kallithea Changeset - 6b176c679896

Changeset - 6b176c679896

Parent rev.

Child rev.

[Not reviewed]

beta

0 9 0

Marcin Kuzminski - 13 years ago 2012-09-17 22:17:25
marcin@python-works.com

failsafe the GET `page` argument

9 files changed with 36 insertions and 11 deletions:

rhodecode/controllers/admin/admin.py

rhodecode/controllers/admin/notifications.py

rhodecode/controllers/changelog.py

rhodecode/controllers/followers.py

rhodecode/controllers/forks.py

rhodecode/controllers/journal.py

rhodecode/controllers/search.py

rhodecode/controllers/shortlog.py

rhodecode/lib/utils2.py

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/admin.py

➞

Show inline comments

@@ @@ -29,12 +29,13 @@ from pylons import request, tmpl_context @@
 from sqlalchemy.orm import joinedload
 from webhelpers.paginate import Page
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import UserLog
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
 class AdminController(BaseController):
@@ @@ -47,13 +48,13 @@ class AdminController(BaseController): @@
         users_log = UserLog.query()\
                 .options(joinedload(UserLog.user))\
                 .options(joinedload(UserLog.repository))\
                 .order_by(UserLog.action_date.desc())
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         c.users_log = Page(users_log, page=p, items_per_page=10)
         c.log_data = render('admin/admin_log.html')
         if request.environ.get('HTTP_X_PARTIAL_XHR'):
             return c.log_data
         return render('admin/admin.html')

rhodecode/controllers/admin/notifications.py

➞

Show inline comments

@@ @@ -36,12 +36,13 @@ from rhodecode.lib.base import BaseContr @@
 from rhodecode.model.db import Notification
 from rhodecode.model.notification import NotificationModel
 from rhodecode.lib.auth import LoginRequired, NotAnonymous
 from rhodecode.lib import helpers as h
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
 class NotificationsController(BaseController):
@@ @@ -59,13 +60,14 @@ class NotificationsController(BaseContro @@
     def index(self, format='html'):
         """GET /_admin/notifications: All items in the collection"""
         # url('notifications')
         c.user = self.rhodecode_user
         notif = NotificationModel().get_for_user(self.rhodecode_user.user_id,
                                             filter_=request.GET.getall('type'))
         p = int(request.params.get('page', 1))
         p = safe_int(request.params.get('page', 1), 1)
         c.notifications = Page(notif, page=p, items_per_page=10)
         c.pull_request_type = Notification.TYPE_PULL_REQUEST
         c.comment_type = [Notification.TYPE_CHANGESET_COMMENT,
                           Notification.TYPE_PULL_REQUEST_COMMENT]
         _current_filter = request.GET.getall('type')

rhodecode/controllers/changelog.py

➞

Show inline comments

@@ @@ -34,12 +34,13 @@ import rhodecode.lib.helpers as h @@
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.lib.helpers import RepoPage
 from rhodecode.lib.compat import json
 from rhodecode.lib.graphmod import _colored, _dagwalker
 from rhodecode.lib.vcs.exceptions import RepositoryError, ChangesetDoesNotExistError
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
 class ChangelogController(BaseRepoController):
@@ @@ -62,13 +63,13 @@ class ChangelogController(BaseRepoContro @@
             session['changelog_size'] = c.size
             session.save()
         else:
             c.size = int(session.get('changelog_size', default))
         # min size must be 1
         c.size = max(c.size, 1)
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         branch_name = request.params.get('branch', None)
         try:
             if branch_name:
                 collection = [z for z in
                               c.rhodecode_repo.get_changesets(start=0,
                                                     branch_name=branch_name)]

rhodecode/controllers/followers.py

➞

Show inline comments

@@ @@ -27,12 +27,13 @@ import logging @@
 from pylons import tmpl_context as c, request
 from rhodecode.lib.helpers import Page
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.model.db import Repository, User, UserFollowing
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
 class FollowersController(BaseRepoController):
@@ @@ -40,13 +41,13 @@ class FollowersController(BaseRepoContro @@
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     def __before__(self):
         super(FollowersController, self).__before__()
     def followers(self, repo_name):
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         repo_id = c.rhodecode_db_repo.repo_id
         d = UserFollowing.get_repo_followers(repo_id)\
             .order_by(UserFollowing.follows_from)
         c.followers_pager = Page(d, page=p, items_per_page=20)
         c.followers_data = render('/followers/followers_data.html')

rhodecode/controllers/forks.py

➞

Show inline comments

@@ @@ -39,12 +39,13 @@ from rhodecode.lib.auth import LoginRequ @@
     HasPermissionAnyDecorator
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.forms import RepoForkForm
 from rhodecode.model.scm import ScmModel
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
 class ForksController(BaseRepoController):
@@ @@ -102,13 +103,13 @@ class ForksController(BaseRepoController @@
         defaults['repo_name'] = 'fork-' + defaults['repo_name']
         return defaults
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     def forks(self, repo_name):
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         repo_id = c.rhodecode_db_repo.repo_id
         d = []
         for r in Repository.get_repo_forks(repo_id):
             if not HasRepoPermissionAny(
                 'repository.read', 'repository.write', 'repository.admin'
             )(r.repo_name, 'get forks check'):

rhodecode/controllers/journal.py

➞

Show inline comments

@@ @@ -38,12 +38,13 @@ import rhodecode.lib.helpers as h @@
 from rhodecode.lib.auth import LoginRequired, NotAnonymous
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import UserLog, UserFollowing, Repository, User
 from rhodecode.model.meta import Session
 from sqlalchemy.sql.expression import func
 from rhodecode.model.scm import ScmModel
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
 class JournalController(BaseController):
@@ @@ -54,13 +55,13 @@ class JournalController(BaseController): @@
         self.feed_nr = 20
     @LoginRequired()
     @NotAnonymous()
     def index(self):
         # Return a rendered template
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         c.user = User.get(self.rhodecode_user.user_id)
         all_repos = self.sa.query(Repository)\
                      .filter(Repository.user_id == c.user.user_id)\
                      .order_by(func.lower(Repository.repo_name)).all()
@@ @@ -174,13 +175,13 @@ class JournalController(BaseController): @@
         log.debug('token mismatch %s vs %s' % (cur_token, token))
         raise HTTPBadRequest()
     @LoginRequired()
     def public_journal(self):
         # Return a rendered template
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         c.following = self.sa.query(UserFollowing)\
             .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\
             .options(joinedload(UserFollowing.follows_repository))\
             .all()

rhodecode/controllers/search.py

➞

Show inline comments

@@ @@ -37,13 +37,13 @@ from webhelpers.paginate import Page @@
 from webhelpers.util import update_params
 from whoosh.index import open_dir, EmptyIndexError
 from whoosh.qparser import QueryParser, QueryParserError
 from whoosh.query import Phrase, Wildcard, Term, Prefix
 from rhodecode.model.repo import RepoModel
 from rhodecode.lib.utils2 import safe_str
+from rhodecode.lib.utils2 import safe_str, safe_int
 log = logging.getLogger(__name__)
 class SearchController(BaseController):
@@ @@ -80,13 +80,13 @@ class SearchController(BaseController): @@
         if c.cur_query:
             cur_query = c.cur_query.lower()
             log.debug(cur_query)
         if c.cur_query:
-            p = int(request.params.get('page', 1))
+            p = safe_int(request.params.get('page', 1), 1)
             highlight_items = set()
             try:
                 idx = open_dir(config['app_conf']['index_dir'],
                                indexname=index_name)
                 searcher = idx.searcher()

rhodecode/controllers/shortlog.py

➞

Show inline comments

@@ @@ -28,12 +28,13 @@ import logging @@
 from pylons import tmpl_context as c, request, url
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.lib.helpers import RepoPage
 from pylons.controllers.util import redirect
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
 class ShortlogController(BaseRepoController):
@@ @@ -41,14 +42,14 @@ class ShortlogController(BaseRepoControl @@
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     def __before__(self):
         super(ShortlogController, self).__before__()
     def index(self, repo_name):
         p = int(request.params.get('page', 1))
         size = int(request.params.get('size', 20))
         p = safe_int(request.params.get('page', 1), 1)
         size = safe_int(request.params.get('size', 20), 20)
         def url_generator(**kw):
             return url('shortlog_home', repo_name=repo_name, size=size, **kw)
         c.repo_changesets = RepoPage(c.rhodecode_repo, page=p,
                                     items_per_page=size, url=url_generator)

rhodecode/lib/utils2.py

➞

Show inline comments

@@ @@ -144,12 +144,29 @@ def generate_api_key(username, salt=None @@
     if salt is None:
         salt = _RandomNameSequence().next()
     return hashlib.sha1(username + salt).hexdigest()
 def safe_int(val, default=None):
     """
     Returns int() of val if val is not convertable to int use default
     instead
     :param val:
     :param default:
     """
     try:
         val = int(val)
     except ValueError:
         val = default
     return val
 def safe_unicode(str_, from_encoding=None):
     """
     safe unicode function. Does few trick to turn str_ into unicode
     In case of UnicodeDecode error we try to return it with encoding detected
     by chardet library if it fails fallback to unicode with errors replaced

0 comments (0 inline, 0 general)