Mercurial > kallithea
changeset 6028:cf7d952c292f
diff: make sure context parameter is an integer
Prevent Abort in mdiff on malformed URLs.
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Thu, 28 Jul 2016 16:28:34 +0200 |
parents | 7d258b3fbc49 |
children | fb64046d02c2 |
files | kallithea/controllers/compare.py kallithea/controllers/files.py kallithea/controllers/pullrequests.py |
diffstat | 3 files changed, 5 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/compare.py Thu Jul 28 16:28:34 2016 +0200 +++ b/kallithea/controllers/compare.py Thu Jul 28 16:28:34 2016 +0200 @@ -34,7 +34,7 @@ from pylons.i18n.translation import _ from webob.exc import HTTPFound, HTTPBadRequest -from kallithea.lib.utils2 import safe_str +from kallithea.lib.utils2 import safe_str, safe_int from kallithea.lib.vcs.utils.hgcompat import unionrepo from kallithea.lib import helpers as h from kallithea.lib.base import BaseRepoController, render @@ -201,7 +201,7 @@ c.ignorews_url = _ignorews_url c.context_url = _context_url ignore_whitespace = request.GET.get('ignorews') == '1' - line_context = request.GET.get('context', 3) + line_context = safe_int(request.GET.get('context'), 3) org_repo = Repository.get_by_repo_name(org_repo) other_repo = Repository.get_by_repo_name(other_repo)
--- a/kallithea/controllers/files.py Thu Jul 28 16:28:34 2016 +0200 +++ b/kallithea/controllers/files.py Thu Jul 28 16:28:34 2016 +0200 @@ -42,7 +42,7 @@ from kallithea.lib.compat import OrderedDict from kallithea.lib.utils2 import convert_line_endings, detect_mode, safe_str, \ - str2bool + str2bool, safe_int from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator from kallithea.lib.base import BaseRepoController, render from kallithea.lib.vcs.backends.base import EmptyChangeset @@ -598,7 +598,7 @@ 'repository.admin') def diff(self, repo_name, f_path): ignore_whitespace = request.GET.get('ignorews') == '1' - line_context = request.GET.get('context', 3) + line_context = safe_int(request.GET.get('context'), 3) diff2 = request.GET.get('diff2', '') diff1 = request.GET.get('diff1', '') or diff2 c.action = request.GET.get('diff')
--- a/kallithea/controllers/pullrequests.py Thu Jul 28 16:28:34 2016 +0200 +++ b/kallithea/controllers/pullrequests.py Thu Jul 28 16:28:34 2016 +0200 @@ -659,7 +659,7 @@ c.statuses = c.cs_repo.statuses(raw_ids) ignore_whitespace = request.GET.get('ignorews') == '1' - line_context = request.GET.get('context', 3) + line_context = safe_int(request.GET.get('context'), 3) c.ignorews_url = _ignorews_url c.context_url = _context_url c.fulldiff = request.GET.get('fulldiff')