Skip to content

fix: strip whitespace and handle null values in instance configuration #9239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
okxint wants to merge 1 commit into
base: preview
Choose a base branch
from
+2 −1
Open

fix: strip whitespace and handle null values in instance configuration #9239

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion apps/api/plane/license/api/views/configuration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,8 @@ def patch(self, request):

bulk_configurations = []
for configuration in configurations:
value = request.data.get(configuration.key, configuration.value)
raw_value = request.data.get(configuration.key, configuration.value)
value = "" if raw_value is None else str(raw_value).strip()
Comment on lines +48 to +49

@coderabbitai coderabbitai Bot Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for configuration keys that are compared to "0" or "1" strings
rg -n -C2 'EMAIL_USE_TLS|EMAIL_USE_SSL|ENABLE_SMTP' --type=py

# Search for any validation or serializer logic for InstanceConfiguration
ast-grep --pattern 'class InstanceConfigurationSerializer($$$) {
  $$$
}'

# Check if request.data typing or validation constrains boolean flags
rg -n 'InstanceConfiguration.*patch|def patch.*InstanceConfiguration' --type=py -A 10

Repository: makeplane/plane

Length of output: 17116

🏁 Script executed:

# Read the configuration.py file to see the full patch method context
cat -n apps/api/plane/license/api/views/configuration.py | head -60

Repository: makeplane/plane

Length of output: 2836

🏁 Script executed:

# Search for InstanceConfiguration model definition
rg -n 'class InstanceConfiguration' --type=py -A 10

Repository: makeplane/plane

Length of output: 3171

🏁 Script executed:

# Search for any serializer related to InstanceConfiguration
rg -n 'InstanceConfiguration.*Serializer|class.*Serializer.*InstanceConfiguration' --type=py -A 15

Repository: makeplane/plane

Length of output: 5740

🏁 Script executed:

# Check if there's any type conversion or validation for boolean fields
rg -n 'BooleanField|to_internal_value|validate' apps/api/plane/license/api/ --type=py | head -20

Repository: makeplane/plane

Length of output: 1715

🏁 Script executed:

# Check if there are any tests or examples showing what format is sent to the patch endpoint
rg -n 'EMAIL_USE_TLS|EMAIL_USE_SSL|ENABLE_SMTP' apps/api/plane/license/api/tests/ --type=py -A 2 -B 2 2>/dev/null || echo "No tests found"

Repository: makeplane/plane

Length of output: 74

🏁 Script executed:

# Check frontend/migrations to see if booleans might be sent
fd -e ts -e tsx -e js apps/web 2>/dev/null | head -5

Repository: makeplane/plane

Length of output: 41

Handle boolean-to-string conversion for flag-type configurations.

The str() coercion on line 49 converts boolean True/False to strings "True"/"False", but boolean flag configurations like EMAIL_USE_TLS and EMAIL_USE_SSL are compared as "1" or "0" strings throughout the codebase (e.g., use_tls=EMAIL_USE_TLS == "1"). If the frontend sends actual boolean types for these flags, the sanitization produces incorrect string values that fail equality checks.

The InstanceConfigurationSerializer has no custom field definitions or type validation (fields = "__all__"), so booleans pass through unchecked. Add explicit handling to convert boolean values to the expected string format:

value = "" if raw_value is None else str(raw_value).strip()
# For boolean flags, convert to "1" or "0"
if isinstance(raw_value, bool):
    value = "1" if raw_value else "0"
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/api/plane/license/api/views/configuration.py` around lines 48 - 49, In
the configuration sanitization logic where raw_value is converted to a string
using str(), add explicit handling for boolean values. After the existing line
that strips the string value, check if raw_value is a boolean type using
isinstance() and convert it to "1" for True or "0" for False to match the
expected string format throughout the codebase. This ensures that boolean flag
configurations like EMAIL_USE_TLS and EMAIL_USE_SSL are properly converted to
the string representations they are compared against in equality checks,
preventing failed validations when the frontend sends actual boolean types.

if configuration.is_encrypted:
configuration.value = encrypt_data(value)
else:
Expand Down
Loading