Fix #113. Fix regex in views.

2025-06-21 09:58:23 +02:00 · 2024-07-18 13:51:56 +02:00
parent 799c43f688
commit de7b91db2a
15 changed files with 147 additions and 85 deletions
--- a/apps/treasury/api/views.py
+++ b/apps/treasury/api/views.py
@ -2,7 +2,6 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django_filters.rest_framework import DjangoFilterBackend
-
 from api.filters import RegexSafeSearchFilter
 from api.viewsets import ReadProtectedModelViewSet

--- a/apps/treasury/views.py
+++ b/apps/treasury/views.py
@ -20,6 +20,7 @@ from django.views.generic import UpdateView, DetailView
 from django.views.generic.base import View, TemplateView
 from django.views.generic.edit import BaseFormView, DeleteView
 from django_tables2 import SingleTableView
+from api.viewsets import is_regex
 from note.models import SpecialTransaction, NoteSpecial, Alias
 from note_kfet.settings.base import BASE_DIR
 from permission.backends import PermissionBackend
@ -411,11 +412,16 @@ class SogeCreditListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableVi
        if "search" in self.request.GET:
            pattern = self.request.GET["search"]
            if pattern:
+                # Check if this is a valid regex. If not, we won't check regex
+                valid_regex = is_regex(pattern)
+                suffix_alias = "__iregex" if valid_regex else "__icontains"
+                suffix = "__iregex" if valid_regex else "__istartswith"
+                prefix = "^" if valid_regex else ""
                qs = qs.filter(
-                    Q(user__first_name__iregex=pattern)
-                    | Q(user__last_name__iregex=pattern)
-                    | Q(user__note__alias__name__iregex="^" + pattern)
-                    | Q(user__note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
+                    Q(**{f"user__first_name{suffix}": pattern})
+                    | Q(**{f"user__last_name{suffix}": pattern})
+                    | Q(**{f"user__note__alias__name{suffix_alias}": prefix + pattern})
+                    | Q(**{f"user__note__alias__normalized_name{suffix_alias}": prefix + Alias.normalize(pattern)})
                )

        if "valid" not in self.request.GET or not self.request.GET["valid"]: