Whitelist rank game types in the view. Fixes #162.

The game types where you could view ranks were previously controlled by a
regular expression check within the route. This was completely NOT obvious to
troubleshoot. This moves them to within the view, which is much easier to
control. Additionally, a 404-check is added for malformed values.

diff --git a/xonstat/__init__.py b/xonstat/__init__.py
index 403b64581a7371cdbfa4e21d8fdc85fe615fada0..1609f4dea821482dc63f7800403b28407ab1257d 100644 (file)
--- a/xonstat/__init__.py
+++ b/xonstat/__init__.py
@@ -117,10 +117,10 @@ def main(global_config, **settings):
     config.add_route("game_info_json", "/game/{id:\d+}.json")
     config.add_view(game_info_json, route_name="game_info_json", renderer="jsonp")
 
-    config.add_route("rank_index",      "/ranks/{game_type_cd:ctf|dm|tdm|duel|ca|ft}")
+    config.add_route("rank_index", "/ranks/{game_type_cd}")
     config.add_view(rank_index,      route_name="rank_index",      renderer="rank_index.mako")
 
-    config.add_route("rank_index_json", "/ranks/{game_type_cd:ctf|dm|tdm|duel|ca|ft}.json")
+    config.add_route("rank_index_json", "/ranks/{game_type_cd}.json")
     config.add_view(rank_index_json, route_name="rank_index_json", renderer="jsonp")
 
     config.add_route("game_index", "/games")

diff --git a/xonstat/views/game.py b/xonstat/views/game.py
index 629b8ece3a808d65c3c198d83ada1e19a9e73e2a..b8b739c1315750ff10fa7bce2494ac3ca24ff94d 100644 (file)
--- a/xonstat/views/game.py
+++ b/xonstat/views/game.py
@@ -121,7 +121,12 @@ def _rank_index_data(request):
     else:
         current_page = 1
 
+    # game type whitelist
+    game_types_allowed = ["ca", "ctf", "dm", "duel", "ft", "ka", "tdm"]
+
     game_type_cd = request.matchdict['game_type_cd']
+    if game_type_cd not in game_types_allowed:
+        raise httpexceptions.HTTPNotFound()
 
     ranks_q = DBSession.query(PlayerRank).\
             filter(PlayerRank.game_type_cd==game_type_cd).\