projects
/
zzz-spline-users.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
fde2492
)
Make routing reject non-numeric ids in URLs.
veekun-promotions/2010060201
veekun-promotions/2010060501
veekun-promotions/2010060502
author
Eevee
<git@veekun.com>
Wed, 2 Jun 2010 06:40:50 +0000
(23:40 -0700)
committer
Eevee
<git@veekun.com>
Wed, 2 Jun 2010 06:40:50 +0000
(23:40 -0700)
splinext/users/__init__.py
patch
|
blob
|
history
diff --git
a/splinext/users/__init__.py
b/splinext/users/__init__.py
index
a6a6ca7
..
0e6f44f
100644
(file)
--- a/
splinext/users/__init__.py
+++ b/
splinext/users/__init__.py
@@
-12,6
+12,13
@@
from splinext.users import model as users_model
def add_routes_hook(map, *args, **kwargs):
"""Hook to inject some of our behavior into the routes configuration."""
def add_routes_hook(map, *args, **kwargs):
"""Hook to inject some of our behavior into the routes configuration."""
+ def id_is_numeric(environ, result):
+ try:
+ int(result['id'])
+ return True
+ except (KeyError, ValueError):
+ return False
+
# Login, logout
map.connect('/accounts/login', controller='accounts', action='login')
map.connect('/accounts/login_begin', controller='accounts', action='login_begin')
# Login, logout
map.connect('/accounts/login', controller='accounts', action='login')
map.connect('/accounts/login_begin', controller='accounts', action='login_begin')
@@
-19,12
+26,15
@@
def add_routes_hook(map, *args, **kwargs):
map.connect('/accounts/logout', controller='accounts', action='logout')
# Self-admin
map.connect('/accounts/logout', controller='accounts', action='logout')
# Self-admin
- map.connect('/users/{id};{name}/edit', controller='users', action='profile_edit')
+ map.connect('/users/{id};{name}/edit', controller='users', action='profile_edit',
+ conditions=dict(function=id_is_numeric))
# Public user pages
map.connect('/users', controller='users', action='list')
# Public user pages
map.connect('/users', controller='users', action='list')
- map.connect('/users/{id};{name}', controller='users', action='profile')
- map.connect('/users/{id}', controller='users', action='profile')
+ map.connect('/users/{id};{name}', controller='users', action='profile',
+ conditions=dict(function=id_is_numeric))
+ map.connect('/users/{id}', controller='users', action='profile',
+ conditions=dict(function=id_is_numeric))
def check_userid_hook(action, **params):
"""Hook to see if a user is logged in and, if so, stick a user object in
def check_userid_hook(action, **params):
"""Hook to see if a user is logged in and, if so, stick a user object in
projects / zzz-spline-users.git / commitdiff
