Launchpad itself

LaunchpadForm should let you specify if multiply-supplied fields are OK or not

Bug #451424 reported by Julian Edwards
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Invalid
Undecided
Unassigned

Bug Description

If someone specifies a GET request like this (possibly by URL hacking ):

?name_filter=blah&name_filter=wheee

then retrieving the field from the form with code like this:

self.request.get('name_filter')

will return a list instead of an expected string. There should be a more generic way to say whether this is acceptable to the form, and gracefully reject such requests if not.

Revision history for this message
Björn Tillenius (bjornt) wrote : Re: [Bug 451424] [NEW] LaunchpadForm should let you specify if multiply-supplied fields are OK or not

On Wed, Oct 14, 2009 at 04:51:59PM -0000, Julian Edwards wrote:
> Public bug reported:
>
> If someone specifies a GET request like this (possibly by URL hacking ):
>
> ?name_filter=blah&name_filter=wheee
>
> then retrieving the field from the form with code like this:
>
> self.request.get('name_filter')
>
> will return a list instead of an expected string. There should be a
> more generic way to say whether this is acceptable to the form, and
> gracefully reject such requests if not.

You mean something like self.request.form_ng.getOne('name_filter'),
which raises UnexpectedFormData if there is more than one value?

    subscribe bjornt
    status incomplete

Changed in launchpad-foundations:
status: New → Incomplete
Revision history for this message
Julian Edwards (julian-edwards) wrote :

What happens to the page when UFD is raised?

Revision history for this message
Björn Tillenius (bjornt) wrote : Re: [Bug 451424] Re: LaunchpadForm should let you specify if multiply-supplied fields are OK or not

On Thu, Oct 15, 2009 at 08:47:56AM -0000, Julian Edwards wrote:
> What happens to the page when UFD is raised?

Well, that's a different issue. At the moment I think a rather ugly
error page is presented to the user. We should probably improve on that,
but not limit it to LaunchpadForm.

Revision history for this message
Julian Edwards (julian-edwards) wrote :

Okay.

The thing that triggered me to file this bug (after talking to Gary) is the
+ppas search form. It's a regular LaunchpadView, not a LaunchpadFormView.
I'm not sure it makes sense to have a search form as LFV but I don't have much
experience in doing these so I'd be happy to convert it if that's what is
normally done. But it would mean making an interface for a non-model object
right?

Revision history for this message
Björn Tillenius (bjornt) wrote :

On Thu, Oct 15, 2009 at 09:23:05AM -0000, Julian Edwards wrote:
> Okay.
>
> The thing that triggered me to file this bug (after talking to Gary) is the
> +ppas search form. It's a regular LaunchpadView, not a LaunchpadFormView.
> I'm not sure it makes sense to have a search form as LFV but I don't have much
> experience in doing these so I'd be happy to convert it if that's what is
> normally done. But it would mean making an interface for a non-model object
> right?

It certainly does make sense to use LFV for a search page, but you don't
need to convert it. You can use self.request.form_ng.getOne() in any
view.

But yes, if you do want to convert the view, the easiest way is to
create an interface for the view. But it's also possible to create the
fields in the view itself.

Revision history for this message
Julian Edwards (julian-edwards) wrote :

Thanks for explaining Bjorn, I think this bug is invalid.

Changed in launchpad-foundations:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.