wcs: do not crash on POST with invalid cell identifiers (#24147)
This commit is contained in:
parent
8630b9ee32
commit
d245938ecc
|
@ -17,7 +17,7 @@
|
|||
import urlparse
|
||||
|
||||
from django.contrib import messages
|
||||
from django.http import HttpResponseRedirect
|
||||
from django.http import HttpResponseRedirect, HttpResponseBadRequest
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from django.views.generic import View
|
||||
|
@ -38,7 +38,10 @@ class TrackingCodeView(View):
|
|||
return super(TrackingCodeView, self).dispatch(*args, **kwargs)
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
cell = TrackingCodeInputCell.objects.get(id=request.POST['cell'])
|
||||
try:
|
||||
cell = TrackingCodeInputCell.objects.get(id=request.POST['cell'])
|
||||
except (ValueError, TrackingCodeInputCell.DoesNotExist):
|
||||
return HttpResponseBadRequest('Invalid cell id')
|
||||
code = request.POST['code']
|
||||
if cell.wcs_site:
|
||||
wcs_sites = [get_wcs_services().get(cell.wcs_site)]
|
||||
|
|
|
@ -586,3 +586,14 @@ def test_tracking_code_cell(app):
|
|||
resp.form['code'] = 'CNPHNTFB'
|
||||
resp = resp.form.submit()
|
||||
assert resp.location == 'http://example.net/?foo=bar&unknown-tracking-code'
|
||||
|
||||
# error handling
|
||||
resp = app.get('/')
|
||||
resp.form['cell'] = '9999'
|
||||
resp.form['code'] = 'CNPHNTFB'
|
||||
resp = resp.form.submit(status=400)
|
||||
|
||||
resp = app.get('/')
|
||||
resp.form['cell'] = 'xxxx'
|
||||
resp.form['code'] = 'CNPHNTFB'
|
||||
resp = resp.form.submit(status=400)
|
||||
|
|
Loading…
Reference in New Issue