From ee1591df11427fbfa2ed05e841d7ecec70d06923 Mon Sep 17 00:00:00 2001 From: benero Date: Wed, 16 Oct 2024 20:55:12 +0800 Subject: [PATCH] =?UTF-8?q?minor:=20=E5=85=BC=E5=AE=B9=E7=AC=AC=E4=B8=89?= =?UTF-8?q?=E6=96=B9=E5=BA=94=E7=94=A8=E4=BC=A0=E9=80=92=20json=20?= =?UTF-8?q?=E5=86=85=E5=AE=B9=20--story=3D119593627?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/RELEASE.md | 1 + docs/RELEASE_EN.md | 2 ++ itsm/ticket/models/ticket.py | 59 +++++++++++++++++++++--------------- 3 files changed, 38 insertions(+), 24 deletions(-) diff --git a/docs/RELEASE.md b/docs/RELEASE.md index 0b858fcf..fe077872 100644 --- a/docs/RELEASE.md +++ b/docs/RELEASE.md @@ -1,6 +1,7 @@ # Changelog ## [Version: 2.7.1] - 2024-10-15 【新增】pipeline管理工具集成 +【修复】兼容第三方应用传递 json 内容 ## [Version: 2.7.0] - 2024-10-10 【新增】通知人员黑名单过滤 diff --git a/docs/RELEASE_EN.md b/docs/RELEASE_EN.md index ff261b9d..b1a2716a 100644 --- a/docs/RELEASE_EN.md +++ b/docs/RELEASE_EN.md @@ -1,6 +1,8 @@ # Changelog ## [Version: 2.7.1] - 2024-10-15 【Feature】Integrated pipeline management tool. +【Fix】Ensure compatibility for third-party applications transmitting JSON content. + ## [Version: 2.7.0] - 2024-10-10 【Feature】Notification recipient blacklist filtering. diff --git a/itsm/ticket/models/ticket.py b/itsm/ticket/models/ticket.py index a6a924e2..a0d9af10 100644 --- a/itsm/ticket/models/ticket.py +++ b/itsm/ticket/models/ticket.py @@ -654,8 +654,8 @@ def log_detail(self, processors_type, processors): [ _(role.name) for role in UserRole.objects.filter( - id__in=processors.split(",") - ) + id__in=processors.split(",") + ) ] ), ) @@ -1405,7 +1405,7 @@ def get_meta(self, is_filter_sensitive_info=True): if not is_filter_sensitive_info: return self.meta return filter_sensitive_info(self.meta) - + @property def task_schemas(self): # todo 测试后删除 @@ -1915,8 +1915,8 @@ def is_running(self): return ( self.current_status in TicketStatus.objects.filter( - service_type=self.service_type, is_over=False - ).values_list("key", flat=True) + service_type=self.service_type, is_over=False + ).values_list("key", flat=True) and self.current_status != SUSPEND ) @@ -2256,8 +2256,8 @@ def has_perm(self, username): [ status.can_operate(username) for status in self.node_status.filter( - status__in=Status.CAN_OPERATE_STATUS - ) + status__in=Status.CAN_OPERATE_STATUS + ) ] ) @@ -2273,8 +2273,8 @@ def can_view(self, username): or username in self.task_operators or self.can_operate(username) or AttentionUsers.objects.filter( - ticket_id=self.id, follower=username - ).exists() + ticket_id=self.id, follower=username + ).exists() ): # 与单据操作相关的人,都是可以查看的 return True @@ -2336,10 +2336,10 @@ def can_close(self, username): if ( self.is_over or not StatusTransit.objects.filter( - service_type=self.service_type, - from_status__key=self.current_status, - to_status__is_over=True, - ).exists() + service_type=self.service_type, + from_status__key=self.current_status, + to_status__is_over=True, + ).exists() ): # 当前状态无法到达关闭的时候,不可以进行关闭操作按钮 return False @@ -3085,9 +3085,20 @@ def fill_state_fields(self, fields): filter_field_query_set = self.fields.filter(key__in=fields_map.keys()) for ticket_field in filter_field_query_set: ticket_field.value = fields_map[ticket_field.key]["value"] - # 针对非附件类型的组件进行 xss 过滤 - if isinstance(ticket_field.value, str) and ticket_field.type != "FILE": - ticket_field.value = texteditor_escape(ticket_field.value) + if isinstance(ticket_field.value, str): + need_escape = True + # 附件不做xss处理 + if ticket_field.type == "FILE": + need_escape = False + # 如果文本是 json 格式,则不额外处理 + if ticket_field.type == "TEXT": + try: + json.loads(ticket_field.value) + need_escape = False + except Exception: + pass + if need_escape: + ticket_field.value = texteditor_escape(ticket_field.value) ticket_field.choice = fields_map[ticket_field.key].get("choice", []) language_config = ( @@ -3175,7 +3186,7 @@ def _formatted(pros_type, pros, ticket): for user in f_value.split(","): # 历史数据中多选人员选择字段存入了中文名: miya(miya),暂时兼容 - username = user[0 : user.find("(")] if "(" in user else user + username = user[0: user.find("(")] if "(" in user else user var_pros = "{},{}".format(var_pros, username) # 取到第一个处理人则停止解析 @@ -3253,13 +3264,13 @@ def _formatted(pros_type, pros, ticket): action_type = ( SYSTEM_OPERATE if state.type - in [ - TASK_STATE, - TASK_SOPS_STATE, - TASK_DEVOPS_STATE, - WEBHOOK_STATE, - BK_PLUGIN_STATE, - ] + in [ + TASK_STATE, + TASK_SOPS_STATE, + TASK_DEVOPS_STATE, + WEBHOOK_STATE, + BK_PLUGIN_STATE, + ] else TRANSITION_OPERATE )