From 37b200295cf2218cc83f7e773c08e6761d6da603 Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Sat, 21 Jan 2023 19:03:43 +0000 Subject: [PATCH] Fix crash on empty display name --- app/blueprints/users/settings.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/app/blueprints/users/settings.py b/app/blueprints/users/settings.py index 98bf9f8b..ef57882f 100644 --- a/app/blueprints/users/settings.py +++ b/app/blueprints/users/settings.py @@ -47,7 +47,7 @@ def get_setting_tabs(user): class UserProfileForm(FlaskForm): - display_name = StringField(lazy_gettext("Display Name"), [Optional(), Length(1, 20)], filters=[lambda x: nonEmptyOrNone(x)]) + display_name = StringField(lazy_gettext("Display Name"), [Optional(), Length(1, 20)], filters=[lambda x: nonEmptyOrNone(x.strip())]) website_url = StringField(lazy_gettext("Website URL"), [Optional(), URL()], filters = [lambda x: x or None]) donate_url = StringField(lazy_gettext("Donation URL"), [Optional(), URL()], filters = [lambda x: x or None]) submit = SubmitField(lazy_gettext("Save")) @@ -58,21 +58,24 @@ def handle_profile_edit(form: UserProfileForm, user: User, username: str): addAuditLog(severity, current_user, "Edited {}'s profile".format(user.display_name), url_for("users.profile", username=username)) + display_name = form.display_name.data or user.username if user.checkPerm(current_user, Permission.CHANGE_DISPLAY_NAME) and \ - user.display_name != form.display_name.data: + user.display_name != display_name: + if User.query.filter(User.id != user.id, - or_(User.username == form.display_name.data, - User.display_name.ilike(form.display_name.data))).count() > 0: + or_(User.username == display_name, + User.display_name.ilike(display_name))).count() > 0: flash(gettext("A user already has that name"), "danger") return None + alias_by_name = PackageAlias.query.filter(or_( - PackageAlias.author == form.display_name.data)).first() + PackageAlias.author == display_name)).first() if alias_by_name: flash(gettext("A user already has that name"), "danger") return - user.display_name = form.display_name.data + user.display_name = display_name severity = AuditSeverity.USER if current_user == user else AuditSeverity.MODERATION addAuditLog(severity, current_user, "Changed display name of {} to {}"