User Settings: Ignore empty language codes & validate (#13755)

tokarchuk/v1.17
6543 4 years ago committed by GitHub
parent 3512c7e40f
commit 48a3bb7a32
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      integrations/privateactivity_test.go
  2. 4
      integrations/user_test.go
  3. 2
      integrations/xss_test.go
  4. 2
      modules/auth/user_form.go
  5. 1
      options/locale/locale_en-US.ini
  6. 8
      routers/user/setting/profile.go

@ -45,7 +45,7 @@ func testPrivateActivityHelperEnablePrivateActivity(t *testing.T) {
"_csrf": GetCSRF(t, session, "/user/settings"), "_csrf": GetCSRF(t, session, "/user/settings"),
"name": privateActivityTestUser, "name": privateActivityTestUser,
"email": privateActivityTestUser + "@example.com", "email": privateActivityTestUser + "@example.com",
"language": "en-us", "language": "en-US",
"keep_activity_private": "1", "keep_activity_private": "1",
}) })
session.MakeRequest(t, req, http.StatusFound) session.MakeRequest(t, req, http.StatusFound)

@ -30,7 +30,7 @@ func TestRenameUsername(t *testing.T) {
"_csrf": GetCSRF(t, session, "/user/settings"), "_csrf": GetCSRF(t, session, "/user/settings"),
"name": "newUsername", "name": "newUsername",
"email": "user2@example.com", "email": "user2@example.com",
"language": "en-us", "language": "en-US",
}) })
session.MakeRequest(t, req, http.StatusFound) session.MakeRequest(t, req, http.StatusFound)
@ -100,7 +100,7 @@ func TestRenameReservedUsername(t *testing.T) {
"_csrf": GetCSRF(t, session, "/user/settings"), "_csrf": GetCSRF(t, session, "/user/settings"),
"name": reservedUsername, "name": reservedUsername,
"email": "user2@example.com", "email": "user2@example.com",
"language": "en-us", "language": "en-US",
}) })
resp := session.MakeRequest(t, req, http.StatusFound) resp := session.MakeRequest(t, req, http.StatusFound)

@ -24,7 +24,7 @@ func TestXSSUserFullName(t *testing.T) {
"name": user.Name, "name": user.Name,
"full_name": fullName, "full_name": fullName,
"email": user.Email, "email": user.Email,
"language": "en-us", "language": "en-US",
}) })
session.MakeRequest(t, req, http.StatusFound) session.MakeRequest(t, req, http.StatusFound)

@ -202,7 +202,7 @@ type UpdateProfileForm struct {
KeepEmailPrivate bool KeepEmailPrivate bool
Website string `binding:"ValidUrl;MaxSize(255)"` Website string `binding:"ValidUrl;MaxSize(255)"`
Location string `binding:"MaxSize(50)"` Location string `binding:"MaxSize(50)"`
Language string `binding:"Size(5)"` Language string
Description string `binding:"MaxSize(255)"` Description string `binding:"MaxSize(255)"`
KeepActivityPrivate bool KeepActivityPrivate bool
} }

@ -440,6 +440,7 @@ website = Website
location = Location location = Location
update_theme = Update Theme update_theme = Update Theme
update_profile = Update Profile update_profile = Update Profile
update_language_not_found = Language '%s' is not available.
update_profile_success = Your profile has been updated. update_profile_success = Your profile has been updated.
change_username = Your username has been changed. change_username = Your username has been changed.
change_username_prompt = Note: username changes also change your account URL. change_username_prompt = Note: username changes also change your account URL.

@ -19,6 +19,7 @@ import (
"code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"github.com/unknwon/i18n" "github.com/unknwon/i18n"
) )
@ -94,7 +95,14 @@ func ProfilePost(ctx *context.Context, form auth.UpdateProfileForm) {
ctx.User.KeepEmailPrivate = form.KeepEmailPrivate ctx.User.KeepEmailPrivate = form.KeepEmailPrivate
ctx.User.Website = form.Website ctx.User.Website = form.Website
ctx.User.Location = form.Location ctx.User.Location = form.Location
if len(form.Language) != 0 {
if !util.IsStringInSlice(form.Language, setting.Langs) {
ctx.Flash.Error(ctx.Tr("settings.update_language_not_found", form.Language))
ctx.Redirect(setting.AppSubURL + "/user/settings")
return
}
ctx.User.Language = form.Language ctx.User.Language = form.Language
}
ctx.User.Description = form.Description ctx.User.Description = form.Description
ctx.User.KeepActivityPrivate = form.KeepActivityPrivate ctx.User.KeepActivityPrivate = form.KeepActivityPrivate
if err := models.UpdateUserSetting(ctx.User); err != nil { if err := models.UpdateUserSetting(ctx.User); err != nil {

Loading…
Cancel
Save