Commit cc3e621a authored by dario's avatar dario
Browse files

web/views: check for invalid pdf file id

parent 91f817fc
......@@ -133,9 +133,21 @@ def show(request, document):
entry = entry,
theme = local.theme)
def str_truncate_if_tail_matches(s, tl):
if s.endswith(tl):
return s[:-len(tl)]
return s
@expose('/public_pdf/<pdffile>')
def send_pdf_file(request, pdffile):
meta = public_pdf_db[pdffile.rstrip('.pdf')].metadata
pdfid = str_truncate_if_tail_matches(pdffile, ".pdf")
dbitem = public_pdf_db[pdfid]
if not dbitem:
return render_template('error.xml',
error_text='There is no PDF file with that ID',
theme=local.theme)
meta = dbitem.metadata
is_internal = remote_is_internal_network(request)
## this uses a => b == !a v b, so what it wants to say is
......@@ -145,13 +157,9 @@ def send_pdf_file(request, pdffile):
mimetype='application/pdf',
direct_passthrough=True)
else:
return redirect('/internal_only')
@expose('/internal_only')
def error_internal_only(request):
return render_template('error.xml',
error_text='this file is available from the FAU internal network only',
theme=local.theme)
return render_template('error.xml',
error_text='this file is available from the FAU internal network only',
theme=local.theme)
@expose('/moderation/edit/')
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment