Whitelist rank game types in the view. Fixes #162.
authorAnt Zucaro <azucaro@gmail.com>
Sat, 23 Jan 2016 15:08:41 +0000 (10:08 -0500)
committerAnt Zucaro <azucaro@gmail.com>
Sat, 23 Jan 2016 15:08:41 +0000 (10:08 -0500)
The game types where you could view ranks were previously controlled by a
regular expression check within the route. This was completely NOT obvious to
troubleshoot. This moves them to within the view, which is much easier to
control. Additionally, a 404-check is added for malformed values.

xonstat/__init__.py
xonstat/views/game.py

index 403b645..1609f4d 100644 (file)
@@ -117,10 +117,10 @@ def main(global_config, **settings):
     config.add_route("game_info_json", "/game/{id:\d+}.json")
     config.add_view(game_info_json, route_name="game_info_json", renderer="jsonp")
 
-    config.add_route("rank_index",      "/ranks/{game_type_cd:ctf|dm|tdm|duel|ca|ft}")
+    config.add_route("rank_index", "/ranks/{game_type_cd}")
     config.add_view(rank_index,      route_name="rank_index",      renderer="rank_index.mako")
 
-    config.add_route("rank_index_json", "/ranks/{game_type_cd:ctf|dm|tdm|duel|ca|ft}.json")
+    config.add_route("rank_index_json", "/ranks/{game_type_cd}.json")
     config.add_view(rank_index_json, route_name="rank_index_json", renderer="jsonp")
 
     config.add_route("game_index", "/games")
index 629b8ec..b8b739c 100644 (file)
@@ -121,7 +121,12 @@ def _rank_index_data(request):
     else:
         current_page = 1
 
+    # game type whitelist
+    game_types_allowed = ["ca", "ctf", "dm", "duel", "ft", "ka", "tdm"]
+
     game_type_cd = request.matchdict['game_type_cd']
+    if game_type_cd not in game_types_allowed:
+        raise httpexceptions.HTTPNotFound()
 
     ranks_q = DBSession.query(PlayerRank).\
             filter(PlayerRank.game_type_cd==game_type_cd).\