From 093b21fc310bf2b435ea56892d08afa1f2f0cb64 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@designcreateplay.com>
Date: Thu, 18 Aug 2016 10:05:52 -0400
Subject: [PATCH] fixes #4954

---
 public/language/en_GB/global.json |  4 +++-
 src/controllers/index.js          | 31 ++++++++++++++++++++++++++++++-
 src/routes/index.js               |  1 +
 src/views/400.tpl                 |  4 ++++
 4 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 src/views/400.tpl

diff --git a/public/language/en_GB/global.json b/public/language/en_GB/global.json
index 6641c28261..b8cadf0bc6 100644
--- a/public/language/en_GB/global.json
+++ b/public/language/en_GB/global.json
@@ -7,8 +7,10 @@
 	"403.login": "Perhaps you should <a href='%1/login'>try logging in</a>?",
 	"404.title": "Not Found",
 	"404.message": "You seem to have stumbled upon a page that does not exist. Return to the <a href='%1/'>home page</a>.",
-	"500.title": "Internal error.",
+	"500.title": "Internal Error.",
 	"500.message": "Oops! Looks like something went wrong!",
+	"400.title": "Bad Request.",
+	"400.message": "It looks like this link is malformed, please double-check and try again. Otherwise, return to the <a href='%1/'>home page</a>.",
 
 	"register": "Register",
 	"login": "Login",
diff --git a/src/controllers/index.js b/src/controllers/index.js
index 10076846df..253c5ffe43 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -381,6 +381,35 @@ Controllers.handle404 = function(req, res) {
 	}
 };
 
+Controllers.handleURIErrors = function(err, req, res, next) {
+	// Handle cases where malformed URIs are passed in
+	if (err instanceof URIError) {
+		var tidMatch = req.path.match(/^\/topic\/(\d+)\//);
+		var cidMatch = req.path.match(/^\/category\/(\d+)\//);
+
+		if (tidMatch) {
+			res.redirect(nconf.get('relative_path') + tidMatch[0]);
+		} else if (cidMatch) {
+			res.redirect(nconf.get('relative_path') + cidMatch[0]);
+		} else {
+			winston.warn('[controller] Bad request: ' + req.path);
+			if (res.locals.isAPI) {
+				res.status(400).json({
+					error: '[[global:400.title]]'
+				});
+			} else {
+				req.app.locals.middleware.buildHeader(req, res, function() {
+					res.render('400', { error: validator.escape(String(err.message)) });
+				});
+			}
+		}
+
+		return;
+	} else {
+		next();
+	}
+};
+
 Controllers.handleErrors = function(err, req, res, next) {
 	switch (err.code) {
 		case 'EBADCSRFTOKEN':
@@ -403,7 +432,7 @@ Controllers.handleErrors = function(err, req, res, next) {
 		res.json({path: validator.escape(path), error: err.message});
 	} else {
 		req.app.locals.middleware.buildHeader(req, res, function() {
-			res.render('500', {path: validator.escape(path), error: validator.escape(String(err.message))});
+			res.render('500', { path: validator.escape(path), error: validator.escape(String(err.message)) });
 		});
 	}
 };
diff --git a/src/routes/index.js b/src/routes/index.js
index 1e51f5d59e..3415aaf145 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -153,6 +153,7 @@ module.exports = function(app, middleware, hotswapIds) {
 	}));
 	app.use('/vendor/jquery/timeago/locales', middleware.processTimeagoLocales);
 	app.use(controllers.handle404);
+	app.use(controllers.handleURIErrors);
 	app.use(controllers.handleErrors);
 
 	// Add plugin routes
diff --git a/src/views/400.tpl b/src/views/400.tpl
new file mode 100644
index 0000000000..9c263fcff1
--- /dev/null
+++ b/src/views/400.tpl
@@ -0,0 +1,4 @@
+<div class="alert alert-danger">
+	<strong>[[global:400.title]]</strong>
+	<p>[[global:400.message, {config.relative_path}]]</p>
+</div>