From e7a3847e48e72f80f860bf104dcb8a0c4839106f Mon Sep 17 00:00:00 2001 From: Diana Huang Date: Wed, 28 Aug 2013 17:43:01 -0400 Subject: [PATCH] More validation to the free-form price text box and allow for decimal places --- common/djangoapps/course_modes/views.py | 16 ++++++++++++---- lms/djangoapps/verify_student/views.py | 9 +++++++-- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/common/djangoapps/course_modes/views.py b/common/djangoapps/course_modes/views.py index b3c3e0bbfb..f00bd62d93 100644 --- a/common/djangoapps/course_modes/views.py +++ b/common/djangoapps/course_modes/views.py @@ -1,3 +1,4 @@ +import decimal from django.core.urlresolvers import reverse from django.http import ( HttpResponse, HttpResponseBadRequest, HttpResponseForbidden, Http404 @@ -63,15 +64,22 @@ class ChooseModeView(View): amount = request.POST.get("contribution") or \ request.POST.get("contribution-other-amt") or 0 - donation_for_course = request.session.get("donation_for_course", {}) - donation_for_course[course_id] = amount - request.session["donation_for_course"] = donation_for_course + try: + # validate the amount passed in and force it into two digits + amount_value = decimal.Decimal(amount).quantize(decimal.Decimal('.01'), rounding=decimal.ROUND_DOWN) + except decimal.InvalidOperation: + error_msg = _("Invalid amount selected.") + return self.get(request, error=error_msg) # Check for minimum pricing - if int(amount) < mode_info.min_price: + if amount_value < mode_info.min_price: error_msg = _("No selected price or selected price is too low.") return self.get(request, error=error_msg) + donation_for_course = request.session.get("donation_for_course", {}) + donation_for_course[course_id] = donation_for_course + request.session["donation_for_course"] = donation_for_course + return redirect( "{}?{}".format( reverse('verify_student_show_requirements'), diff --git a/lms/djangoapps/verify_student/views.py b/lms/djangoapps/verify_student/views.py index 5a14f5f38e..1b8e1ca56e 100644 --- a/lms/djangoapps/verify_student/views.py +++ b/lms/djangoapps/verify_student/views.py @@ -4,6 +4,7 @@ """ import json import logging +import decimal from mitxmako.shortcuts import render_to_response @@ -68,19 +69,23 @@ def create_order(request): course_id = request.POST['course_id'] contribution = request.POST.get("contribution", 0) + try: + amount = decimal.Decimal(contribution).quantize(decimal.Decimal('.01'), rounding=decimal.ROUND_DOWN) + except decimal.InvalidOperation: + return HttpResponseBadRequest(_("Selected price is not valid number.")) verified_mode = CourseMode.modes_for_course_dict(course_id).get('verified', None) # make sure this course has a verified mode if not verified_mode: return HttpResponseBadRequest(_("This course doesn't support verified certificates")) - if int(contribution) < verified_mode.min_price: + if amount < verified_mode.min_price: return HttpResponseBadRequest(_("No selected price or selected price is below minimum.")) # I know, we should check this is valid. All kinds of stuff missing here cart = Order.get_cart_for_user(request.user) cart.clear() - CertificateItem.add_to_order(cart, course_id, contribution, 'verified') + CertificateItem.add_to_order(cart, course_id, amount, 'verified') params = get_signed_purchase_params(cart)