Add validation for invalid string as page number

memeLab · Nov 21, 2024 · baa67bf · baa67bf
1 parent 94ac744
commit baa67bf
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 7 deletions.
diff --git a/src/core/urls.py b/src/core/urls.py
@@ -6,6 +6,7 @@
 from core.views.exhibits import ExhibitViewset
 from core.views.markers import MarkerViewset
 from core.views.objects import ObjectViewset
+from django.urls import re_path
 from core.views.static_views import (
     community,
     documentation,
@@ -47,7 +48,7 @@
     path("manifest.json", manifest, name="manifest"),
     path("upload", upload_image, name="upload-image"),
     path("i18n/", include("django.conf.urls.i18n")),
-    path("see_all/", see_all, name="see_all"),
+    re_path(r"^see_all(?:/(?P<which>[a-zA-Z]+))?(?:/(?P<page>\d+))?/$", see_all, name="see_all"),
     path("robots.txt", robots_txt),
     path("favicon.ico", favicon),
     path(settings.HEALTH_CHECK_URL, health_check),

diff --git a/src/core/views/views.py b/src/core/views/views.py
@@ -51,12 +51,21 @@ def collection(request):
 
 @cache_page(60 * 2)
 @require_http_methods(["GET"])
-def see_all(request):
-    request_type = request.GET.get("which")
+def see_all(request, which="", page=1):
+    request_type = request.GET.get("which", which)
+    if request_type not in ["objects", "markers", "artworks", "exhibits"]:
+        # Invalid request type, return to collection
+        return redirect("collection")
     ctx = {}
-    per_page = 20
+    per_page = 3
     page = request.GET.get("page", 1)
 
+    try:
+        # Bots insert random strings in the page parameter
+        page = int(page)
+    except ValueError:
+        page = 1
+
     data_types = {
         "objects": Object.objects.all().order_by("uploaded_at"),
         "markers": Marker.objects.all().order_by("uploaded_at"),
@@ -67,10 +76,12 @@ def see_all(request):
     data = data_types.get(request_type)
     if data:
         paginator = Paginator(data, per_page)
-        data = paginator.get_page(page)
-        data.adjusted_elided_pages = paginator.get_elided_page_range(page)
+        if page > paginator.num_pages:
+            return redirect("see_all", request_type,paginator.num_pages)
+        paginated_data = paginator.get_page(page)
+        paginated_data.adjusted_elided_pages = paginator.get_elided_page_range(page)
         ctx = {
-            request_type: data,
+            request_type: paginated_data,
             "seeall": True,
         }