From b7a97183cb96f8f09f700cc64af9c8f3f41aa5b8 Mon Sep 17 00:00:00 2001 From: Will Stott Date: Thu, 13 Apr 2017 11:30:29 +0100 Subject: [PATCH] Never return None from views.public.create_ticket Would create a 500 when user omitted their email. Only a partial improve. Added a TODO: as this view still breaks if passing non-numeric characters to the ID. I assume this needs a full overhaul really. --- helpdesk/views/public.py | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/helpdesk/views/public.py b/helpdesk/views/public.py index b66900f5..62a74668 100644 --- a/helpdesk/views/public.py +++ b/helpdesk/views/public.py @@ -75,6 +75,7 @@ def homepage(request): def view_ticket(request): + # TODO: Use a form here, not enough validation on these parameters. ticket_req = request.GET.get('ticket', '') email = request.GET.get('email', '') @@ -84,13 +85,6 @@ def view_ticket(request): ticket = Ticket.objects.get(id=ticket_id, submitter_email__iexact=email) except ObjectDoesNotExist: error_message = _('Invalid ticket ID or e-mail address. Please try again.') - - return render(request, 'helpdesk/public_view_form.html', { - 'ticket': False, - 'email': email, - 'error_message': error_message, - 'helpdesk_settings': helpdesk_settings, - }) else: if request.user.is_staff: redirect_url = reverse('helpdesk:view', args=[ticket_id]) @@ -124,6 +118,15 @@ def view_ticket(request): 'helpdesk_settings': helpdesk_settings, 'next': redirect_url, }) + else: + error_message = _('Missing ticket ID or e-mail address. Please try again.') + + return render(request, 'helpdesk/public_view_form.html', { + 'ticket': False, + 'email': email, + 'error_message': error_message, + 'helpdesk_settings': helpdesk_settings, + }) def change_language(request):