mirror
/
datasette
kopia lustrzana https://github.com/simonw/datasette
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Fix for MagicParameters error with no POST body, closes #967

pull/977/head
Simon Willison 2020-09-15 13:10:25 -07:00
rodzic 65ca17d729
commit 448d13ea6b
2 zmienionych plików z 41 dodań i 1 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

5
datasette/views/database.py
Wyświetl plik

@ -371,6 +371,11 @@ class MagicParameters(dict):
) )
) )
def __len__(self):
# Workaround for 'Incorrect number of bindings' error
# https://github.com/simonw/datasette/issues/967#issuecomment-692951144
return super().__len__() or 1
def __getitem__(self, key): def __getitem__(self, key):
if key.startswith("_") and key.count("_") >= 2: if key.startswith("_") and key.count("_") >= 2:
prefix, suffix = key[1:].split("_", 1) prefix, suffix = key[1:].split("_", 1)

37
tests/test_canned_queries.py
Wyświetl plik

@ -305,14 +305,49 @@ def test_magic_parameters(magic_parameters_client, magic_parameter, expected_re)
assert None is soup.find("input", {"name": magic_parameter}) assert None is soup.find("input", {"name": magic_parameter})
# Submit the form to create a log line # Submit the form to create a log line
response = magic_parameters_client.post( response = magic_parameters_client.post(
"/data/runme_post", {}, csrftoken_from=True, cookies=cookies "/data/runme_post?_json=1", {}, csrftoken_from=True, cookies=cookies
) )
assert response.json == {
"ok": True,
"message": "Query executed, 1 row affected",
"redirect": None,
}
post_actual = magic_parameters_client.get( post_actual = magic_parameters_client.get(
"/data/logs.json?_sort_desc=rowid&_shape=array" "/data/logs.json?_sort_desc=rowid&_shape=array"
).json[0]["line"] ).json[0]["line"]
assert re.match(expected_re, post_actual) assert re.match(expected_re, post_actual)
@pytest.mark.parametrize("use_csrf", [True, False])
@pytest.mark.parametrize("return_json", [True, False])
def test_magic_parameters_csrf_json(magic_parameters_client, use_csrf, return_json):
magic_parameters_client.ds._metadata["databases"]["data"]["queries"]["runme_post"][
"sql"
] = "insert into logs (line) values (:_header_host)"
qs = ""
if return_json:
qs = "?_json=1"
response = magic_parameters_client.post(
"/data/runme_post{}".format(qs),
{},
csrftoken_from=use_csrf or None,
allow_redirects=False,
)
if return_json:
assert response.status == 200
assert response.json["ok"], response.json
else:
assert response.status == 302
messages = magic_parameters_client.ds.unsign(
response.cookies["ds_messages"], "messages"
)
assert [["Query executed, 1 row affected", 1]] == messages
post_actual = magic_parameters_client.get(
"/data/logs.json?_sort_desc=rowid&_shape=array"
).json[0]["line"]
assert post_actual == "localhost"
def test_magic_parameters_cannot_be_used_in_arbitrary_queries(magic_parameters_client): def test_magic_parameters_cannot_be_used_in_arbitrary_queries(magic_parameters_client):
response = magic_parameters_client.get( response = magic_parameters_client.get(
"/data.json?sql=select+:_header_host&_shape=array" "/data.json?sql=select+:_header_host&_shape=array"