URL_RE = SimpleLazyObject(lambda: build_url_re(tlds=sorted(tld_set, key=len, reverse=True)))
@@ -211,9 +211,9 @@ class CleanPostprocessor(Postprocessor):
def run(self, text): def run(self, text):
return bleach.clean( return bleach.clean(
text, text,
tags=self.tags, tags=set(self.tags),
attributes=self.attributes, attributes=self.attributes,
protocols=self.protocols, protocols=set(self.protocols),
strip=self.strip strip=self.strip
) )
@@ -308,7 +308,7 @@ def markdown_compile_email(source, allowed_tags=ALLOWED_TAGS, allowed_attributes
EmailNl2BrExtension(), EmailNl2BrExtension(),
LinkifyAndCleanExtension( LinkifyAndCleanExtension(
linker, linker,
tags=allowed_tags, tags=set(allowed_tags),
attributes=allowed_attributes, attributes=allowed_attributes,
protocols=ALLOWED_PROTOCOLS, protocols=ALLOWED_PROTOCOLS,
strip=False, strip=False,

2
src/pretix/control/logdisplay.py
View File

@@ -613,7 +613,7 @@ def pretixcontrol_logentry_display(sender: Event, logentry: LogEntry, **kwargs):
if logentry.action_type == 'pretix.event.order.consent': if logentry.action_type == 'pretix.event.order.consent':
return _('The user confirmed the following message: "{}"').format( return _('The user confirmed the following message: "{}"').format(
bleach.clean(logentry.parsed_data.get('msg'), tags=[], strip=True) bleach.clean(logentry.parsed_data.get('msg'), tags=set(), strip=True)
) )
if logentry.action_type == 'pretix.event.order.canceled': if logentry.action_type == 'pretix.event.order.canceled':

6
src/pretix/plugins/checkinlists/exporters.py
View File

@@ -421,7 +421,7 @@ class PDFCheckinList(ReportlabExportMixin, CheckInListMixin, BaseExporter):
) )
if op.seat: if op.seat:
item += '<br/>' + str(op.seat) item += '<br/>' + str(op.seat)
name = bleach.clean(str(name), tags=['br']).strip().replace('<br>', '<br/>') name = bleach.clean(str(name), tags={'br'}).strip().replace('<br>', '<br/>')
if op.blocked: if op.blocked:
name = '<font face="OpenSansBd">[' + _('Blocked') + ']</font> ' + name name = '<font face="OpenSansBd">[' + _('Blocked') + ']</font> ' + name
row = [ row = [
@@ -430,7 +430,7 @@ class PDFCheckinList(ReportlabExportMixin, CheckInListMixin, BaseExporter):
'' if op.order.status != Order.STATUS_PAID else '', '' if op.order.status != Order.STATUS_PAID else '',
op.order.code, op.order.code,
Paragraph(name, self.get_style()), Paragraph(name, self.get_style()),
Paragraph(bleach.clean(str(item), tags=['br']).strip().replace('<br>', '<br/>'), self.get_style()), Paragraph(bleach.clean(str(item), tags={'br'}).strip().replace('<br>', '<br/>'), self.get_style()),
] ]
acache = {} acache = {}
if op.addon_to: if op.addon_to:
@@ -440,7 +440,7 @@ class PDFCheckinList(ReportlabExportMixin, CheckInListMixin, BaseExporter):
acache[a.question_id] = format_answer_for_export(a) acache[a.question_id] = format_answer_for_export(a)
for q in questions: for q in questions:
txt = acache.get(q.pk, '') txt = acache.get(q.pk, '')
txt = bleach.clean(txt, tags=['br']).strip().replace('<br>', '<br/>') txt = bleach.clean(txt, tags={'br'}).strip().replace('<br>', '<br/>')
p = Paragraph(txt, self.get_style()) p = Paragraph(txt, self.get_style())
while p.wrap(colwidths[len(row)], 5000)[1] > 50 * mm: while p.wrap(colwidths[len(row)], 5000)[1] > 50 * mm:
txt = txt[:len(txt) - 50] + "..." txt = txt[:len(txt) - 50] + "..."

6
src/pretix/plugins/sendmail/views.py
View File

@@ -198,7 +198,7 @@ class BaseSenderView(EventPermissionRequiredMixin, FormView):
escape(v.render_sample(self.request.event)) escape(v.render_sample(self.request.event))
) )
subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=[]) subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=set())
preview_subject = prefix_subject(self.request.event, format_map(subject, context_dict), highlight=True) preview_subject = prefix_subject(self.request.event, format_map(subject, context_dict), highlight=True)
message = form.cleaned_data['message'].localize(l) message = form.cleaned_data['message'].localize(l)
preview_text = markdown_compile_email(format_map(message, context_dict)) preview_text = markdown_compile_email(format_map(message, context_dict))
@@ -616,7 +616,7 @@ class CreateRule(EventPermissionRequiredMixin, CreateView):
escape(v.render_sample(self.request.event)) escape(v.render_sample(self.request.event))
) )
subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=[]) subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=set())
preview_subject = prefix_subject(self.request.event, format_map(subject, context_dict), highlight=True) preview_subject = prefix_subject(self.request.event, format_map(subject, context_dict), highlight=True)
template = form.cleaned_data['template'].localize(l) template = form.cleaned_data['template'].localize(l)
preview_text = markdown_compile_email(format_map(template, context_dict)) preview_text = markdown_compile_email(format_map(template, context_dict))
@@ -692,7 +692,7 @@ class UpdateRule(EventPermissionRequiredMixin, UpdateView):
escape(v.render_sample(self.request.event)) escape(v.render_sample(self.request.event))
) )
subject = bleach.clean(self.object.subject.localize(lang), tags=[]) subject = bleach.clean(self.object.subject.localize(lang), tags=set())
preview_subject = prefix_subject(self.request.event, format_map(subject, placeholders), highlight=True) preview_subject = prefix_subject(self.request.event, format_map(subject, placeholders), highlight=True)
template = self.object.template.localize(lang) template = self.object.template.localize(lang)
preview_text = markdown_compile_email(format_map(template, placeholders)) preview_text = markdown_compile_email(format_map(template, placeholders))

2
src/tests/base/test_rich_text.py
View File

@@ -137,7 +137,7 @@ def test_markdown_email_custom_allowlist():
source = "![my image](https://example.org/my-image.jpg)" source = "![my image](https://example.org/my-image.jpg)"
html = markdown_compile_email( html = markdown_compile_email(
source, source,
allowed_tags=ALLOWED_TAGS + ["img"], allowed_tags=ALLOWED_TAGS | {"img"},
allowed_attributes=dict(ALLOWED_ATTRIBUTES, img=["src", "alt", "title"]), allowed_attributes=dict(ALLOWED_ATTRIBUTES, img=["src", "alt", "title"]),
) )
assert html == '<p><img alt="my image" src="https://example.org/my-image.jpg"></p>' assert html == '<p><img alt="my image" src="https://example.org/my-image.jpg"></p>'