Improve validation of email templates (#4184)

* Improve validation of email templates * simplify SafeFormatter (skip attribute access code path altogether instead of blocklisting characters) * let SafeFormatter optionally raise on missing key * simplify placeholder validation * rename parameter * Remove unused import --------- Co-authored-by: Raphael Michel <michel@rami.io>
2026-05-05 15:14:04 +00:00 · 2024-06-10 16:41:52 +02:00
parent ab576bb643
commit dd6ebd7a48
3 changed files with 38 additions and 36 deletions
--- a/src/pretix/helpers/format.py
+++ b/src/pretix/helpers/format.py
@@ -30,17 +30,15 @@ class SafeFormatter(Formatter):
    Customized version of ``str.format`` that (a) behaves just like ``str.format_map`` and
    (b) does not allow any unwanted shenanigans like attribute access or format specifiers.
    """
-    def __init__(self, context):
+    def __init__(self, context, raise_on_missing=False):
        self.context = context
+        self.raise_on_missing = raise_on_missing

    def get_field(self, field_name, args, kwargs):
-        if '.' in field_name or '[' in field_name:
-            logger.warning(f'Ignored invalid field name "{field_name}"')
-            return ('{' + str(field_name) + '}', field_name)
-        return super().get_field(field_name, args, kwargs)
+        return self.get_value(field_name, args, kwargs), field_name

    def get_value(self, key, args, kwargs):
-        if key not in self.context:
+        if not self.raise_on_missing and key not in self.context:
            return '{' + str(key) + '}'
        return self.context[key]

@@ -49,7 +47,7 @@ class SafeFormatter(Formatter):
        return super().format_field(value, '')


-def format_map(template, context):
+def format_map(template, context, raise_on_missing=False):
    if not isinstance(template, str):
        template = str(template)
-    return SafeFormatter(context).format(template)
+    return SafeFormatter(context, raise_on_missing).format(template)