Skip to content

Commit 2e3fd49

Browse files
katydidnotkatydidnot
authored
Merge pull request #462 from WikipediaLibrary/Jsn.sherman/orgs-handle-invalid-collection-id
orgs: handle invalid/missing collection ids
2 parents 7eb5c3f + 44f848e commit 2e3fd49

File tree

1 file changed

+28
-14
lines changed

1 file changed

+28
-14
lines changed

extlinks/organisations/views.py

Lines changed: 28 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -316,8 +316,10 @@ def get_editor_count(request):
316316
Ajax request for editor count (found in the Statistics table)
317317
"""
318318
form_data = json.loads(request.GET.get("form_data", "{}"))
319-
collection_id = int(request.GET.get("collection", None))
320-
collection = Collection.objects.get(id=collection_id)
319+
collection_id = request.GET.get("collection")
320+
if not isinstance(collection_id, str) or not collection_id.isdigit():
321+
return JsonResponse({})
322+
collection = Collection.objects.get(id=int(collection_id))
321323

322324
queryset_filter = build_queryset_filters(form_data, {"collection": collection})
323325
aggregates = UserAggregate.objects.filter(queryset_filter)
@@ -353,8 +355,10 @@ def get_project_count(request):
353355
Ajax request for project count (found in the Statistics table)
354356
"""
355357
form_data = json.loads(request.GET.get("form_data", "{}"))
356-
collection_id = int(request.GET.get("collection", None))
357-
collection = Collection.objects.get(id=collection_id)
358+
collection_id = request.GET.get("collection")
359+
if not isinstance(collection_id, str) or not collection_id.isdigit():
360+
return JsonResponse({})
361+
collection = Collection.objects.get(id=int(collection_id))
358362

359363
queryset_filter = build_queryset_filters(form_data, {"collection": collection})
360364
aggregates = PageProjectAggregate.objects.filter(queryset_filter)
@@ -390,8 +394,10 @@ def get_links_count(request):
390394
Ajax request for links count (found in the Statistics table)
391395
"""
392396
form_data = json.loads(request.GET.get("form_data", "{}"))
393-
collection_id = int(request.GET.get("collection", None))
394-
collection = Collection.objects.get(id=collection_id)
397+
collection_id = request.GET.get("collection")
398+
if not isinstance(collection_id, str) or not collection_id.isdigit():
399+
return JsonResponse({})
400+
collection = Collection.objects.get(id=int(collection_id))
395401

396402
queryset_filter = build_queryset_filters(form_data, {"collection": collection})
397403
aggregates = LinkAggregate.objects.filter(queryset_filter)
@@ -439,8 +445,10 @@ def get_top_pages(request):
439445
Ajax request for the top pages table for a given collection
440446
"""
441447
form_data = json.loads(request.GET.get("form_data", "{}"))
442-
collection_id = int(request.GET.get("collection", None))
443-
collection = Collection.objects.get(id=collection_id)
448+
collection_id = request.GET.get("collection")
449+
if not isinstance(collection_id, str) or not collection_id.isdigit():
450+
return JsonResponse({})
451+
collection = Collection.objects.get(id=int(collection_id))
444452

445453
queryset_filter = build_queryset_filters(form_data, {"collection": collection})
446454
aggregates = PageProjectAggregate.objects.filter(queryset_filter)
@@ -496,8 +504,10 @@ def get_top_projects(request):
496504
Ajax request for the top projects table for a given collection
497505
"""
498506
form_data = json.loads(request.GET.get("form_data", "{}"))
499-
collection_id = int(request.GET.get("collection", None))
500-
collection = Collection.objects.get(id=collection_id)
507+
collection_id = request.GET.get("collection")
508+
if not isinstance(collection_id, str) or not collection_id.isdigit():
509+
return JsonResponse({})
510+
collection = Collection.objects.get(id=int(collection_id))
501511

502512
queryset_filter = build_queryset_filters(form_data, {"collection": collection})
503513
aggregates = PageProjectAggregate.objects.filter(queryset_filter)
@@ -555,8 +565,10 @@ def get_top_users(request):
555565
Ajax request for the top users table for a given collection
556566
"""
557567
form_data = json.loads(request.GET.get("form_data", "{}"))
558-
collection_id = int(request.GET.get("collection", None))
559-
collection = Collection.objects.get(id=collection_id)
568+
collection_id = request.GET.get("collection")
569+
if not isinstance(collection_id, str) or not collection_id.isdigit():
570+
return JsonResponse({})
571+
collection = Collection.objects.get(id=int(collection_id))
560572

561573
queryset_filter = build_queryset_filters(form_data, {"collection": collection})
562574
aggregates = UserAggregate.objects.filter(queryset_filter)
@@ -612,8 +624,10 @@ def get_latest_link_events(request):
612624
Ajax request for the latest link events for a given collection
613625
"""
614626
form_data = json.loads(request.GET.get("form_data", "{}"))
615-
collection_id = int(request.GET.get("collection", None))
616-
collection = Collection.objects.get(id=collection_id)
627+
collection_id = request.GET.get("collection")
628+
if not isinstance(collection_id, str) or not collection_id.isdigit():
629+
return JsonResponse({})
630+
collection = Collection.objects.get(id=int(collection_id))
617631

618632
linkevents = collection.get_linkevents()
619633
if form_data:

0 commit comments

Comments
 (0)