From 528d33ae1b8ef495a325b8759984194285815d05 Mon Sep 17 00:00:00 2001 From: njkim Date: Wed, 25 Oct 2023 16:31:14 -0700 Subject: [PATCH] Chekc search-url before getting resources, #10186 --- arches/app/etl_modules/base_data_editor.py | 34 ++++++++++++++++--- arches/app/etl_modules/bulk_data_deletion.py | 17 ++++++++-- .../etl_modules/bulk-data-deletion.js | 21 +++++------- 3 files changed, 54 insertions(+), 18 deletions(-) diff --git a/arches/app/etl_modules/base_data_editor.py b/arches/app/etl_modules/base_data_editor.py index 5445ffcda8f..6aee2eaab52 100644 --- a/arches/app/etl_modules/base_data_editor.py +++ b/arches/app/etl_modules/base_data_editor.py @@ -3,6 +3,8 @@ import logging from urllib.parse import urlsplit, parse_qs import uuid +from django.core.exceptions import ValidationError +from django.core.validators import URLValidator from django.db import connection from django.http import HttpRequest from django.utils.decorators import method_decorator @@ -156,6 +158,11 @@ def get_resourceids_from_search_url(self, search_url): request.user = self.request.user request.method = "GET" request.GET["export"] = True + validate = URLValidator() + try: + validate(search_url) + except: + raise params = parse_qs(urlsplit(search_url).query) for k, v in params.items(): request.GET.__setitem__(k, v[0]) @@ -192,6 +199,12 @@ def get_preview_data(self, node_id, search_url, language_code, operation, old_te language_code = "en" if search_url: + validate = URLValidator() + try: + validate(search_url) + except: + raise + params = parse_qs(urlsplit(search_url).query) for k, v in params.items(): request.GET.__setitem__(k, v[0]) @@ -290,7 +303,13 @@ def preview(self, request): if resourceids: resourceids = json.loads(resourceids) if search_url: - resourceids = self.get_resourceids_from_search_url(search_url) + try: + resourceids = self.get_resourceids_from_search_url(search_url) + except ValidationError: + return { + "success": False, + "data": {"title": _("Invalid Search Url"), "message": "Please, enter a valid search url "} + } if resourceids: resourceids = tuple(resourceids) @@ -304,9 +323,16 @@ def preview(self, request): if also_trim == "true": operation = operation + "_trim" - first_five_values, number_of_tiles, number_of_resources = self.get_preview_data( - node_id, search_url, language_code, operation, old_text, case_insensitive, whole_word - ) + try: + first_five_values, number_of_tiles, number_of_resources = self.get_preview_data( + node_id, search_url, language_code, operation, old_text, case_insensitive, whole_word + ) + except TypeError: + return { + "success": False, + "data": {"title": _("Invalid Search Url"), "message": "Please, enter a valid search url "} + } + return_list = [] with connection.cursor() as cursor: for value in first_five_values: diff --git a/arches/app/etl_modules/bulk_data_deletion.py b/arches/app/etl_modules/bulk_data_deletion.py index b1ddfcbd94f..8a3b6a75c7b 100644 --- a/arches/app/etl_modules/bulk_data_deletion.py +++ b/arches/app/etl_modules/bulk_data_deletion.py @@ -3,6 +3,7 @@ import logging import uuid from django.contrib.auth.models import User +from django.core.exceptions import ValidationError from django.db import connection from django.http import HttpRequest from django.utils.translation import gettext as _ @@ -122,7 +123,13 @@ def count(self, request): if resourceids: resourceids = json.loads(resourceids) if search_url: - resourceids = self.get_resourceids_from_search_url(search_url) + try: + resourceids = self.get_resourceids_from_search_url(search_url) + except ValidationError: + return { + "success": False, + "data": {"title": _("Invalid Search Url"), "message": "Please, enter a valid search url "} + } if resourceids: resourceids = tuple(resourceids) @@ -144,7 +151,13 @@ def delete(self, request): if resourceids: resourceids = tuple(resourceids) if search_url: - resourceids = self.get_resourceids_from_search_url(search_url) + try: + resourceids = self.get_resourceids_from_search_url(search_url) + except ValidationError: + return { + "success": False, + "data": {"title": _("Invalid Search Url"), "message": "Please, enter a valid search url "} + } use_celery_bulk_delete = True diff --git a/arches/app/media/js/views/components/etl_modules/bulk-data-deletion.js b/arches/app/media/js/views/components/etl_modules/bulk-data-deletion.js index 0f79e8d178a..df4529b053c 100644 --- a/arches/app/media/js/views/components/etl_modules/bulk-data-deletion.js +++ b/arches/app/media/js/views/components/etl_modules/bulk-data-deletion.js @@ -15,18 +15,6 @@ define([ const viewModel = function(params) { const self = this; - this.operationLabel = { - "trim": "Trim", - "replace": "Replace (Case Sensitive)", - "replace_i": "Replace (Case Insensitive)", - "capitalize": "Capitalize", - "capitalize_trim": "Capitalize (Also, remove leading/trailing spaces)", - "upper": "Uppercase", - "upper_trim": "Uppercase (Also, remove leading/trailing spaces)", - "lower": "Lowercase", - "lower_trim": "Lowercase (Also, remove leading/trailing spaces)", - }; - this.loadDetails = params.load_details; this.editHistoryUrl = `${arches.urls.edit_history}?transactionid=${ko.unwrap(params.selectedLoadEvent)?.loadid}`; this.state = params.state; @@ -81,6 +69,15 @@ define([ self.numberOfTiles(response.result.tile); self.counting(false); self.showCount(true); + }).fail( function(err) { + self.alert( + new JsonErrorAlertViewModel( + 'ep-alert-red', + err.responseJSON["data"], + null, + function(){} + ) + ); }); };