# HG changeset patch # User Marcin Kuzminski # Date 1347913045 -7200 # Node ID 6b176c679896edf038505c7f60f42acc238ed775 # Parent 7b0f803229be5df0730db10d94c6865102bf54bd failsafe the GET `page` argument diff -r 7b0f803229be -r 6b176c679896 rhodecode/controllers/admin/admin.py --- a/rhodecode/controllers/admin/admin.py Mon Sep 17 21:26:32 2012 +0200 +++ b/rhodecode/controllers/admin/admin.py Mon Sep 17 22:17:25 2012 +0200 @@ -32,6 +32,7 @@ from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator from rhodecode.lib.base import BaseController, render from rhodecode.model.db import UserLog +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -50,7 +51,7 @@ .options(joinedload(UserLog.repository))\ .order_by(UserLog.action_date.desc()) - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) c.users_log = Page(users_log, page=p, items_per_page=10) c.log_data = render('admin/admin_log.html') diff -r 7b0f803229be -r 6b176c679896 rhodecode/controllers/admin/notifications.py --- a/rhodecode/controllers/admin/notifications.py Mon Sep 17 21:26:32 2012 +0200 +++ b/rhodecode/controllers/admin/notifications.py Mon Sep 17 22:17:25 2012 +0200 @@ -39,6 +39,7 @@ from rhodecode.lib.auth import LoginRequired, NotAnonymous from rhodecode.lib import helpers as h from rhodecode.model.meta import Session +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -62,7 +63,8 @@ c.user = self.rhodecode_user notif = NotificationModel().get_for_user(self.rhodecode_user.user_id, filter_=request.GET.getall('type')) - p = int(request.params.get('page', 1)) + + p = safe_int(request.params.get('page', 1), 1) c.notifications = Page(notif, page=p, items_per_page=10) c.pull_request_type = Notification.TYPE_PULL_REQUEST c.comment_type = [Notification.TYPE_CHANGESET_COMMENT, diff -r 7b0f803229be -r 6b176c679896 rhodecode/controllers/changelog.py --- a/rhodecode/controllers/changelog.py Mon Sep 17 21:26:32 2012 +0200 +++ b/rhodecode/controllers/changelog.py Mon Sep 17 22:17:25 2012 +0200 @@ -37,6 +37,7 @@ from rhodecode.lib.compat import json from rhodecode.lib.graphmod import _colored, _dagwalker from rhodecode.lib.vcs.exceptions import RepositoryError, ChangesetDoesNotExistError +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -65,7 +66,7 @@ c.size = int(session.get('changelog_size', default)) # min size must be 1 c.size = max(c.size, 1) - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) branch_name = request.params.get('branch', None) try: if branch_name: diff -r 7b0f803229be -r 6b176c679896 rhodecode/controllers/followers.py --- a/rhodecode/controllers/followers.py Mon Sep 17 21:26:32 2012 +0200 +++ b/rhodecode/controllers/followers.py Mon Sep 17 22:17:25 2012 +0200 @@ -30,6 +30,7 @@ from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator from rhodecode.lib.base import BaseRepoController, render from rhodecode.model.db import Repository, User, UserFollowing +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -43,7 +44,7 @@ super(FollowersController, self).__before__() def followers(self, repo_name): - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) repo_id = c.rhodecode_db_repo.repo_id d = UserFollowing.get_repo_followers(repo_id)\ .order_by(UserFollowing.follows_from) diff -r 7b0f803229be -r 6b176c679896 rhodecode/controllers/forks.py --- a/rhodecode/controllers/forks.py Mon Sep 17 21:26:32 2012 +0200 +++ b/rhodecode/controllers/forks.py Mon Sep 17 22:17:25 2012 +0200 @@ -42,6 +42,7 @@ from rhodecode.model.repo import RepoModel from rhodecode.model.forms import RepoForkForm from rhodecode.model.scm import ScmModel +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -105,7 +106,7 @@ @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', 'repository.admin') def forks(self, repo_name): - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) repo_id = c.rhodecode_db_repo.repo_id d = [] for r in Repository.get_repo_forks(repo_id): diff -r 7b0f803229be -r 6b176c679896 rhodecode/controllers/journal.py --- a/rhodecode/controllers/journal.py Mon Sep 17 21:26:32 2012 +0200 +++ b/rhodecode/controllers/journal.py Mon Sep 17 22:17:25 2012 +0200 @@ -41,6 +41,7 @@ from rhodecode.model.meta import Session from sqlalchemy.sql.expression import func from rhodecode.model.scm import ScmModel +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -57,7 +58,7 @@ @NotAnonymous() def index(self): # Return a rendered template - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) c.user = User.get(self.rhodecode_user.user_id) all_repos = self.sa.query(Repository)\ @@ -177,7 +178,7 @@ @LoginRequired() def public_journal(self): # Return a rendered template - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) c.following = self.sa.query(UserFollowing)\ .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\ diff -r 7b0f803229be -r 6b176c679896 rhodecode/controllers/search.py --- a/rhodecode/controllers/search.py Mon Sep 17 21:26:32 2012 +0200 +++ b/rhodecode/controllers/search.py Mon Sep 17 22:17:25 2012 +0200 @@ -40,7 +40,7 @@ from whoosh.qparser import QueryParser, QueryParserError from whoosh.query import Phrase, Wildcard, Term, Prefix from rhodecode.model.repo import RepoModel -from rhodecode.lib.utils2 import safe_str +from rhodecode.lib.utils2 import safe_str, safe_int log = logging.getLogger(__name__) @@ -83,7 +83,7 @@ log.debug(cur_query) if c.cur_query: - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) highlight_items = set() try: idx = open_dir(config['app_conf']['index_dir'], diff -r 7b0f803229be -r 6b176c679896 rhodecode/controllers/shortlog.py --- a/rhodecode/controllers/shortlog.py Mon Sep 17 21:26:32 2012 +0200 +++ b/rhodecode/controllers/shortlog.py Mon Sep 17 22:17:25 2012 +0200 @@ -31,6 +31,7 @@ from rhodecode.lib.base import BaseRepoController, render from rhodecode.lib.helpers import RepoPage from pylons.controllers.util import redirect +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -44,8 +45,8 @@ super(ShortlogController, self).__before__() def index(self, repo_name): - p = int(request.params.get('page', 1)) - size = int(request.params.get('size', 20)) + p = safe_int(request.params.get('page', 1), 1) + size = safe_int(request.params.get('size', 20), 20) def url_generator(**kw): return url('shortlog_home', repo_name=repo_name, size=size, **kw) diff -r 7b0f803229be -r 6b176c679896 rhodecode/lib/utils2.py --- a/rhodecode/lib/utils2.py Mon Sep 17 21:26:32 2012 +0200 +++ b/rhodecode/lib/utils2.py Mon Sep 17 22:17:25 2012 +0200 @@ -147,6 +147,23 @@ return hashlib.sha1(username + salt).hexdigest() +def safe_int(val, default=None): + """ + Returns int() of val if val is not convertable to int use default + instead + + :param val: + :param default: + """ + + try: + val = int(val) + except ValueError: + val = default + + return val + + def safe_unicode(str_, from_encoding=None): """ safe unicode function. Does few trick to turn str_ into unicode