0001-wcs-do-not-crash-on-POST-with-invalid-cell-identifie.patch
combo/apps/wcs/views.py | ||
---|---|---|
17 | 17 |
import urlparse |
18 | 18 | |
19 | 19 |
from django.contrib import messages |
20 |
from django.http import HttpResponseRedirect |
|
20 |
from django.http import HttpResponseRedirect, HttpResponseBadRequest
|
|
21 | 21 |
from django.utils.translation import ugettext_lazy as _ |
22 | 22 |
from django.views.decorators.csrf import csrf_exempt |
23 | 23 |
from django.views.generic import View |
... | ... | |
38 | 38 |
return super(TrackingCodeView, self).dispatch(*args, **kwargs) |
39 | 39 | |
40 | 40 |
def post(self, request, *args, **kwargs): |
41 |
cell = TrackingCodeInputCell.objects.get(id=request.POST['cell']) |
|
41 |
try: |
|
42 |
cell = TrackingCodeInputCell.objects.get(id=request.POST['cell']) |
|
43 |
except (ValueError, TrackingCodeInputCell.DoesNotExist): |
|
44 |
return HttpResponseBadRequest('Invalid cell id') |
|
42 | 45 |
code = request.POST['code'] |
43 | 46 |
if cell.wcs_site: |
44 | 47 |
wcs_sites = [get_wcs_services().get(cell.wcs_site)] |
tests/test_wcs.py | ||
---|---|---|
586 | 586 |
resp.form['code'] = 'CNPHNTFB' |
587 | 587 |
resp = resp.form.submit() |
588 | 588 |
assert resp.location == 'http://example.net/?foo=bar&unknown-tracking-code' |
589 | ||
590 |
# error handling |
|
591 |
resp = app.get('/') |
|
592 |
resp.form['cell'] = '0000' |
|
593 |
resp.form['code'] = 'CNPHNTFB' |
|
594 |
resp = resp.form.submit(status=400) |
|
595 | ||
596 |
resp = app.get('/') |
|
597 |
resp.form['cell'] = 'xxxx' |
|
598 |
resp.form['code'] = 'CNPHNTFB' |
|
599 |
resp = resp.form.submit(status=400) |
|
589 |
- |