summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames E. Blair <corvus@gnu.org>2010-04-03 18:50:28 (GMT)
committerJames E. Blair <corvus@gnu.org>2010-04-03 18:50:28 (GMT)
commit48d0eda8d6f8dc40a8cd6e9874c8145f81c28e6a (patch)
tree3ca4c562135dbd87c3e9a76a4c02bc59cee9afc1
parent52a3511b1205d7b76b52580e7a9994db5d893afa (diff)
Handle more bad arguments, including to openid server.
-rw-r--r--quoins/controllers.py17
-rw-r--r--quoins/openid_controllers.py2
2 files changed, 11 insertions, 8 deletions
diff --git a/quoins/controllers.py b/quoins/controllers.py
index 7bdb295..1db761f 100644
--- a/quoins/controllers.py
+++ b/quoins/controllers.py
@@ -476,7 +476,7 @@ Comment:
476 try: 476 try:
477 start=int(start) 477 start=int(start)
478 except: 478 except:
479 raise tg.exceptions.HTTPNotFound().exception 479 abort(404)
480 blog = DBSession.query(Blog).get(1) 480 blog = DBSession.query(Blog).get(1)
481 posts = blog.getPostsByTag(tagname) 481 posts = blog.getPostsByTag(tagname)
482 d = post_paginate(start, posts, self.post_paginate) 482 d = post_paginate(start, posts, self.post_paginate)
@@ -488,7 +488,6 @@ Comment:
488 488
489 @expose(template="genshi:quoinstemplates.index") 489 @expose(template="genshi:quoinstemplates.index")
490 def archive(self, year='', month='', day='', start=0): 490 def archive(self, year='', month='', day='', start=0):
491 blog = DBSession.query(Blog).get(1)
492 try: year = int(year) 491 try: year = int(year)
493 except: year = None 492 except: year = None
494 try: month = int(month) 493 try: month = int(month)
@@ -497,8 +496,8 @@ Comment:
497 except: day = None 496 except: day = None
498 497
499 if not year: 498 if not year:
500 flash('Please supply a year for the archive.') 499 abort(404)
501 redirect(self.url('/')) 500 blog = DBSession.query(Blog).get(1)
502 posts = blog.getPostsByDate(year, month, day) 501 posts = blog.getPostsByDate(year, month, day)
503 d = post_paginate(start, posts, self.post_paginate) 502 d = post_paginate(start, posts, self.post_paginate)
504 d.update(dict(quoins = self, 503 d.update(dict(quoins = self,
@@ -512,14 +511,14 @@ Comment:
512 try: 511 try:
513 start=int(start) 512 start=int(start)
514 except: 513 except:
515 raise tg.exceptions.HTTPNotFound().exception 514 abort(404)
516 if not name: 515 if not name:
517 raise tg.exceptions.HTTPNotFound().exception 516 abort(404)
518 517
519 blog = DBSession.query(Blog).get(1) 518 blog = DBSession.query(Blog).get(1)
520 posts = blog.getPostsByAuthor(name) 519 posts = blog.getPostsByAuthor(name)
521 if not posts: 520 if not posts:
522 raise tg.exceptions.HTTPNotFound().exception 521 abort(404)
523 d = post_paginate(start, posts, self.post_paginate) 522 d = post_paginate(start, posts, self.post_paginate)
524 d.update(dict(quoins = self, 523 d.update(dict(quoins = self,
525 blog = blog, 524 blog = blog,
@@ -549,8 +548,10 @@ Comment:
549 post = post) 548 post = post)
550 549
551 @expose(template="genshi:quoinstemplates.new_comment") 550 @expose(template="genshi:quoinstemplates.new_comment")
552 def new_comment(self, id, **kw): 551 def new_comment(self, id):
553 post = DBSession.query(Post).get(id) 552 post = DBSession.query(Post).get(id)
553 if not post: abort(404)
554
554 if not post.allow_comments: 555 if not post.allow_comments:
555 flash('This post does not allow comments.') 556 flash('This post does not allow comments.')
556 redirect(self.url(post)) 557 redirect(self.url(post))
diff --git a/quoins/openid_controllers.py b/quoins/openid_controllers.py
index 8b1619f..d7728c9 100644
--- a/quoins/openid_controllers.py
+++ b/quoins/openid_controllers.py
@@ -173,6 +173,8 @@ class OpenIDController(TGController):
173 oserver = openid.server.server.Server(store, 173 oserver = openid.server.server.Server(store,
174 self.absolute_url('/server')) 174 self.absolute_url('/server'))
175 oid_request = oserver.decodeRequest(request.params) 175 oid_request = oserver.decodeRequest(request.params)
176 if not oid_request:
177 raise Exception("This does not appear to be an OpenID request")
176 request.environ['oid_request']=oid_request 178 request.environ['oid_request']=oid_request
177 179
178 request.environ['oid_return_verified']='not verified' 180 request.environ['oid_return_verified']='not verified'