From e1c6103dc4c3eca050cc302a270e4f7954895dda Mon Sep 17 00:00:00 2001 From: Richard Schreiber Date: Thu, 12 May 2022 17:24:17 +0200 Subject: [PATCH] Limit identifiers (Question, QuestionOption, Customer) to alphanum, dot, dash, and underscore --- src/pretix/base/models/customers.py | 15 ++++++++++++++- src/pretix/base/models/items.py | 20 ++++++++++++++++++-- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/src/pretix/base/models/customers.py b/src/pretix/base/models/customers.py index 2a8c970a89..b610ada0c3 100644 --- a/src/pretix/base/models/customers.py +++ b/src/pretix/base/models/customers.py @@ -24,6 +24,7 @@ from django.conf import settings from django.contrib.auth.hashers import ( check_password, is_password_usable, make_password, ) +from django.core.validators import RegexValidator from django.db import models from django.db.models import F, Q from django.utils.crypto import get_random_string, salted_hmac @@ -44,7 +45,19 @@ class Customer(LoggedModel): """ id = models.BigAutoField(primary_key=True) organizer = models.ForeignKey(Organizer, related_name='customers', on_delete=models.CASCADE) - identifier = models.CharField(max_length=190, db_index=True, unique=True) + identifier = models.CharField( + max_length=190, + db_index=True, + unique=True, + help_text=_('You can enter any value here to make it easier to match the data with other sources. If you do ' + 'not input one, we will generate one automatically.'), + validators=[ + RegexValidator( + regex=r"^[a-zA-Z0-9]([a-zA-Z0-9.\-_]*[a-zA-Z0-9])?$", + message=_("The identifier may only contain letters, numbers, dots, dashes, and underscores. It must start and end with a letter or number."), + ), + ], + ) email = models.EmailField(db_index=True, null=True, blank=False, verbose_name=_('E-mail'), max_length=190) phone = PhoneNumberField(null=True, blank=True, verbose_name=_('Phone number')) password = models.CharField(verbose_name=_('Password'), max_length=128) diff --git a/src/pretix/base/models/items.py b/src/pretix/base/models/items.py index ff1f071ced..c7b5e531fc 100644 --- a/src/pretix/base/models/items.py +++ b/src/pretix/base/models/items.py @@ -1243,7 +1243,13 @@ class Question(LoggedModel): max_length=190, verbose_name=_("Internal identifier"), help_text=_('You can enter any value here to make it easier to match the data with other sources. If you do ' - 'not input one, we will generate one automatically.') + 'not input one, we will generate one automatically.'), + validators=[ + RegexValidator( + regex=r"^[a-zA-Z0-9.\-_]+$", + message=_("The identifier may only contain letters, numbers, dots, dashes, and underscores."), + ), + ], ) help_text = I18nTextField( verbose_name=_("Help text"), @@ -1461,7 +1467,17 @@ class Question(LoggedModel): class QuestionOption(models.Model): question = models.ForeignKey('Question', related_name='options', on_delete=models.CASCADE) - identifier = models.CharField(max_length=190) + identifier = models.CharField( + max_length=190, + help_text=_('You can enter any value here to make it easier to match the data with other sources. If you do ' + 'not input one, we will generate one automatically.'), + validators=[ + RegexValidator( + regex=r"^[a-zA-Z0-9.\-_]+$", + message=_("The identifier may only contain letters, numbers, dots, dashes, and underscores."), + ), + ], + ) answer = I18nCharField(verbose_name=_('Answer')) position = models.IntegerField(default=0)