User Settings: Ignore empty language codes & validate (#13755)

This commit is contained in:
6543 2020-12-04 07:20:30 +01:00 committed by GitHub
parent 3512c7e40f
commit 48a3bb7a32
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 15 additions and 6 deletions

View file

@ -45,7 +45,7 @@ func testPrivateActivityHelperEnablePrivateActivity(t *testing.T) {
"_csrf": GetCSRF(t, session, "/user/settings"), "_csrf": GetCSRF(t, session, "/user/settings"),
"name": privateActivityTestUser, "name": privateActivityTestUser,
"email": privateActivityTestUser + "@example.com", "email": privateActivityTestUser + "@example.com",
"language": "en-us", "language": "en-US",
"keep_activity_private": "1", "keep_activity_private": "1",
}) })
session.MakeRequest(t, req, http.StatusFound) session.MakeRequest(t, req, http.StatusFound)

View file

@ -30,7 +30,7 @@ func TestRenameUsername(t *testing.T) {
"_csrf": GetCSRF(t, session, "/user/settings"), "_csrf": GetCSRF(t, session, "/user/settings"),
"name": "newUsername", "name": "newUsername",
"email": "user2@example.com", "email": "user2@example.com",
"language": "en-us", "language": "en-US",
}) })
session.MakeRequest(t, req, http.StatusFound) session.MakeRequest(t, req, http.StatusFound)
@ -100,7 +100,7 @@ func TestRenameReservedUsername(t *testing.T) {
"_csrf": GetCSRF(t, session, "/user/settings"), "_csrf": GetCSRF(t, session, "/user/settings"),
"name": reservedUsername, "name": reservedUsername,
"email": "user2@example.com", "email": "user2@example.com",
"language": "en-us", "language": "en-US",
}) })
resp := session.MakeRequest(t, req, http.StatusFound) resp := session.MakeRequest(t, req, http.StatusFound)

View file

@ -24,7 +24,7 @@ func TestXSSUserFullName(t *testing.T) {
"name": user.Name, "name": user.Name,
"full_name": fullName, "full_name": fullName,
"email": user.Email, "email": user.Email,
"language": "en-us", "language": "en-US",
}) })
session.MakeRequest(t, req, http.StatusFound) session.MakeRequest(t, req, http.StatusFound)

View file

@ -202,7 +202,7 @@ type UpdateProfileForm struct {
KeepEmailPrivate bool KeepEmailPrivate bool
Website string `binding:"ValidUrl;MaxSize(255)"` Website string `binding:"ValidUrl;MaxSize(255)"`
Location string `binding:"MaxSize(50)"` Location string `binding:"MaxSize(50)"`
Language string `binding:"Size(5)"` Language string
Description string `binding:"MaxSize(255)"` Description string `binding:"MaxSize(255)"`
KeepActivityPrivate bool KeepActivityPrivate bool
} }

View file

@ -440,6 +440,7 @@ website = Website
location = Location location = Location
update_theme = Update Theme update_theme = Update Theme
update_profile = Update Profile update_profile = Update Profile
update_language_not_found = Language '%s' is not available.
update_profile_success = Your profile has been updated. update_profile_success = Your profile has been updated.
change_username = Your username has been changed. change_username = Your username has been changed.
change_username_prompt = Note: username changes also change your account URL. change_username_prompt = Note: username changes also change your account URL.

View file

@ -19,6 +19,7 @@ import (
"code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"github.com/unknwon/i18n" "github.com/unknwon/i18n"
) )
@ -94,7 +95,14 @@ func ProfilePost(ctx *context.Context, form auth.UpdateProfileForm) {
ctx.User.KeepEmailPrivate = form.KeepEmailPrivate ctx.User.KeepEmailPrivate = form.KeepEmailPrivate
ctx.User.Website = form.Website ctx.User.Website = form.Website
ctx.User.Location = form.Location ctx.User.Location = form.Location
if len(form.Language) != 0 {
if !util.IsStringInSlice(form.Language, setting.Langs) {
ctx.Flash.Error(ctx.Tr("settings.update_language_not_found", form.Language))
ctx.Redirect(setting.AppSubURL + "/user/settings")
return
}
ctx.User.Language = form.Language ctx.User.Language = form.Language
}
ctx.User.Description = form.Description ctx.User.Description = form.Description
ctx.User.KeepActivityPrivate = form.KeepActivityPrivate ctx.User.KeepActivityPrivate = form.KeepActivityPrivate
if err := models.UpdateUserSetting(ctx.User); err != nil { if err := models.UpdateUserSetting(ctx.User); err != nil {