search

google-code-export / django-page-cms

Automatically exported from code.google.com/p/django-page-cms
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

Bogus page ID in location bar causes traceback. #205

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Running in debug mode will help
2. visit /admin/pages/page/add/foo/bar.jpg/ in your browser.
3.

What is the expected output? What do you see instead?

I expect some kind of error.  This is a bogus url.

What I get is a stack trace in the bowels of django.db trying to convert 
'add/foo/bar.jpg/' into an int.

Are you using the master version or a released version of this CMS on the
github repository?

1.1.3

If you can write a test that reproduce the problem, there is better chance
it will be resolved quickly.

See above.

Also, suggested fix:

in pages/admin/__init__.py, in change_view, pre-qualify object_id argument as 
being the string representation of an integer, e.g.;

        try:
            int(object_id)
        except ValueError:
            raise Http404('The "%s" part of the location is invalid.'
                          % object_id)

before attempting to do a self.model.objects.get(pk=object_id) on it.  It may 
as well even be before getting the language, since you won't be using the 
language if it fails.

Original issue reported on code.google.com by ke1g...@gmail.com on 23 Jul 2010 at 5:36

GoogleCodeExporter commented 9 years ago 
I wonder why somebody would try to do that :-). But here is the change:

http://github.com/batiste/django-page-cms/commit/e65e419eb88b9867df1f06ae73df5c2
f6c7723c0

Original comment by batiste....@gmail.com on 24 Sep 2010 at 8:21