From c1cfd0944500982a62187ec0cf22f008b1f1e723 Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Wed, 18 Jan 2012 11:21:27 +0000 Subject: Return a 404 for broken attachment urls. Fixes #351. --- app/controllers/request_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 1c7aeedcc..33ea7d5a6 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -682,10 +682,11 @@ class RequestController < ApplicationController # Internal function def get_attachment_internal(html_conversion) @incoming_message = IncomingMessage.find(params[:incoming_message_id]) + @requested_request = InfoRequest.find(params[:id]) @incoming_message.parse_raw_email! @info_request = @incoming_message.info_request if @incoming_message.info_request_id != params[:id].to_i - raise sprintf("Incoming message %d does not belong to request %d", @incoming_message.info_request_id, params[:id]) + raise ActiveRecord::RecordNotFound.new("Incoming message %d does not belong to request %d", @incoming_message.info_request_id, params[:id]) end @part_number = params[:part].to_i @filename = params[:file_name].join("/") -- cgit v1.2.3 From bf66cd1d1d4faa249c692f13543e43f2bd6b0c03 Mon Sep 17 00:00:00 2001 From: Robin Houston Date: Thu, 19 Jan 2012 12:40:06 +0000 Subject: Forbid very slow-to-load results pages Another temporary patch to protect the live site. --- app/controllers/request_controller.rb | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 1c7aeedcc..90c1f416d 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -155,6 +155,13 @@ class RequestController < ApplicationController if @view == "recent" return redirect_to request_list_all_path(:action => "list", :view => "all", :page => @page), :status => :moved_permanently end + + # Temporary patch + # Later pages are very expensive to load + if @page > 100 + raise "Sorry. No pages after 100 today." + end + params[:latest_status] = @view query = make_query_from_params @title = _("View and search requests") -- cgit v1.2.3 From 3e84062e1136e3e20c5b0948813397982f254f95 Mon Sep 17 00:00:00 2001 From: Robin Houston Date: Thu, 19 Jan 2012 15:57:24 +0000 Subject: Don't obscure user searches on request listing page behind cache. Fixes #256 --- app/controllers/request_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index aeb6d31fe..7bc51bc28 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -166,7 +166,7 @@ class RequestController < ApplicationController query = make_query_from_params @title = _("View and search requests") sortby = "newest" - behavior_cache :tag => [@view, @page] do + behavior_cache :tag => [@query, @page, I18n.locale] do xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_collapse') @list_results = xapian_object.results.map { |r| r[:model] } @matches_estimated = xapian_object.matches_estimated -- cgit v1.2.3 From a37e9f21f00af03d271cb40de7d849cb8941bc02 Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Fri, 20 Jan 2012 11:00:05 +0000 Subject: Don't allow users to page beyond a certain number of results (because in large databases, the sorting of such large batches causes an extreme slowdown). --- app/controllers/request_controller.rb | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 7bc51bc28..0f980b43f 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -13,6 +13,9 @@ require 'open-uri' class RequestController < ApplicationController before_filter :check_read_only, :only => [ :new, :show_response, :describe_state, :upload_response ] protect_from_forgery :only => [ :new, :show_response, :describe_state, :upload_response ] # See ActionController::RequestForgeryProtection for details + + MAX_RESULTS = 500 + PER_PAGE = 25 @@custom_states_loaded = false begin @@ -155,11 +158,10 @@ class RequestController < ApplicationController if @view == "recent" return redirect_to request_list_all_path(:action => "list", :view => "all", :page => @page), :status => :moved_permanently end - - # Temporary patch - # Later pages are very expensive to load - if @page > 100 - raise "Sorry. No pages after 100 today." + + # Later pages are very expensive to load + if @page > MAX_RESULTS / PER_PAGE + raise ActiveRecord::RecordNotFound.new("Sorry. No pages after #{MAX_RESULTS / PER_PAGE}.") end params[:latest_status] = @view @@ -170,6 +172,7 @@ class RequestController < ApplicationController xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_collapse') @list_results = xapian_object.results.map { |r| r[:model] } @matches_estimated = xapian_object.matches_estimated + @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated end @title = @title + " (page " + @page.to_s + ")" if (@page > 1) -- cgit v1.2.3 From 35a2c007a65ff20785e02b738077fe52efcb90bf Mon Sep 17 00:00:00 2001 From: Robin Houston Date: Fri, 20 Jan 2012 12:21:34 +0000 Subject: bug fix --- app/controllers/request_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/request_controller.rb') diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 0f980b43f..11812b729 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -696,7 +696,7 @@ class RequestController < ApplicationController @incoming_message.parse_raw_email! @info_request = @incoming_message.info_request if @incoming_message.info_request_id != params[:id].to_i - raise ActiveRecord::RecordNotFound.new("Incoming message %d does not belong to request %d", @incoming_message.info_request_id, params[:id]) + raise ActiveRecord::RecordNotFound.new(sprintf("Incoming message %d does not belong to request %d", @incoming_message.info_request_id, params[:id])) end @part_number = params[:part].to_i @filename = params[:file_name].join("/") -- cgit v1.2.3