wiki: Ensure that page names which can not be accessed are not created.

2026-04-05 03:00:15 -04:00 · 2012-10-21 20:10:33 -05:00
parent 10ddd97c94
commit 5c20a04c4d
2 changed files with 11 additions and 0 deletions
--- a/r2/r2/controllers/validator/wiki.py
+++ b/r2/r2/controllers/validator/wiki.py
@@ -207,6 +207,9 @@ class VWikiPage(Validator):
        
        page = normalize_page(page)
        
+        if WikiPage.is_impossible(page):
+            return self.set_error('INVALID_PAGE_NAME', code=400)
+        
        if (not c.is_wiki_mod) and self.modonly:
            return self.set_error('MOD_REQUIRED', code=403)
        
--- a/r2/r2/models/wiki.py
+++ b/r2/r2/models/wiki.py
@@ -40,6 +40,10 @@ WIKI_RECENT_DAYS = g.wiki_keep_recent_days
 # Max length of a single page in bytes
 MAX_PAGE_LENGTH_BYTES = g.wiki_max_page_length_bytes

+# Page names which should never be
+impossible_namespaces = ('edit/', 'revisions/', 'settings/', 'discussions/', 
+                         'revisions/', 'pages/')
+
 # Namespaces in which access is denied to do anything but view
 restricted_namespaces = ('reddit/', 'config/', 'special/')

@@ -190,6 +194,10 @@ class WikiPage(tdb_cassandra.Thing):
    @property
    def restricted(self):
        return WikiPage.is_restricted(self.name)
+
+    @classmethod
+    def is_impossible(cls, page):
+        return ("%s/" % page) in impossible_namespaces or page.startswith(impossible_namespaces)
    
    @classmethod
    def is_restricted(cls, page):