diff options
author | Bryan Newbold <bnewbold@robocracy.org> | 2018-12-20 19:17:28 -0800 |
---|---|---|
committer | Bryan Newbold <bnewbold@robocracy.org> | 2018-12-20 19:17:28 -0800 |
commit | 42933fd13c11dce9dbfe6dd44132a633786e0796 (patch) | |
tree | de10881fa5306fe5a6e12050daa8902c00b2abd4 /rust | |
parent | 623f64d241ebf2bfc68168d12a22423b06584b04 (diff) | |
download | fatcat-42933fd13c11dce9dbfe6dd44132a633786e0796.tar.gz fatcat-42933fd13c11dce9dbfe6dd44132a633786e0796.zip |
disallow self-redirects
Diffstat (limited to 'rust')
-rw-r--r-- | rust/src/api_entity_crud.rs | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/rust/src/api_entity_crud.rs b/rust/src/api_entity_crud.rs index 63e5699e..1b36f71d 100644 --- a/rust/src/api_entity_crud.rs +++ b/rust/src/api_entity_crud.rs @@ -207,6 +207,11 @@ macro_rules! generic_db_update { } if self.state.is_none() { + + if Some(ident.to_string()) == self.redirect { + return Err(ErrorKind::OtherBadRequest( + "tried to redirect entity to itself".to_string()).into()); + } // special case: redirect to another entity if let Some(ref redirect_ident) = self.redirect { let redirect_ident = FatCatId::from_str(&redirect_ident)?.to_uuid(); @@ -458,8 +463,10 @@ macro_rules! generic_db_accept_edits_batch { .count() .get_result(conn)?; if forward_recursive_redirects != 0 { - // TODO: error type - bail!("forward recurisve redirects") + return Err(ErrorKind::OtherBadRequest( + "one or more (forward) recurisve redirects".to_string(), + ) + .into()); } // assert that we aren't redirecting while something already redirects to us @@ -474,8 +481,10 @@ macro_rules! generic_db_accept_edits_batch { .count() .get_result(conn)?; if backward_recursive_redirects != 0 { - // TODO: error type - bail!("backward recursive redirects") + return Err(ErrorKind::OtherBadRequest( + "one or more (backward) recurisve redirects".to_string(), + ) + .into()); } // update any/all redirects for updated entities |