Fix invalid characters in team name that causes error 500 #87

Merged
Danhia merged 1 commits from Danhia/website:events/fix-teamname into main 2023-09-01 11:10:54 +02:00
2 changed files with 20 additions and 11 deletions
Showing only changes of commit 3d86f21ba2 - Show all commits

View File

@ -16,6 +16,9 @@
{% if registered == False %} {% if registered == False %}
<span class="message error-msg">{% trans "You need to be registered to the event." %}</span> <span class="message error-msg">{% trans "You need to be registered to the event." %}</span>
{% else %} {% else %}
{% if invalid == True %}
<span class="message error-msg">{% trans "Invalid characters in name" %}</span>
{% endif %}
{% if exist == True %} {% if exist == True %}
<span class="message error-msg">{% trans "Name already taken." %}</span> <span class="message error-msg">{% trans "Name already taken." %}</span>
{% endif %} {% endif %}

View File

@ -13,10 +13,13 @@ from random import randint
def create_team(request, event_slug): def create_team(request, event_slug):
ev = get_object_or_404(Event, slug=event_slug) ev = get_object_or_404(Event, slug=event_slug)
if request.method == 'POST': if request.method == 'POST':
teamname = request.POST.get('teamname')
if request.user.is_authenticated and ev.team_size > 1: if request.user.is_authenticated and ev.team_size > 1:
if Team.objects.filter(name=request.POST.get('teamname'), event=ev).exists(): if any(c in set('./') for c in teamname):
return render(request, 'events/create_team.html', {'event' : ev, 'logged': True, 'wrongpwd': False, 'registered' : True, 'exist' : False, 'invalid' : True})
if Team.objects.filter(name=teamname, event=ev).exists():
return render(request, 'events/create_team.html', {'event' : ev, 'logged': True, 'wrongpwd': False, 'registered' : True, 'exist' : True}) return render(request, 'events/create_team.html', {'event' : ev, 'logged': True, 'wrongpwd': False, 'registered' : True, 'exist' : True})
new = Team(name=request.POST.get('teamname'), password=request.POST.get('password'), event=ev) new = Team(name=teamname, password=request.POST.get('password'), event=ev)
new.save() new.save()
player = EventPlayer.objects.get(user=request.user, event=ev) player = EventPlayer.objects.get(user=request.user, event=ev)
player.team = new player.team = new
@ -115,9 +118,10 @@ def manage_team(request, event_slug):
pname = p_form.cleaned_data['name'] pname = p_form.cleaned_data['name']
if pname == tname: if pname == tname:
pass pass
else: elif any(c in set('./') for c in pname):
if Team.objects.filter(name=pname, event=event_info).exists(): error = _("Invalid characters in name")
error = _("Name already taken.") elif Team.objects.filter(name=pname, event=event_info).exists():
error = _("Name already taken.")
ppassword = p_form.cleaned_data['password'] ppassword = p_form.cleaned_data['password']
if error is None: if error is None:
p_form.save() p_form.save()
@ -137,18 +141,20 @@ def leave_team(request, event_slug):
player = EventPlayer.objects.get(user=request.user, event=event_info) player = EventPlayer.objects.get(user=request.user, event=event_info)
team = Team.objects.get(event=event_info, name=player.team.name) team = Team.objects.get(event=event_info, name=player.team.name)
team.score -= player.score
team.save()
player.team = None player.team = None
player.save()
members = EventPlayer.objects.filter(team=team, event=event_info)
if members.count() == 0:
team.delete()
else:
team.score -= player.score
team.save()
solved = CTF_flags.objects.filter(user=player.user, ctf__event=event_info) solved = CTF_flags.objects.filter(user=player.user, ctf__event=event_info)
player.score = 0 player.score = 0
solved.delete() solved.delete()
player.save() player.save()
members = EventPlayer.objects.filter(team=team, event=event_info)
if members.count() == 0:
team.delete()
return redirect('events:event_info', event_slug=event_slug) return redirect('events:event_info', event_slug=event_slug)
@login_required @login_required