Always set proper visibility value for template

The "new-paste" template expects `visibility` to be of the proper enum type. However, in the error path, the value for visibility comes from `valid.kwargs`, where it is a plain string. This causes the template to not set a value for visibility (no radio button selected). This will cause an exception when the user submits the paste. Reproduction is e.g. trying to submit an empty paste, then filling in some data but not selecting a visibility. This can be annoying, as the user potentially looses the already prepared files. To fix it, always pass the real visibility value to the template rendering and remove it from the kwargs. Thanks to xenrox on IRC for providing the reproduction steps. Signed-off-by: Conrad Hoffmann <ch@bitfehler.net>
2023-08-31 21:07:18 +02:00 · 2023-08-31 21:07:18 +02:00 · 627ba61ee3
parent 75d510d8f1
commit 627ba61ee3
1 changed files with 15 additions and 4 deletions
--- a/pastesrht/blueprints/public.py
+++ b/pastesrht/blueprints/public.py
@ -63,11 +63,17 @@ def new_paste_POST():
    files = json.loads(files) if files else []
    valid.kwargs.pop("files", None)

+    def dict_without(d, key):
+        new_d = d.copy()
+        new_d.pop(key)
+        return new_d
+
    if commit == "force":
        valid.errors = [] # Clear validation errors since contents is not required
        paste_id = create_paste(valid, files, visibility)
        if not valid.ok:
-            return render_template("new-paste.html", **valid.kwargs)
+            return render_template("new-paste.html", visibility=visibility,
+                    **dict_without(valid.kwargs, "visibility"))
        return redirect(url_for(".paste_GET", user=current_user.username,
                sha=paste_id))

@ -77,7 +83,9 @@ def new_paste_POST():
            valid.error("A file with this name already exists in this paste.",
                    field="filename")
    if not valid.ok:
-        return render_template("new-paste.html", files=files, **valid.kwargs)
+        return render_template("new-paste.html",
+                files=files, visibility=visibility,
+                **dict_without(valid.kwargs, "visibility"))

    sha = sha1()
    sha.update(contents.encode())
@ -91,11 +99,14 @@ def new_paste_POST():
    set_cache("paste.sr.ht:blobs:{0}".format(sha), timedelta(hours=1), contents.encode())

    if commit == "no":
-        return render_template("new-paste.html", files=files, visibility=visibility)
+        return render_template("new-paste.html",
+                files=files, visibility=visibility)

    paste_id = create_paste(valid, files, visibility)
    if not valid.ok:
-        return render_template("new-paste.html", files=files, **valid.kwargs)
+        return render_template("new-paste.html",
+                files=files, visibility=visibility,
+                **dict_without(valid.kwargs, "visibility"))
    return redirect(url_for(".paste_GET", user=current_user.username,
            sha=paste_id))