diff options
| -rw-r--r-- | app/blueprints/packages/packages.py | 4 | ||||
| -rw-r--r-- | app/blueprints/todo/__init__.py | 5 | ||||
| -rw-r--r-- | app/utils.py | 6 |
3 files changed, 11 insertions, 4 deletions
diff --git a/app/blueprints/packages/packages.py b/app/blueprints/packages/packages.py index 1cc2f26..4e1e3af 100644 --- a/app/blueprints/packages/packages.py +++ b/app/blueprints/packages/packages.py @@ -52,8 +52,8 @@ def list_all(): if qb.search and topic: return redirect("https://forum.minetest.net/viewtopic.php?t=" + str(topic.topic_id)) - page = int(request.args.get("page") or 1) - num = min(40, int(request.args.get("n") or 100)) + page = get_int_or_abort(request.args.get("page"), 1) + num = min(40, get_int_or_abort(request.args.get("n"), 100)) query = query.paginate(page, num, True) search = request.args.get("q") diff --git a/app/blueprints/todo/__init__.py b/app/blueprints/todo/__init__.py index f4f818a..7cd9ee9 100644 --- a/app/blueprints/todo/__init__.py +++ b/app/blueprints/todo/__init__.py @@ -19,6 +19,7 @@ from flask_user import * import flask_menu as menu from app.models import * from app.querybuilder import QueryBuilder +from app.utils import get_int_or_abort bp = Blueprint("todo", __name__) @@ -82,8 +83,8 @@ def topics(): total = tmp_q.count() topic_count = query.count() - page = int(request.args.get("page") or 1) - num = int(request.args.get("n") or 100) + page = get_int_or_abort(request.args.get("page"), 1) + num = get_int_or_abort(request.args.get("n"), 100) if num > 100 and not current_user.rank.atLeast(UserRank.EDITOR): num = 100 diff --git a/app/utils.py b/app/utils.py index fd36392..102219d 100644 --- a/app/utils.py +++ b/app/utils.py @@ -22,6 +22,12 @@ from app.models import * from app import app import random, string, os, imghdr +def get_int_or_abort(v, default): + try: + return int(v or default) + except ValueError: + abort(400) + def getExtension(filename): return filename.rsplit(".", 1)[1].lower() if "." in filename else None |