From 27cd5336547476aec92bc37caf57834a9ebf5b42 Mon Sep 17 00:00:00 2001 From: moson Date: Thu, 12 Oct 2023 18:09:07 +0200 Subject: [PATCH] fix: Skip setting existing context values When setting up a context with user provided variables, we should not override any existing values previously set. Signed-off-by: moson --- aurweb/templates.py | 2 +- test/test_templates.py | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/aurweb/templates.py b/aurweb/templates.py index d20cbe85..1fbb7f21 100644 --- a/aurweb/templates.py +++ b/aurweb/templates.py @@ -112,7 +112,7 @@ async def make_variable_context(request: Request, title: str, next: str = None): for k, v in to_copy.items(): if k == "timezone": context[k] = v if v in time.SUPPORTED_TIMEZONES else DEFAULT_TIMEZONE - else: + elif k not in context: context[k] = v context["q"] = dict(request.query_params) diff --git a/test/test_templates.py b/test/test_templates.py index 6e0d27ac..2a3dac28 100644 --- a/test/test_templates.py +++ b/test/test_templates.py @@ -368,3 +368,13 @@ async def test_make_variable_context_timezone(user: User, package: Package): request, "Test Details", next="/packages/test" ) assert context["timezone"] in time.SUPPORTED_TIMEZONES + + +@pytest.mark.asyncio +async def test_make_variable_context_params(): + request = Request(url="/test", query_params={"request": "test", "x": "test"}) + context = await make_variable_context(request, "Test") + + # make sure we can't override our Request object with a query parameter + assert context["request"] != "test" + assert context["x"] == "test"