Fix #294 -- Blacklist for slug validation (#325)

* Fix #294 - blacklist for slug validation * Fix #294 - blacklist for slug validation * fix for failing test
2016-11-21 10:57:52 +00:00
parent 4820a8423f
commit 9662b956ed
5 changed files with 82 additions and 2 deletions
--- a/src/pretix/base/models/event.py
+++ b/src/pretix/base/models/event.py
@@ -15,6 +15,7 @@ from pretix.base.email import CustomSMTPBackend
 from pretix.base.i18n import I18nCharField
 from pretix.base.models.base import LoggedModel
 from pretix.base.settings import SettingsProxy
+from pretix.base.validators import EventSlugBlacklistValidator

 from .auth import User
 from .organizer import Organizer
@@ -65,7 +66,8 @@ class Event(LoggedModel):
            RegexValidator(
                regex="^[a-zA-Z0-9.-]+$",
                message=_("The slug may only contain letters, numbers, dots and dashes."),
-            )
+            ),
+            EventSlugBlacklistValidator()
        ],
        verbose_name=_("Slug"),
    )
--- a/src/pretix/base/models/organizer.py
+++ b/src/pretix/base/models/organizer.py
@@ -5,6 +5,7 @@ from django.utils.translation import ugettext_lazy as _

 from pretix.base.models.base import LoggedModel
 from pretix.base.settings import SettingsProxy
+from pretix.base.validators import OrganizerSlugBlacklistValidator

 from .auth import User
 from .settings import OrganizerSetting
@@ -34,7 +35,8 @@ class Organizer(LoggedModel):
            RegexValidator(
                regex="^[a-zA-Z0-9.-]+$",
                message=_("The slug may only contain letters, numbers, dots and dashes.")
-            )
+            ),
+            OrganizerSlugBlacklistValidator()
        ],
        verbose_name=_("Slug"),
    )
--- a/src/pretix/base/validators.py
+++ b/src/pretix/base/validators.py
@@ -0,0 +1,48 @@
+from django.core.exceptions import ValidationError
+from django.utils.translation import ugettext_lazy as _
+
+
+class BlacklistValidator:
+
+    blacklist = []
+
+    def __call__(self, value):
+        # Validation logic
+        if value in self.blacklist:
+            raise ValidationError(
+                _('This slug has an invalid value: %(value)s.'),
+                code='invalid',
+                params={'value': value},
+            )
+
+
+class EventSlugBlacklistValidator(BlacklistValidator):
+
+    blacklist = [
+        'download',
+        'healthcheck',
+        'locale',
+        'control',
+        'redirect',
+        'jsi18n',
+        'metrics',
+        '_global',
+        '__debug__'
+    ]
+
+
+class OrganizerSlugBlacklistValidator(BlacklistValidator):
+
+    blacklist = [
+        'download',
+        'healthcheck',
+        'locale',
+        'control',
+        'pretixdroid',
+        'redirect',
+        'jsi18n',
+        'metrics',
+        '_global',
+        '__debug__',
+        'about'
+    ]