Gracefully handle invalid queries

2022-07-21 13:51:27 +01:00
parent cd82740662
commit f02f6e9d23
2 changed files with 10 additions and 4 deletions
--- a/core/views/dynamic/search.py
+++ b/core/views/dynamic/search.py
@@ -2,7 +2,7 @@ import json

 from django.conf import settings
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.http import HttpResponse, JsonResponse
+from django.http import HttpResponse, HttpResponseForbidden, JsonResponse
 from django.shortcuts import render
 from django.views import View

@@ -72,9 +72,11 @@ class Search(LoginRequiredMixin, View):

    def post(self, request):
        if not request.user.has_plan(self.plan_name):
-            return render(request, "denied.html")
+            return HttpResponseForbidden()

        context = query_results(request, request.POST)
+        if not context:
+            return HttpResponseForbidden()
        context["data"] = json.dumps(
            [
                {