From 4221fd95daa1aafd8285cacdb723230473d730c6 Mon Sep 17 00:00:00 2001
From: "J.-S. Caux" <J.S.Caux@uva.nl>
Date: Tue, 27 Apr 2021 06:35:30 +0200
Subject: [PATCH] Try another way to block problematic search queries

---
 scipost/forms.py | 10 ++++++----
 scipost/urls.py  |  2 +-
 scipost/views.py |  1 -
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/scipost/forms.py b/scipost/forms.py
index 7c5cf4bf6..59420f21f 100644
--- a/scipost/forms.py
+++ b/scipost/forms.py
@@ -695,6 +695,12 @@ class SearchForm(HayStackSearchForm):
     start = forms.DateField(widget=MonthYearWidget(), required=False)  # Month
     end = forms.DateField(widget=MonthYearWidget(end=True), required=False)  # Month
 
+    def clean_q(self):
+        q = self.cleaned_data.get('q', '')
+        # Block queries matching flagged regex to avoid gunicorn worker timeout
+        if re.search(r'\w+.cn', q):
+            raise Http404
+        return q
 
     def search(self):
         if not self.is_valid():
@@ -703,10 +709,6 @@ class SearchForm(HayStackSearchForm):
         if not self.cleaned_data.get("q"):
             return self.no_query_found()
 
-        # Block queries matching flagged regex to avoid gunicorn worker timeout
-        if re.search(r'\w+.cn', self.cleaned_data["q"]):
-            raise Http404
-
         sqs = self.searchqueryset.auto_query(self.cleaned_data["q"])
 
         if self.load_all:
diff --git a/scipost/urls.py b/scipost/urls.py
index a425c6d19..bc1738465 100644
--- a/scipost/urls.py
+++ b/scipost/urls.py
@@ -53,7 +53,7 @@ urlpatterns = [
     ),
 
     # Search
-    url(r'^search', views.SearchView.as_view(), name='search'),
+    url(r'^search$', views.SearchView.as_view(), name='search'),
     url(r'^$', views.index, name='index'),
     url(r'^files/secure/(?P<path>.*)$', views.protected_serve, name='secure_file'),
 
diff --git a/scipost/views.py b/scipost/views.py
index 15cd8c621..50e0dcffc 100644
--- a/scipost/views.py
+++ b/scipost/views.py
@@ -152,7 +152,6 @@ class SearchView(SearchView):
     def get_context_data(self, *args, **kwargs):
         """Update context with some additional information."""
         ctx = super().get_context_data(*args, **kwargs)
-        ctx['search_query'] = self.request.GET.get('q')
         ctx['results_count'] = kwargs['object_list'].count()
         return ctx
 
-- 
GitLab