fix: cache_ttl config validation; ticket_web_url via tojson in base.html
Lint / Python (flake8) (push) Failing after 44s
Lint / JS (eslint) (push) Successful in 8s
Security / Python Security (bandit) (push) Successful in 42s
Test / Python Tests (pytest) (push) Failing after 1m13s
Lint / Notify on failure (push) Successful in 4s
Lint / Deploy (push) Has been skipped
Lint / Python (flake8) (push) Failing after 44s
Lint / JS (eslint) (push) Successful in 8s
Security / Python Security (bandit) (push) Successful in 42s
Test / Python Tests (pytest) (push) Failing after 1m13s
Lint / Notify on failure (push) Successful in 4s
Lint / Deploy (push) Has been skipped
- app.py: wrap int(cache_ttl) in try/except so a misconfigured non-integer value falls back to 3600 instead of raising ValueError - base.html: use Jinja2 tojson filter for ticket_web_url to ensure proper JS string escaping regardless of URL contents Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -543,7 +543,11 @@ def api_avatar():
|
||||
os.makedirs(cache_dir, exist_ok=True)
|
||||
cache_file = os.path.join(cache_dir, f'user_{safe_name}.jpg')
|
||||
sentinel = os.path.join(cache_dir, f'user_{safe_name}.none')
|
||||
cache_ttl = int(ldap_cfg.get('cache_ttl', 3600))
|
||||
try:
|
||||
cache_ttl = int(ldap_cfg.get('cache_ttl', 3600))
|
||||
except (ValueError, TypeError):
|
||||
logger.warning('Invalid cache_ttl in ldap config; using default 3600')
|
||||
cache_ttl = 3600
|
||||
|
||||
now = time.time()
|
||||
|
||||
|
||||
+1
-1
@@ -313,7 +313,7 @@
|
||||
|
||||
<script>
|
||||
const GANDALF_CONFIG = {
|
||||
ticket_web_url: "{{ config.get('ticket_api', {}).get('web_url', 'http://t.lotusguild.org/ticket/') }}"
|
||||
ticket_web_url: {{ config.get('ticket_api', {}).get('web_url', 'http://t.lotusguild.org/ticket/') | tojson }}
|
||||
};
|
||||
</script>
|
||||
<script src="{{ url_for('static', filename='app.js') }}"></script>
|
||||
|
||||
Reference in New Issue
Block a user