From: Ant Zucaro Date: Sat, 23 Jan 2016 15:08:41 +0000 (-0500) Subject: Whitelist rank game types in the view. Fixes #162. X-Git-Url: https://git.xonotic.org/?p=xonotic%2Fxonstat.git;a=commitdiff_plain;h=0ba0ba7adeb195c10985f2c48ce7c97f2eb0e714 Whitelist rank game types in the view. Fixes #162. The game types where you could view ranks were previously controlled by a regular expression check within the route. This was completely NOT obvious to troubleshoot. This moves them to within the view, which is much easier to control. Additionally, a 404-check is added for malformed values. --- diff --git a/xonstat/__init__.py b/xonstat/__init__.py index 403b645..1609f4d 100644 --- a/xonstat/__init__.py +++ b/xonstat/__init__.py @@ -117,10 +117,10 @@ def main(global_config, **settings): config.add_route("game_info_json", "/game/{id:\d+}.json") config.add_view(game_info_json, route_name="game_info_json", renderer="jsonp") - config.add_route("rank_index", "/ranks/{game_type_cd:ctf|dm|tdm|duel|ca|ft}") + config.add_route("rank_index", "/ranks/{game_type_cd}") config.add_view(rank_index, route_name="rank_index", renderer="rank_index.mako") - config.add_route("rank_index_json", "/ranks/{game_type_cd:ctf|dm|tdm|duel|ca|ft}.json") + config.add_route("rank_index_json", "/ranks/{game_type_cd}.json") config.add_view(rank_index_json, route_name="rank_index_json", renderer="jsonp") config.add_route("game_index", "/games") diff --git a/xonstat/views/game.py b/xonstat/views/game.py index 629b8ec..b8b739c 100644 --- a/xonstat/views/game.py +++ b/xonstat/views/game.py @@ -121,7 +121,12 @@ def _rank_index_data(request): else: current_page = 1 + # game type whitelist + game_types_allowed = ["ca", "ctf", "dm", "duel", "ft", "ka", "tdm"] + game_type_cd = request.matchdict['game_type_cd'] + if game_type_cd not in game_types_allowed: + raise httpexceptions.HTTPNotFound() ranks_q = DBSession.query(PlayerRank).\ filter(PlayerRank.game_type_cd==game_type_cd).\