From 48d0eda8d6f8dc40a8cd6e9874c8145f81c28e6a Mon Sep 17 00:00:00 2001
From: "James E. Blair" <corvus@gnu.org>
Date: Sat, 3 Apr 2010 11:50:28 -0700
Subject: Handle more bad arguments, including to openid server.

---
 quoins/controllers.py        | 17 +++++++++--------
 quoins/openid_controllers.py |  2 ++
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/quoins/controllers.py b/quoins/controllers.py
index 7bdb295..1db761f 100644
--- a/quoins/controllers.py
+++ b/quoins/controllers.py
@@ -476,7 +476,7 @@ Comment:
         try:
             start=int(start)
         except:
-            raise tg.exceptions.HTTPNotFound().exception
+            abort(404)
         blog = DBSession.query(Blog).get(1)
         posts = blog.getPostsByTag(tagname)
         d = post_paginate(start, posts, self.post_paginate)
@@ -488,7 +488,6 @@ Comment:
 
     @expose(template="genshi:quoinstemplates.index")
     def archive(self, year='', month='', day='', start=0):
-        blog = DBSession.query(Blog).get(1)
         try: year = int(year)
         except: year = None
         try: month = int(month)
@@ -497,8 +496,8 @@ Comment:
         except: day = None
 
         if not year:
-            flash('Please supply a year for the archive.')
-            redirect(self.url('/'))
+            abort(404)
+        blog = DBSession.query(Blog).get(1)
         posts = blog.getPostsByDate(year, month, day)
         d = post_paginate(start, posts, self.post_paginate)
         d.update(dict(quoins = self,
@@ -512,14 +511,14 @@ Comment:
         try:
             start=int(start)
         except:
-            raise tg.exceptions.HTTPNotFound().exception
+            abort(404)
         if not name:
-            raise tg.exceptions.HTTPNotFound().exception
+            abort(404)
 
         blog = DBSession.query(Blog).get(1)
         posts = blog.getPostsByAuthor(name)
         if not posts:
-            raise tg.exceptions.HTTPNotFound().exception
+            abort(404)
         d = post_paginate(start, posts, self.post_paginate)
         d.update(dict(quoins = self,
                       blog = blog,
@@ -549,8 +548,10 @@ Comment:
                     post = post)
                     
     @expose(template="genshi:quoinstemplates.new_comment")
-    def new_comment(self, id, **kw):
+    def new_comment(self, id):
         post = DBSession.query(Post).get(id)
+        if not post: abort(404)
+
         if not post.allow_comments:
             flash('This post does not allow comments.')
             redirect(self.url(post))
diff --git a/quoins/openid_controllers.py b/quoins/openid_controllers.py
index 8b1619f..d7728c9 100644
--- a/quoins/openid_controllers.py
+++ b/quoins/openid_controllers.py
@@ -173,6 +173,8 @@ class OpenIDController(TGController):
         oserver = openid.server.server.Server(store,
                          self.absolute_url('/server'))
         oid_request = oserver.decodeRequest(request.params)
+        if not oid_request:
+            raise Exception("This does not appear to be an OpenID request")
         request.environ['oid_request']=oid_request
 
         request.environ['oid_return_verified']='not verified'
-- 
cgit v1.2.3