diff options
author | Étienne Loks <etienne.loks@iggdrasil.net> | 2017-04-29 13:20:21 +0200 |
---|---|---|
committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2017-04-29 13:20:21 +0200 |
commit | 5f77a4ab463e711121484a17bb5de522400b2dc9 (patch) | |
tree | 5b8b1ed0402828e1acb818fd2898e7053209ff98 /ishtar_common | |
parent | a929afc8937dbff7def85251937798c963f85ac0 (diff) | |
download | Ishtar-5f77a4ab463e711121484a17bb5de522400b2dc9.tar.bz2 Ishtar-5f77a4ab463e711121484a17bb5de522400b2dc9.zip |
Extra security to prevent recursion on bulk update
Diffstat (limited to 'ishtar_common')
-rw-r--r-- | ishtar_common/models.py | 23 | ||||
-rw-r--r-- | ishtar_common/tests.py | 2 | ||||
-rw-r--r-- | ishtar_common/utils.py | 1 |
3 files changed, 25 insertions, 1 deletions
diff --git a/ishtar_common/models.py b/ishtar_common/models.py index 6c83c8bfb..2475cd289 100644 --- a/ishtar_common/models.py +++ b/ishtar_common/models.py @@ -31,6 +31,7 @@ import os import re import shutil import tempfile +import time import unicodecsv import zipfile @@ -861,6 +862,28 @@ class HistoryError(Exception): PRIVATE_FIELDS = ('id', 'history_modifier', 'order') +class BulkUpdatedItem(object): + @classmethod + def bulk_recursion(cls, transaction_id, extra_args): + """ + Prevent infinite recursion. Should not happen but wrong manipulation + in the database or messy imports can generate circular relations + + :param transaction_id: current transaction ID (unix time) - if null + a transaction ID is generated + :param extra_args: arguments dealing with + :return: (transaction ID, is a recursion) + """ + if not transaction_id: + transaction_id = unicode(time.time()) + args = ['cached_label_bulk_update', transaction_id] + extra_args + key, val = get_cache(cls, args) + if val: + return transaction_id, True + cache.set(key, 1, settings.CACHE_SMALLTIMEOUT) + return transaction_id, False + + class BaseHistorizedItem(Imported): IS_BASKET = False history_modifier = models.ForeignKey( diff --git a/ishtar_common/tests.py b/ishtar_common/tests.py index e3958814c..eca722670 100644 --- a/ishtar_common/tests.py +++ b/ishtar_common/tests.py @@ -84,7 +84,7 @@ def create_superuser(): def create_user(): username = 'username678' - password = 'dcbqj756456!@%' + password = 'dcbqj756aaa456!@%' q = User.objects.filter(username=username) if q.count(): return username, password, q.all()[0] diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py index 962db5945..555a338f8 100644 --- a/ishtar_common/utils.py +++ b/ishtar_common/utils.py @@ -20,6 +20,7 @@ from functools import wraps import hashlib import random +import datetime from django import forms from django.conf import settings |