Parse input of search filters to prevent errors based on invalid regex, fixes #113

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2025-06-21 01:48:21 +02:00 · 2022-03-10 16:11:01 +01:00
parent b8f81048a5
commit 1a258dfe9e
10 changed files with 93 additions and 38 deletions
--- a/apps/api/viewsets.py
+++ b/apps/api/viewsets.py
@ -6,11 +6,11 @@ from django_filters.rest_framework import DjangoFilterBackend
 from django.db.models import Q
 from django.conf import settings
 from django.contrib.auth.models import User
-from rest_framework.filters import SearchFilter
 from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet
 from permission.backends import PermissionBackend
 from note.models import Alias

+from .filters import RegexSafeSearchFilter
 from .serializers import UserSerializer, ContentTypeSerializer


@ -107,6 +107,6 @@ class ContentTypeViewSet(ReadOnlyModelViewSet):
    """
    queryset = ContentType.objects.order_by('id')
    serializer_class = ContentTypeSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['id', 'app_label', 'model', ]
    search_fields = ['$app_label', '$model', ]