vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix(user): stricter name validation

Browse source 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
This commit is contained in:
Akhil Narang 2025-03-12 16:48:54 +05:30
parent 48d3a86144
commit e5c75c3874
No known key found for this signature in database
GPG key ID: 9DCC61E211BF645F
1 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
frappe/core/doctype/user/user.py
View file

@ -31,7 +31,8 @@ from frappe.utils import (
now_datetime,
today,
)
from frappe.utils.data import sha256_hash, strip_html
from frappe.utils.data import sha256_hash
from frappe.utils.html_utils import sanitize_html
from frappe.utils.password import check_password, get_password_reset_limit
from frappe.utils.password import update_password as _update_password
from frappe.utils.user import get_system_managers
@ -312,12 +313,9 @@ class User(Document):
return self.name == frappe.session.user
def clean_name(self):
if self.first_name:
self.first_name = strip_html(self.first_name)
if self.middle_name:
self.middle_name = strip_html(self.middle_name)
if self.last_name:
self.last_name = strip_html(self.last_name)
for field in ("first_name", "middle_name", "last_name"):
if field_value := self.get(field):
self.set(field, sanitize_html(field_value, always_sanitize=True))
def set_full_name(self):
self.full_name = " ".join(filter(None, [self.first_name, self.last_name]))