extern/django-helpdesk
1
0
Fork 1
mirror of https://github.com/django-helpdesk/django-helpdesk.git synced 2025-03-04 18:22:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #108 from kratorius/fix-query-filtering

Browse Source 
Sanity checks against input for ticket search
This commit is contained in:
Ross Poulton 2012-01-23 15:16:56 -08:00
commit 230f94f6aa
2 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
helpdesk/lib.py
View File

@ -173,10 +173,12 @@ def apply_query(queryset, params):
# eg a Q() set # eg a Q() set
queryset = queryset.filter(params['other_filter']) queryset = queryset.filter(params['other_filter'])
if params.get('sorting', None): sorting = params.get('sorting', None)
if params.get('sortreverse', None): if not sorting:
params['sorting'] = "-%s" % params['sorting'] sortreverse = params.get('sortreverse', None)
queryset = queryset.order_by(params['sorting']) if sortreverse:
sorting = "-%s" % sorting
queryset = queryset.order_by(sorting)
return queryset return queryset

33
helpdesk/views/staff.py
View File

@ -15,6 +15,7 @@ from django.contrib.auth.models import User
from django.contrib.auth.decorators import login_required, user_passes_test from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.files.base import ContentFile from django.core.files.base import ContentFile
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
from django.core.exceptions import ValidationError
from django.core import paginator from django.core import paginator
from django.db import connection from django.db import connection
from django.db.models import Q from django.db.models import Q
@ -633,18 +634,27 @@ def ticket_list(request):
else: else:
queues = request.GET.getlist('queue') queues = request.GET.getlist('queue')
if queues: if queues:
queues = [int(q) for q in queues] try:
query_params['filtering']['queue__id__in'] = queues queues = [int(q) for q in queues]
query_params['filtering']['queue__id__in'] = queues
except ValueError:
pass
owners = request.GET.getlist('assigned_to') owners = request.GET.getlist('assigned_to')
if owners: if owners:
owners = [int(u) for u in owners] try:
query_params['filtering']['assigned_to__id__in'] = owners owners = [int(u) for u in owners]
query_params['filtering']['assigned_to__id__in'] = owners
except ValueError:
pass
statuses = request.GET.getlist('status') statuses = request.GET.getlist('status')
if statuses: if statuses:
statuses = [int(s) for s in statuses] try:
query_params['filtering']['status__in'] = statuses statuses = [int(s) for s in statuses]
query_params['filtering']['status__in'] = statuses
except ValueError:
pass
date_from = request.GET.get('date_from') date_from = request.GET.get('date_from')
if date_from: if date_from:
@ -677,8 +687,15 @@ def ticket_list(request):
sortreverse = request.GET.get('sortreverse', None) sortreverse = request.GET.get('sortreverse', None)
query_params['sortreverse'] = sortreverse query_params['sortreverse'] = sortreverse
ticket_qs = apply_query(Ticket.objects.select_related(), query_params) try:
print >> sys.stderr, str(ticket_qs.query) ticket_qs = apply_query(Ticket.objects.select_related(), query_params)
except ValidationError:
# invalid parameters in query, return default query
query_params = {
'filtering': {'status__in': [1, 2, 3]},
'sorting': 'created',
}
ticket_qs = apply_query(Ticket.objects.select_related(), query_params)
## TAG MATCHING ## TAG MATCHING
if HAS_TAG_SUPPORT: if HAS_TAG_SUPPORT: