Browse Source

User Settings: Ignore empty language codes & validate (#13755)

tags/v1.15.0-dev
6543 4 years ago committed by GitHub
parent
commit
48a3bb7a32
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      integrations/privateactivity_test.go
  2. 4
      integrations/user_test.go
  3. 2
      integrations/xss_test.go
  4. 2
      modules/auth/user_form.go
  5. 1
      options/locale/locale_en-US.ini
  6. 8
      routers/user/setting/profile.go

2
integrations/privateactivity_test.go

@ -45,7 +45,7 @@ func testPrivateActivityHelperEnablePrivateActivity(t *testing.T) {
"_csrf": GetCSRF(t, session, "/user/settings"),
"name": privateActivityTestUser,
"email": privateActivityTestUser + "@example.com",
"language": "en-us",
"language": "en-US",
"keep_activity_private": "1",
})
session.MakeRequest(t, req, http.StatusFound)

4
integrations/user_test.go

@ -30,7 +30,7 @@ func TestRenameUsername(t *testing.T) {
"_csrf": GetCSRF(t, session, "/user/settings"),
"name": "newUsername",
"email": "user2@example.com",
"language": "en-us",
"language": "en-US",
})
session.MakeRequest(t, req, http.StatusFound)
@ -100,7 +100,7 @@ func TestRenameReservedUsername(t *testing.T) {
"_csrf": GetCSRF(t, session, "/user/settings"),
"name": reservedUsername,
"email": "user2@example.com",
"language": "en-us",
"language": "en-US",
})
resp := session.MakeRequest(t, req, http.StatusFound)

2
integrations/xss_test.go

@ -24,7 +24,7 @@ func TestXSSUserFullName(t *testing.T) {
"name": user.Name,
"full_name": fullName,
"email": user.Email,
"language": "en-us",
"language": "en-US",
})
session.MakeRequest(t, req, http.StatusFound)

2
modules/auth/user_form.go

@ -202,7 +202,7 @@ type UpdateProfileForm struct {
KeepEmailPrivate bool
Website string `binding:"ValidUrl;MaxSize(255)"`
Location string `binding:"MaxSize(50)"`
Language string `binding:"Size(5)"`
Language string
Description string `binding:"MaxSize(255)"`
KeepActivityPrivate bool
}

1
options/locale/locale_en-US.ini

@ -440,6 +440,7 @@ website = Website
location = Location
update_theme = Update Theme
update_profile = Update Profile
update_language_not_found = Language '%s' is not available.
update_profile_success = Your profile has been updated.
change_username = Your username has been changed.
change_username_prompt = Note: username changes also change your account URL.

8
routers/user/setting/profile.go

@ -19,6 +19,7 @@ import (
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"github.com/unknwon/i18n"
)
@ -94,7 +95,14 @@ func ProfilePost(ctx *context.Context, form auth.UpdateProfileForm) {
ctx.User.KeepEmailPrivate = form.KeepEmailPrivate
ctx.User.Website = form.Website
ctx.User.Location = form.Location
if len(form.Language) != 0 {
if !util.IsStringInSlice(form.Language, setting.Langs) {
ctx.Flash.Error(ctx.Tr("settings.update_language_not_found", form.Language))
ctx.Redirect(setting.AppSubURL + "/user/settings")
return
}
ctx.User.Language = form.Language
}
ctx.User.Description = form.Description
ctx.User.KeepActivityPrivate = form.KeepActivityPrivate
if err := models.UpdateUserSetting(ctx.User); err != nil {

Loading…
Cancel
Save