]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/views/meta.py
fix breach in award points that allows user to award infinite points / extra fix
[osqa.git] / forum / views / meta.py
index 536cf2603515cee8a6cfda653450691e57eff7a9..e7d151588a8402a6e0c2b73c19cf03b9005e91c0 100644 (file)
@@ -1,26 +1,28 @@
 import os
 from itertools import groupby
-from django.shortcuts import render_to_response, get_object_or_404
-from django.core.urlresolvers import reverse
-from django.template import RequestContext, loader
-from django.http import HttpResponseRedirect, HttpResponse, Http404
+
+from django.shortcuts import render_to_response
+from django.template import RequestContext
+from django.http import HttpResponseRedirect, HttpResponse
 from django.views.static import serve
+from django.views.decorators.cache import cache_page
+from django.utils.translation import ugettext as _
+from django.utils.safestring import mark_safe
+
+from django.contrib import messages
+
 from forum import settings
-from forum.modules import decorate
 from forum.views.decorators import login_required
 from forum.forms import FeedbackForm
-from django.core.urlresolvers import reverse
-from django.utils.translation import ugettext as _
-from django.db.models import Count
+from forum.modules import decorate
 from forum.forms import get_next_url
 from forum.models import Badge, Award, User, Page
-from forum.badges.base import BadgesMeta
-from forum import settings
+from forum.http_responses import HttpResponseNotFound, HttpResponseIntServerError
 from forum.utils.mail import send_template_email
-from django.utils.safestring import mark_safe
 from forum.templatetags.extra_filters import or_preview
+
 import decorators
-import re
+import logging, traceback
 
 def favicon(request):
     return HttpResponseRedirect(str(settings.APP_FAVICON))
@@ -35,7 +37,7 @@ def static(request, title, content):
 def media(request, skin, path):
     response = serve(request, "%s/media/%s" % (skin, path),
                  document_root=os.path.join(os.path.dirname(os.path.dirname(__file__)), 'skins').replace('\\', '/'))
-    content_type = response['Content-Type']
+    content_type = response.get('Content-Type', '')
     if ('charset=' not in content_type):
         if (content_type.startswith('text') or content_type=='application/x-javascript'):
             content_type += '; charset=utf-8'
@@ -46,7 +48,7 @@ def media(request, skin, path):
 def markdown_help(request):
     return render_to_response('markdown_help.html', context_instance=RequestContext(request))
 
-
+@cache_page(60 * 60 * 24 * 30) #30 days
 def opensearch(request):
     return render_to_response('opensearch.html', {'settings' : settings}, context_instance=RequestContext(request))
 
@@ -67,7 +69,7 @@ def feedback(request):
             send_template_email(recipients, "notifications/feedback.html", context)
 
             msg = _('Thanks for the feedback!')
-            request.user.message_set.create(message=msg)
+            messages.info(request, msg)
             return HttpResponseRedirect(get_next_url(request))
     else:
         form = FeedbackForm(request.user, initial={'next':get_next_url(request)})
@@ -87,10 +89,11 @@ def logout(request):
 
 @decorators.render('badges.html', 'badges', _('badges'), weight=300)
 def badges(request):
-    badges = [b.ondb for b in sorted(BadgesMeta.by_id.values(), lambda b1, b2: cmp(b1.name, b2.name))]
+    from forum.badges.base import BadgesMeta
+    badges = sorted([Badge.objects.get(id=id) for id in BadgesMeta.by_id.keys()], lambda b1, b2: cmp(b1.name, b2.name))
 
     if request.user.is_authenticated():
-        my_badges = Award.objects.filter(user=request.user).values('badge_id').distinct()
+        my_badges = Award.objects.filter(user=request.user).values_list('badge_id', flat=True).distinct()
     else:
         my_badges = []
 
@@ -113,17 +116,19 @@ def badge(request, id, slug):
     'badge' : badge,
     }, context_instance=RequestContext(request))
 
-def page(request, path):
+def page(request):
+    path = request.path[1:]
+
     if path in settings.STATIC_PAGE_REGISTRY:
         try:
             page = Page.objects.get(id=settings.STATIC_PAGE_REGISTRY[path])
 
             if (not page.published) and (not request.user.is_superuser):
-                raise Http404
+                return HttpResponseNotFound(request)
         except:
-            raise Http404
+            return HttpResponseNotFound(request)
     else:
-        raise Http404
+        return HttpResponseNotFound(request)
 
     template = page.extra.get('template', 'default')
     sidebar = page.extra.get('sidebar', '')
@@ -160,3 +165,39 @@ def page(request, path):
     }, context_instance=RequestContext(request))
 
 
+def error_handler(request):
+
+    stacktrace = "".join(["\t\t%s\n" % l for l in traceback.format_exc().split("\n")])
+
+    try:
+        log_msg = """
+        error executing request:
+        PATH: %(path)s
+        USER: %(user)s
+        METHOD: %(method)s
+        POST PARAMETERS:
+        %(post)s
+        GET PARAMETERS:
+        %(get)s
+        HTTP HEADERS:
+        %(headers)s
+        COOKIES:
+        %(cookies)s
+        EXCEPTION INFO:
+        %(stacktrace)s
+        """ % {
+            'path': request.path,
+            'user': request.user.is_authenticated() and ("%s (%s)" % (request.user.username, request.user.id)) or "<anonymous>",
+            'method': request.method,
+            'post': request.POST and "".join(["\t\t%s: %s\n" % (k, v) for k, v in request.POST.items()]) or "None",
+            'get': request.GET and "".join(["\t\t%s: %s\n" % (k, v) for k, v in request.GET.items()]) or "None",
+            'cookies': request.COOKIES and "".join(["\t\t%s: %s\n" % (k, v) for k, v in request.COOKIES.items()]) or "None",
+            'headers': request.META and "".join(["\t\t%s: %s\n" % (k, v) for k, v in request.META.items()]) or "None",
+            'stacktrace': stacktrace
+        }
+    except:
+        log_msg = "error executing request:\n%s" % stacktrace
+
+
+    logging.error(log_msg)
+    return HttpResponseIntServerError(request)