From 542dff194eecdff937b6fd871fc12514550750be Mon Sep 17 00:00:00 2001 From: Julia Hansbrough Date: Tue, 13 May 2014 20:32:08 +0000 Subject: [PATCH] Fix improper parsing of location string --- lms/djangoapps/courseware/tests/test_views.py | 25 ++++++++++++++++--- lms/djangoapps/courseware/views.py | 3 ++- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/lms/djangoapps/courseware/tests/test_views.py b/lms/djangoapps/courseware/tests/test_views.py index 830b69e83e..37f8a0f3e4 100644 --- a/lms/djangoapps/courseware/tests/test_views.py +++ b/lms/djangoapps/courseware/tests/test_views.py @@ -79,15 +79,19 @@ class ViewsTestCase(TestCase): Tests for views.py methods. """ def setUp(self): + course = CourseFactory() + chapter = ItemFactory(category='chapter', parent_location=course.location) # pylint: disable=no-member + section = ItemFactory(category='sequential', parent_location=chapter.location, due=datetime(2013, 9, 18, 11, 30, 00)) + vertical = ItemFactory(category='vertical', parent_location=section.location) + self.component = ItemFactory(category='problem', parent_location=vertical.location) + + self.course_key = course.id self.user = User.objects.create(username='dummy', password='123456', email='test@mit.edu') self.date = datetime(2013, 1, 22, tzinfo=UTC) - self.course_key = SlashSeparatedCourseKey('edX', 'toy', '2012_Fall') self.enrollment = CourseEnrollment.enroll(self.user, self.course_key) self.enrollment.created = self.date self.enrollment.save() - self.location = ['tag', 'org', 'course', 'category', 'name'] - self.request_factory = RequestFactory() chapter = 'Overview' self.chapter_url = '%s/%s/%s' % ('/courses', self.course_key, chapter) @@ -244,6 +248,21 @@ class ViewsTestCase(TestCase): # clean up course modes CourseMode.objects.all().delete() + def test_submission_history_accepts_valid_ids(self): + # log into a staff account + admin = AdminFactory() + + self.client.login(username=admin.username, password='test') + + url = reverse('submission_history', kwargs={ + 'course_id': self.course_key.to_deprecated_string(), + 'student_username': 'dummy', + 'location': unicode(self.component.location) + }) + response = self.client.get(url) + # Tests that we do not get an "Invalid x" response when passing correct arguments to view + self.assertFalse('Invalid' in response.content) + def test_submission_history_xss(self): # log into a staff account admin = AdminFactory() diff --git a/lms/djangoapps/courseware/views.py b/lms/djangoapps/courseware/views.py index 06d702b204..ea93377266 100644 --- a/lms/djangoapps/courseware/views.py +++ b/lms/djangoapps/courseware/views.py @@ -46,6 +46,7 @@ from opaque_keys import InvalidKeyError from microsite_configuration import microsite from xmodule.modulestore.locations import SlashSeparatedCourseKey +from xmodule.modulestore.keys import UsageKey log = logging.getLogger("edx.courseware") @@ -739,7 +740,7 @@ def submission_history(request, course_id, student_username, location): return HttpResponse(escape(_(u'Invalid course id.'))) try: - usage_key = course_key.make_usage_key_from_deprecated_string(location) + usage_key = UsageKey.from_string(location) except (InvalidKeyError, AssertionError): return HttpResponse(escape(_(u'Invalid location.')))