From 65f0c1e29f5ce9d0ffba63facd5e5bcdfa265f7c Mon Sep 17 00:00:00 2001 From: Philip Sargent Date: Wed, 10 Apr 2024 20:24:27 +0100 Subject: [PATCH] preventing _edit_edit_edit* loops by bots --- core/TESTS/test_caves.py | 2 ++ core/views/expo.py | 4 +++- templates/pagenotfound.html | 30 +++++++++++++++--------------- 3 files changed, 20 insertions(+), 16 deletions(-) diff --git a/core/TESTS/test_caves.py b/core/TESTS/test_caves.py index e80d5b4..437648a 100644 --- a/core/TESTS/test_caves.py +++ b/core/TESTS/test_caves.py @@ -79,6 +79,8 @@ class FixturePageTests(TestCase): """ # The fixtures have a password hash which is compatible with plain-text password 'secretword' + # The hash CHANGES whenever Django upgrades the encryption key length. Better to create the test uses + # algorithmically and not via a fixture. fixtures = ["auth_users", "expo_caves", "expo_exped"] ph = r"and leads in 800m of tortuous going to" diff --git a/core/views/expo.py b/core/views/expo.py index c8d9482..fadc6ed 100644 --- a/core/views/expo.py +++ b/core/views/expo.py @@ -57,7 +57,9 @@ def expofiles_redirect(request, filepath): return redirect(urljoin("http://expo.survex.com/expofiles/", filepath)) def spider(request, _): - return redirect("/?#") # so that suffixes applied by spider are no longer part of the url + # urls ending in "_edit_edit" + return render(request, "pagenotfound.html", {"path": path}, status=404) + # return redirect("/?#") # so that suffixes applied by spider are no longer part of the url def map(request): """Serves unadorned the expoweb/map/slippy/map.html file""" diff --git a/templates/pagenotfound.html b/templates/pagenotfound.html index 49132f0..913c092 100644 --- a/templates/pagenotfound.html +++ b/templates/pagenotfound.html @@ -19,28 +19,28 @@ div#editLinks a{ } {% endblock %} -{% block title %}Page not found {{ path }}{% endblock %} +{% block title %}Page not found '{{ path }}'{% endblock %} {% block body %} -

Page not found {{ path }}

+

Page not found '{{ path }}'

- - {% endblock%} +
+{% if user.username %}user: '{{ user.username }}' + | Log out +{% else %} Log in +{% endif %} +
+

Probably a mistake. This page does not exist. - -Did you mistype a URL? -If you do want to create this page click this link. +Did you mistype the URL '{{ path }}' ? +{% if user.username %} +

+ If you do want to create this page, click this link. +{% endif %}

- +

Did you get lost ?