From 637fc9141382d4915a9bd09c5fa08311e716826b Mon Sep 17 00:00:00 2001
From: BaiJiangJie <bugatti_it@163.com>
Date: Tue, 30 Jul 2019 12:52:45 +0800
Subject: [PATCH 1/2] =?UTF-8?q?[Update]=20=E5=AF=86=E7=A0=81=E8=BF=87?=
 =?UTF-8?q?=E6=9C=9F=E9=82=AE=E4=BB=B6=E5=8F=91=E9=80=81=EF=BC=88=E5=AF=86?=
 =?UTF-8?q?=E7=A0=81=E6=9C=AA=E8=BF=87=E6=9C=9F=E7=94=A8=E6=88=B7&?=
 =?UTF-8?q?=E6=9C=89=E6=95=88=E7=94=A8=E6=88=B7=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/users/models/user.py | 2 +-
 apps/users/tasks.py       | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index 23587b1f1..a6cdf9f0e 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -111,7 +111,7 @@ class AuthMixin:
 
     @property
     def password_will_expired(self):
-        if self.is_local and self.password_expired_remain_days < 5:
+        if self.is_local and 0 <= self.password_expired_remain_days < 5:
             return True
         return False
 
diff --git a/apps/users/tasks.py b/apps/users/tasks.py
index ca8ea73da..ab025cae3 100644
--- a/apps/users/tasks.py
+++ b/apps/users/tasks.py
@@ -20,13 +20,13 @@ logger = get_logger(__file__)
 def check_password_expired():
     users = User.objects.exclude(role=User.ROLE_APP)
     for user in users:
+        if not user.is_valid:
+            continue
         if not user.password_will_expired:
             continue
-
         send_password_expiration_reminder_mail(user)
-        logger.info("The user {} password expires in {} days".format(
-            user, user.password_expired_remain_days)
-        )
+        msg = "The user {} password expires in {} days"
+        logger.info(msg.format(user, user.password_expired_remain_days))
 
 
 @shared_task

From a7066a5c856832b68e7046b39be657cc6cf478ad Mon Sep 17 00:00:00 2001
From: BaiJiangJie <bugatti_it@163.com>
Date: Tue, 30 Jul 2019 15:10:14 +0800
Subject: [PATCH 2/2] [Update] htmlEscape

---
 apps/perms/templates/perms/asset_permission_list.html | 3 ++-
 apps/terminal/templates/terminal/terminal_list.html   | 5 +++--
 apps/users/templates/users/user_group_list.html       | 3 ++-
 apps/users/templates/users/user_list.html             | 5 +++--
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/apps/perms/templates/perms/asset_permission_list.html b/apps/perms/templates/perms/asset_permission_list.html
index 122635763..95a92f16b 100644
--- a/apps/perms/templates/perms/asset_permission_list.html
+++ b/apps/perms/templates/perms/asset_permission_list.html
@@ -174,10 +174,11 @@ function initTable() {
 				}
             }},
             {targets: 8, createdCell: function (td, cellData, rowData) {
+                var name = htmlEscape(rowData.name);
                 var update_btn = '<a href="{% url "perms:asset-permission-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
                 var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-del" data-uid="{{ DEFAULT_PK }}" mark=1 data-name="99991938">{% trans "Delete" %}</a>'
                     .replace('{{ DEFAULT_PK }}', cellData)
-                    .replace('99991938', rowData.name);
+                    .replace('99991938', name);
                 if (rowData.inherit) {
                     del_btn = del_btn.replace("mark", "disabled")
                 }
diff --git a/apps/terminal/templates/terminal/terminal_list.html b/apps/terminal/templates/terminal/terminal_list.html
index 6676a26ab..53325694b 100644
--- a/apps/terminal/templates/terminal/terminal_list.html
+++ b/apps/terminal/templates/terminal/terminal_list.html
@@ -69,16 +69,17 @@ function initTable() {
                 }
             }},
             {targets: 6, createdCell: function (td, cellData, rowData) {
+                var name = htmlEscape(rowData.name);
                 var update_btn = '<a href="{% url "terminal:terminal-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'
                         .replace('{{ DEFAULT_PK }}', cellData);
                 var delete_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-del" data-id="{{ DEFAULT_PK }}" data-name="99991938">{% trans "Delete" %}</a>'
                         .replace('{{ DEFAULT_PK }}', cellData)
-                        .replace('99991938', rowData.name);
+                        .replace('99991938', name);
                 var accept_btn = '<a class="btn btn-xs btn-primary btn-accept" data-id="{{ DEFAULT_PK }}">{% trans "Accept" %}</a> '
                         .replace('{{ DEFAULT_PK }}', cellData);
                 var reject_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-del" data-id="{{ DEFAULT_PK }}" data-name="99991938">{% trans "Reject" %}</a>'
                         .replace('{{ DEFAULT_PK }}', cellData)
-                        .replace('99991938', rowData.name);
+                        .replace('99991938', name);
                 if (rowData.is_accepted) {
                     $(td).html(update_btn + delete_btn);
                 } else {
diff --git a/apps/users/templates/users/user_group_list.html b/apps/users/templates/users/user_group_list.html
index 8d3bd3245..c2fa87357 100644
--- a/apps/users/templates/users/user_group_list.html
+++ b/apps/users/templates/users/user_group_list.html
@@ -67,11 +67,12 @@ function initTable() {
                 $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
              }},
             {targets: 4, createdCell: function (td, cellData, rowData) {
+                var name = htmlEscape(rowData.name);
                 var update_btn = '<a href="{% url "users:user-group-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'
                         .replace('{{ DEFAULT_PK }}', cellData);
                 var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_delete_user_group" data-gid="{{ DEFAULT_PK }}" data-name="99991938">{% trans "Delete" %}</a>'
                         .replace('{{ DEFAULT_PK }}', cellData)
-                        .replace('99991938', rowData.name);
+                        .replace('99991938', name);
                 if (rowData.id === 1) {
                     $(td).html(update_btn)
                 } else {
diff --git a/apps/users/templates/users/user_list.html b/apps/users/templates/users/user_list.html
index 0c74640de..a2bfde461 100644
--- a/apps/users/templates/users/user_list.html
+++ b/apps/users/templates/users/user_list.html
@@ -97,6 +97,7 @@ function initTable() {
                 }
              }},
             {targets: 7, createdCell: function (td, cellData, rowData) {
+                var name = htmlEscape(rowData.name);
                 var update_btn = "";
                 if (rowData.role === 'Admin' && ('{{ request.user.role }}' !== 'Admin')) {
                     update_btn = '<a class="btn btn-xs disabled btn-info">{% trans "Update" %}</a>';
@@ -109,11 +110,11 @@ function initTable() {
                 if (rowData.id === 1 || rowData.username === "admin" || rowData.username === "{{ request.user.username }}" || (rowData.role === 'Admin' && ('{{ request.user.role }}' !== 'Admin'))) {
                     del_btn = '<a class="btn btn-xs btn-danger m-l-xs" disabled>{% trans "Delete" %}</a>'
                             .replace('{{ DEFAULT_PK }}', cellData)
-                            .replace('99991938', rowData.name);
+                            .replace('99991938', name);
                 } else {
                     del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_user_delete" data-uid="{{ DEFAULT_PK }}" data-name="99991938">{% trans "Delete" %}</a>'
                             .replace('{{ DEFAULT_PK }}', cellData)
-                            .replace('99991938', rowData.name);
+                            .replace('99991938', name);
                 }
                 $(td).html(update_btn + del_btn)
              }}],