From 27f6615a18e0cf203d6b47015a9587aad0f4c3fc Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Tue, 23 May 2023 15:52:48 -0400
Subject: [PATCH] edge cases

---
 catalog/views.py  | 8 ++++++--
 journal/models.py | 1 +
 journal/views.py  | 5 ++++-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/catalog/views.py b/catalog/views.py
index 128e32a8..b3ce9bbb 100644
--- a/catalog/views.py
+++ b/catalog/views.py
@@ -125,7 +125,9 @@ def retrieve(request, item_path, item_uuid):
 @login_required
 def create(request, item_model):
     if request.method == "GET":
-        form_cls = CatalogForms[item_model]
+        form_cls = CatalogForms.get(item_model)
+        if not form_cls:
+            raise BadRequest()
         form = form_cls()
         return render(
             request,
@@ -135,7 +137,9 @@ def create(request, item_model):
             },
         )
     elif request.method == "POST":
-        form_cls = CatalogForms[item_model]
+        form_cls = CatalogForms.get(item_model)
+        if not form_cls:
+            raise BadRequest()
         form = form_cls(request.POST, request.FILES)
         if form.is_valid():
             form.instance.last_editor = request.user
diff --git a/journal/models.py b/journal/models.py
index f8da76eb..534ca186 100644
--- a/journal/models.py
+++ b/journal/models.py
@@ -926,6 +926,7 @@ class Tag(List):
     @staticmethod
     def cleanup_title(title, replace=True):
         t = title.strip().lower()
+        # t = re.sub(r"\W", "_", title.strip().lower())
         return "_" if not title and replace else t
 
 
diff --git a/journal/views.py b/journal/views.py
index 8cc7ddd7..623aafab 100644
--- a/journal/views.py
+++ b/journal/views.py
@@ -447,7 +447,10 @@ def collection_update_member_order(request, collection_uuid):
     collection = get_object_or_404(Collection, uid=get_uuid_or_404(collection_uuid))
     if not collection.is_editable_by(request.user):
         raise PermissionDenied()
-    ordered_member_ids = [int(i) for i in request.POST.get("member_ids").split(",")]
+    ids = request.POST.get("member_ids", "").strip()
+    if not ids:
+        raise BadRequest()
+    ordered_member_ids = [int(i) for i in ids.split(",")]
     collection.update_member_order(ordered_member_ids)
     return collection_retrieve_items(request, collection_uuid, True)