summaryrefslogtreecommitdiff
path: root/ishtar_common
diff options
context:
space:
mode:
authorÉtienne Loks <etienne.loks@iggdrasil.net>2017-04-29 13:20:21 +0200
committerÉtienne Loks <etienne.loks@iggdrasil.net>2017-04-29 13:20:21 +0200
commit5f77a4ab463e711121484a17bb5de522400b2dc9 (patch)
tree5b8b1ed0402828e1acb818fd2898e7053209ff98 /ishtar_common
parenta929afc8937dbff7def85251937798c963f85ac0 (diff)
downloadIshtar-5f77a4ab463e711121484a17bb5de522400b2dc9.tar.bz2
Ishtar-5f77a4ab463e711121484a17bb5de522400b2dc9.zip
Extra security to prevent recursion on bulk update
Diffstat (limited to 'ishtar_common')
-rw-r--r--ishtar_common/models.py23
-rw-r--r--ishtar_common/tests.py2
-rw-r--r--ishtar_common/utils.py1
3 files changed, 25 insertions, 1 deletions
diff --git a/ishtar_common/models.py b/ishtar_common/models.py
index 6c83c8bfb..2475cd289 100644
--- a/ishtar_common/models.py
+++ b/ishtar_common/models.py
@@ -31,6 +31,7 @@ import os
import re
import shutil
import tempfile
+import time
import unicodecsv
import zipfile
@@ -861,6 +862,28 @@ class HistoryError(Exception):
PRIVATE_FIELDS = ('id', 'history_modifier', 'order')
+class BulkUpdatedItem(object):
+ @classmethod
+ def bulk_recursion(cls, transaction_id, extra_args):
+ """
+ Prevent infinite recursion. Should not happen but wrong manipulation
+ in the database or messy imports can generate circular relations
+
+ :param transaction_id: current transaction ID (unix time) - if null
+ a transaction ID is generated
+ :param extra_args: arguments dealing with
+ :return: (transaction ID, is a recursion)
+ """
+ if not transaction_id:
+ transaction_id = unicode(time.time())
+ args = ['cached_label_bulk_update', transaction_id] + extra_args
+ key, val = get_cache(cls, args)
+ if val:
+ return transaction_id, True
+ cache.set(key, 1, settings.CACHE_SMALLTIMEOUT)
+ return transaction_id, False
+
+
class BaseHistorizedItem(Imported):
IS_BASKET = False
history_modifier = models.ForeignKey(
diff --git a/ishtar_common/tests.py b/ishtar_common/tests.py
index e3958814c..eca722670 100644
--- a/ishtar_common/tests.py
+++ b/ishtar_common/tests.py
@@ -84,7 +84,7 @@ def create_superuser():
def create_user():
username = 'username678'
- password = 'dcbqj756456!@%'
+ password = 'dcbqj756aaa456!@%'
q = User.objects.filter(username=username)
if q.count():
return username, password, q.all()[0]
diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py
index 962db5945..555a338f8 100644
--- a/ishtar_common/utils.py
+++ b/ishtar_common/utils.py
@@ -20,6 +20,7 @@
from functools import wraps
import hashlib
import random
+import datetime
from django import forms
from django.conf import settings