Bug 914904 - Protect against SQL errors when executing findAll on the…

… event data model
mozilla · Sep 12, 2013 · 07ec508 · 07ec508
1 parent 178afb7
commit 07ec508
Showing 1 changed file with 26 additions and 4 deletions.
diff --git a/lib/events/controllers/events.js b/lib/events/controllers/events.js
@@ -47,7 +47,10 @@ module.exports = function (init) {
 
       var allowed = util.sans(SAFE_FIELDS, ['id', 'featured', 'picture']).concat('organizer');
 
-      Event.create(event, allowed).success(picture_handler(picture, function (event) {
+      Event.create(event, allowed).success(picture_handler(picture, function (err, event) {
+        if (err)
+          return res.reply(500, { error: err });
+
         geocode_filler(event);
         res.reply(201, 'Event created', {
           event: event_output_filter(event)
@@ -94,7 +97,10 @@ module.exports = function (init) {
         if (isAdmin)
           allowed.push('featured');
 
-        event.updateAttributes(changes, allowed).success(picture_handler(picture, function (event) {
+        event.updateAttributes(changes, allowed).success(picture_handler(picture, function (err, event) {
+          if (err)
+            return res.reply(500, { error: err });
+
           geocode_filler(event);
           res.reply(200, 'Event modified', {
             event: event_output_filter(event)
@@ -114,6 +120,10 @@ module.exports = function (init) {
             s3.delete(picture);
           }
           res.reply(200, 'Event deleted');
+        }).error(function (err) {
+          res.reply( 500, {
+            error: err
+          });
         });
       }, true);
     },
@@ -176,9 +186,13 @@ module.exports = function (init) {
           }
           event.updateAttributes({
             picture: s3.url(f)
-          }).success(cb);
+          }).success(function (event) {
+            cb(null, event);
+          }).error(function (err) {
+            cb(err);
+          });
         });
-      else cb(event);
+      else cb(null, event);
     }
   }
 
@@ -400,11 +414,19 @@ module.exports = function (init) {
             offset: page * limit,
             events: events
           }, isAdmin);
+        }).error(function (err) {
+          res.reply(500, {
+            error: err
+          });
         });
       } else Event.all().success(function (events) {
         _reply_events({
           events: events
         }, isAdmin);
+      }).error(function (err) {
+        res.reply(500, {
+          error: err
+        });
       });
     }
     if (req.session.username || requireAdmin)