Fix exception on badly-formed query string

This commit is contained in:
rubenwardy 2019-11-17 21:40:32 +00:00
parent a7d22973ff
commit 3f666d2302
3 changed files with 11 additions and 4 deletions

@ -52,8 +52,8 @@ def list_all():
if qb.search and topic: if qb.search and topic:
return redirect("https://forum.minetest.net/viewtopic.php?t=" + str(topic.topic_id)) return redirect("https://forum.minetest.net/viewtopic.php?t=" + str(topic.topic_id))
page = int(request.args.get("page") or 1) page = get_int_or_abort(request.args.get("page"), 1)
num = min(40, int(request.args.get("n") or 100)) num = min(40, get_int_or_abort(request.args.get("n"), 100))
query = query.paginate(page, num, True) query = query.paginate(page, num, True)
search = request.args.get("q") search = request.args.get("q")

@ -19,6 +19,7 @@ from flask_user import *
import flask_menu as menu import flask_menu as menu
from app.models import * from app.models import *
from app.querybuilder import QueryBuilder from app.querybuilder import QueryBuilder
from app.utils import get_int_or_abort
bp = Blueprint("todo", __name__) bp = Blueprint("todo", __name__)
@ -82,8 +83,8 @@ def topics():
total = tmp_q.count() total = tmp_q.count()
topic_count = query.count() topic_count = query.count()
page = int(request.args.get("page") or 1) page = get_int_or_abort(request.args.get("page"), 1)
num = int(request.args.get("n") or 100) num = get_int_or_abort(request.args.get("n"), 100)
if num > 100 and not current_user.rank.atLeast(UserRank.EDITOR): if num > 100 and not current_user.rank.atLeast(UserRank.EDITOR):
num = 100 num = 100

@ -22,6 +22,12 @@ from app.models import *
from app import app from app import app
import random, string, os, imghdr import random, string, os, imghdr
def get_int_or_abort(v, default):
try:
return int(v or default)
except ValueError:
abort(400)
def getExtension(filename): def getExtension(filename):
return filename.rsplit(".", 1)[1].lower() if "." in filename else None return filename.rsplit(".", 1)[1].lower() if "." in filename else None