aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/controllers/request_controller.rb5
-rw-r--r--spec/controllers/request_controller_spec.rb8
2 files changed, 13 insertions, 0 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index d8c34c2dd..5d950ceb2 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -139,6 +139,11 @@ class RequestController < ApplicationController
short_cache
@per_page = 25
@page = (params[:page] || "1").to_i
+
+ # Later pages are very expensive to load
+ if @page > MAX_RESULTS / PER_PAGE
+ raise ActiveRecord::RecordNotFound.new("Sorry. No pages after #{MAX_RESULTS / PER_PAGE}.")
+ end
@info_request = InfoRequest.find_by_url_title!(params[:url_title])
raise ActiveRecord::RecordNotFound.new("Request not found") if @info_request.nil?
diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb
index 45803d74f..148e4327d 100644
--- a/spec/controllers/request_controller_spec.rb
+++ b/spec/controllers/request_controller_spec.rb
@@ -2226,6 +2226,14 @@ describe RequestController, "when showing similar requests" do
}.should raise_error(ActiveRecord::RecordNotFound)
end
+
+ it "should return 404 for pages we don't want to serve up" do
+ badger_request = info_requests(:badger_request)
+ lambda {
+ get :similar, :url_title => badger_request.url_title, :page => 100
+ }.should raise_error(ActiveRecord::RecordNotFound)
+ end
+
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 23:31:44 +0000