From f7979577ca40e3cf9207d7f8f30226a45df46cad Mon Sep 17 00:00:00 2001 From: Greg Kempe Date: Mon, 16 Sep 2024 17:41:21 +0200 Subject: [PATCH] validate year for year mixins fixes https://github.com/laws-africa/peachjam/issues/1990 --- peachjam/tests/test_views.py | 6 ++++++ peachjam/views/generic_views.py | 11 +++++++++++ 2 files changed, 17 insertions(+) diff --git a/peachjam/tests/test_views.py b/peachjam/tests/test_views.py index c0e6471dd..3e6d92297 100644 --- a/peachjam/tests/test_views.py +++ b/peachjam/tests/test_views.py @@ -78,6 +78,12 @@ def test_court_year_listing(self): self.assertContains(response, "/judgments/ECOWASCJ/2016/") self.assertNotIn("years", response.context["facet_data"], [2016, 2018]) + def test_court_year_listing_bad_year(self): + self.assertEqual(self.client.get("/judgments/ECOWASCJ/0/").status_code, 404) + self.assertEqual( + self.client.get("/judgments/ECOWASCJ/999999/").status_code, 404 + ) + def test_judgment_detail(self): response = self.client.get( "/akn/aa-au/judgment/ecowascj/2018/17/eng@2018-06-29" diff --git a/peachjam/views/generic_views.py b/peachjam/views/generic_views.py index ae548c05e..b9d7809a4 100644 --- a/peachjam/views/generic_views.py +++ b/peachjam/views/generic_views.py @@ -1,5 +1,6 @@ import itertools +from django.http import Http404 from django.http.response import HttpResponse from django.middleware.csrf import get_token from django.shortcuts import get_object_or_404 @@ -449,6 +450,16 @@ def get(self, request, *args, **kwargs): class YearMixin: + def dispatch(self, request, *args, **kwargs): + # validate year + try: + year = int(kwargs["year"]) + if year < 1 or year > 9999: + raise ValueError() + except ValueError: + raise Http404() + return super().dispatch(request, *args, **kwargs) + @property def year(self): return self.kwargs["year"]