Make cgi.templating more fault-tolerant towards invalid requests.

stefanseefeld · stefanseefeld · commit 4d5b6a356c41 · 2009-02-16T21:02:23.000Z
diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
@@ -535,14 +535,14 @@ def __getitem__(self, item):
                     value = lookupIds(self._db, prop,
                         handleListCGIValue(form[item]), fail_ok=1)
                 elif isinstance(prop, hyperdb.Link):
-                    value = form[item].value.strip()
+                    value = form.getfirst(item).strip()
                     if value:
                         value = lookupIds(self._db, prop, [value],
                             fail_ok=1)[0]
                     else:
                         value = None
                 else:
-                    value = form[item].value.strip() or None
+                    value = form.getfirst(item).strip() or None
             else:
                 if isinstance(prop, hyperdb.Multilink):
                     value = []
@@ -2225,10 +2225,10 @@ def _parse_sort(self, var, name):
             key = '%s%s%d'%(special, name, idx)
             while key in self.form:
                 self.special_char = special
-                fields.append (self.form[key].value)
+                fields.append(self.form.getfirst(key))
                 dirkey = '%s%sdir%d'%(special, name, idx)
                 if dirkey in self.form:
-                    dirs.append(self.form[dirkey].value)
+                    dirs.append(self.form.getfirst(dirkey))
                 else:
                     dirs.append(None)
                 idx += 1
@@ -2239,7 +2239,7 @@ def _parse_sort(self, var, name):
             if key in self.form and not fields:
                 fields = handleListCGIValue(self.form[key])
                 if dirkey in self.form:
-                    dirs.append(self.form[dirkey].value)
+                    dirs.append(self.form.getfirst(dirkey))
             if fields: # only try other special char if nothing found
                 break
         for f, d in map(None, fields, dirs):
@@ -2302,31 +2302,25 @@ def _post_init(self):
         for name in ':search_text @search_text'.split():
             if self.form.has_key(name):
                 self.special_char = name[0]
-                try:
-                    self.search_text = self.form[name].value
-                except AttributeError:
-                    # http://psf.upfronthosting.co.za/roundup/meta/issue111
-                    # Multiple search_text, probably some kind of spambot.
-                    # Use first value.
-                    self.search_text = self.form[name][0].value
+                self.search_text = self.form.getfirst(name)
 
         # pagination - size and start index
         # figure batch args
         self.pagesize = 50
         for name in ':pagesize @pagesize'.split():
             if self.form.has_key(name):
                 self.special_char = name[0]
-                self.pagesize = int(self.form[name].value)
+                self.pagesize = int(self.form.getfirst(name))
 
         self.startwith = 0
         for name in ':startwith @startwith'.split():
             if self.form.has_key(name):
                 self.special_char = name[0]
-                self.startwith = int(self.form[name].value)
+                self.startwith = int(self.form.getfirst(name))
 
         # dispname
         if self.form.has_key('@dispname'):
-            self.dispname = self.form['@dispname'].value
+            self.dispname = self.form.getfirst('@dispname')
         else:
             self.dispname = None
 
diff --git a/test/test_templating.py b/test/test_templating.py
@@ -72,6 +72,22 @@ def get(entry, key):
 
 class HTMLClassTestCase(TemplatingTestCase) :
 
+    def test_link(self):
+        """Make sure lookup of a Link property works even in the
+        presence of multiple values in the form."""
+        def lookup(key) :
+            self.assertEqual(key, key.strip())
+            return "Status%s"%key
+        self.form.list.append(MiniFieldStorage("status", "1"))
+        self.form.list.append(MiniFieldStorage("status", "2"))
+        status = hyperdb.Link("status")
+        self.client.db.classes = dict \
+            ( issue = MockNull(getprops = lambda : dict(status = status))
+            , status  = MockNull(get = lambda id, name : id, lookup = lookup)
+            )
+        cls = HTMLClass(self.client, "issue")
+        cls["status"]
+
     def test_multilink(self):
         """`lookup` of an item will fail if leading or trailing whitespace
            has not been stripped.
