Mercurial > public > sg101
view custom_search/views.py @ 1156:8c901ab0df62
Update copyright to 2017.
author | Brian Neal <bgneal@gmail.com> |
---|---|
date | Mon, 16 Jan 2017 13:23:46 -0600 |
parents | 829d3b7fc0f7 |
children |
line wrap: on
line source
"""Custom views for searching.""" import logging from django.shortcuts import render from haystack.views import SearchView from xapian import QueryParserError logger = logging.getLogger(__name__) class UserSearchView(SearchView): """This class passes the user making the search as an __init__ argument to the search form as the keyword argument 'user'. """ query_parser_error = False def build_form(self, form_kwargs=None): """Pass the request.user object to the form's constructor.""" if not form_kwargs: form_kwargs = {} if 'user' not in form_kwargs: form_kwargs['user'] = self.request.user return super(UserSearchView, self).build_form(form_kwargs) # This nonsense is because Xapian can raise QueryParserError when evaluating # the query. This was triggered by some sh*t-bag looking for SQL injection # vulnerabilities. # If QueryParserError is raised, just drive on and set a flag in the context # (via extra_context()) so that an error is rendered on the template instead # of a 500 error. def create_response(self): try: return super(UserSearchView, self).create_response() except QueryParserError: self.query_parser_error = True logger.warning("QueryParserError triggered from user search input") context = { 'query': self.query, 'form': self.form, 'page': None, 'paginator': None, 'suggestion': None, } context.update(self.extra_context()) return render(self.request, self.template, context) def extra_context(self): return { 'query_parser_error': self.query_parser_error, 'V3_DESIGN': True, }