From 3fe1dbe88145d19227d34d85d989e0bfa9a3bfcc Mon Sep 17 00:00:00 2001 From: Kevin Falcoz <0pc0defr@gmail.com> Date: Tue, 1 Feb 2022 13:08:30 +0100 Subject: [PATCH] Add input validation for domain creation --- core/admin/mailu/ui/views/domains.py | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/core/admin/mailu/ui/views/domains.py b/core/admin/mailu/ui/views/domains.py index a48bb154..81c90b9b 100644 --- a/core/admin/mailu/ui/views/domains.py +++ b/core/admin/mailu/ui/views/domains.py @@ -18,18 +18,21 @@ def domain_list(): def domain_create(): form = forms.DomainForm() if form.validate_on_submit(): - conflicting_domain = models.Domain.query.get(form.name.data) - conflicting_alternative = models.Alternative.query.get(form.name.data) - conflicting_relay = models.Relay.query.get(form.name.data) - if conflicting_domain or conflicting_alternative or conflicting_relay: - flask.flash('Domain %s is already used' % form.name.data, 'error') + if validators.domain(form.name.data) is True: + conflicting_domain = models.Domain.query.get(form.name.data) + conflicting_alternative = models.Alternative.query.get(form.name.data) + conflicting_relay = models.Relay.query.get(form.name.data) + if conflicting_domain or conflicting_alternative or conflicting_relay: + flask.flash('Domain %s is already used' % form.name.data, 'error') + else: + domain = models.Domain() + form.populate_obj(domain) + models.db.session.add(domain) + models.db.session.commit() + flask.flash('Domain %s created' % domain) else: - domain = models.Domain() - form.populate_obj(domain) - models.db.session.add(domain) - models.db.session.commit() - flask.flash('Domain %s created' % domain) - return flask.redirect(flask.url_for('.domain_list')) + flask.flash('Domain %s is invalid' % form.name.data, 'error') + return flask.redirect(flask.url_for('.domain_list')) return flask.render_template('domain/create.html', form=form)