From 5decf62c5d2f9e90fb3e59508ad9bc99c49c9954 Mon Sep 17 00:00:00 2001 From: Benton Snyder Date: Thu, 13 Feb 2025 18:54:48 -0500 Subject: [PATCH] Regex validate query title and remove exception text from email. --- explorer/models.py | 9 ++++++++- explorer/tasks.py | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/explorer/models.py b/explorer/models.py index 67939df8..d03aedb8 100644 --- a/explorer/models.py +++ b/explorer/models.py @@ -7,6 +7,7 @@ from django.db import DatabaseError, models, transaction from django.urls import reverse from django.utils.translation import gettext_lazy as _ +from django.core.validators import RegexValidator from explorer import app_settings from explorer.telemetry import Stat, StatNames @@ -27,7 +28,13 @@ class Query(models.Model): - title = models.CharField(max_length=255) + title = models.CharField(max_length=255, validators=[ + RegexValidator( + r"^[a-zA-Z0-9\s\.\-\_]+$", + "Title contains invalid characters. " + "Only alphanumeric characters, spaces, periods, hyphens, and underscores are allowed." + ) + ]) sql = models.TextField(blank=False, null=False) description = models.TextField(blank=True) created_by_user = models.ForeignKey( diff --git a/explorer/tasks.py b/explorer/tasks.py index e694a22b..5d6481d5 100644 --- a/explorer/tasks.py +++ b/explorer/tasks.py @@ -47,7 +47,7 @@ def execute_query(query_id, email_address): msg = f"Download results:\n\r{url}" except Exception as e: subj = f"[SQL Explorer] Error running report {q.title}" - msg = f"Error: {e}\nPlease contact an administrator" + msg = "Please contact an administrator." logger.exception(f"{subj}: {e}") send_mail(subj, msg, app_settings.FROM_EMAIL, [email_address])