Re-ordered the Stackdump-wide search method in code so it is processed before the site-specific methods. This means even if a site is imported with the key 'search', it can't replace that page.

2024-12-04 23:17:37 +00:00 · 2012-02-12 14:19:50 +11:00 · 2012-02-12 14:19:50 +11:00 · 84f5a951ed
commit 84f5a951ed
parent caebcabd89
1 changed files with 18 additions and 16 deletions
--- a/python/src/stackdump/app.py
+++ b/python/src/stackdump/app.py
@ -225,6 +225,24 @@ def import_data():
    '''
    return render_template('import_data.html')

+# this method MUST sit above the site_index and other methods below so it
+# cannot be subverted by a site with a site key of 'search'.
+@get('/search')
+@uses_templates
+@uses_solr
+@uses_db
+def search():
+    context = { }
+    context['sites'] = get_sites()
+    
+    search_context = perform_search()
+    if not search_context:
+        raise HTTPError(code=500, output='Invalid query attempted.')
+    
+    context.update(search_context)
+    
+    return render_template('results.html', context)
+
@get('/:site_key#[\w\.]+#')
@get('/:site_key#[\w\.]+#/')
@uses_templates
@ -243,22 +261,6 @@ def site_index(site_key):
    
    return render_template('index.html', context)

-@get('/search')
-@uses_templates
-@uses_solr
-@uses_db
-def search():
-    context = { }
-    context['sites'] = get_sites()
-    
-    search_context = perform_search()
-    if not search_context:
-        raise HTTPError(code=500, output='Invalid query attempted.')
-    
-    context.update(search_context)
-    
-    return render_template('results.html', context)
-
@get('/:site_key#[\w\.]+#/search')
@uses_templates
@uses_solr