kallithea Changeset - 6b176c679896

Changeset - 6b176c679896

Parent rev.

Child rev.

[Not reviewed]

beta

0 9 0

Marcin Kuzminski - 13 years ago 2012-09-17 22:17:25
marcin@python-works.com

failsafe the GET `page` argument

9 files changed with 36 insertions and 11 deletions:

rhodecode/controllers/admin/admin.py

rhodecode/controllers/admin/notifications.py

rhodecode/controllers/changelog.py

rhodecode/controllers/followers.py

rhodecode/controllers/forks.py

rhodecode/controllers/journal.py

rhodecode/controllers/search.py

rhodecode/controllers/shortlog.py

rhodecode/lib/utils2.py

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/admin.py

➞

Show inline comments

@@ @@ -32,6 +32,7 @@ from webhelpers.paginate import Page @@
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import UserLog
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
@@ @@ -50,7 +51,7 @@ class AdminController(BaseController): @@
                 .options(joinedload(UserLog.repository))\
                 .order_by(UserLog.action_date.desc())
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         c.users_log = Page(users_log, page=p, items_per_page=10)
         c.log_data = render('admin/admin_log.html')

rhodecode/controllers/admin/notifications.py

➞

Show inline comments

@@ @@ -39,6 +39,7 @@ from rhodecode.model.notification import @@
 from rhodecode.lib.auth import LoginRequired, NotAnonymous
 from rhodecode.lib import helpers as h
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
@@ @@ -62,7 +63,8 @@ class NotificationsController(BaseContro @@
         c.user = self.rhodecode_user
         notif = NotificationModel().get_for_user(self.rhodecode_user.user_id,
                                             filter_=request.GET.getall('type'))
         p = int(request.params.get('page', 1))
         p = safe_int(request.params.get('page', 1), 1)
         c.notifications = Page(notif, page=p, items_per_page=10)
         c.pull_request_type = Notification.TYPE_PULL_REQUEST
         c.comment_type = [Notification.TYPE_CHANGESET_COMMENT,

rhodecode/controllers/changelog.py

➞

Show inline comments

@@ @@ -37,6 +37,7 @@ from rhodecode.lib.helpers import RepoPa @@
 from rhodecode.lib.compat import json
 from rhodecode.lib.graphmod import _colored, _dagwalker
 from rhodecode.lib.vcs.exceptions import RepositoryError, ChangesetDoesNotExistError
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
@@ @@ -65,7 +66,7 @@ class ChangelogController(BaseRepoContro @@
             c.size = int(session.get('changelog_size', default))
         # min size must be 1
         c.size = max(c.size, 1)
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         branch_name = request.params.get('branch', None)
         try:
             if branch_name:

rhodecode/controllers/followers.py

➞

Show inline comments

@@ @@ -30,6 +30,7 @@ from rhodecode.lib.helpers import Page @@
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.model.db import Repository, User, UserFollowing
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
@@ @@ -43,7 +44,7 @@ class FollowersController(BaseRepoContro @@
         super(FollowersController, self).__before__()
     def followers(self, repo_name):
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         repo_id = c.rhodecode_db_repo.repo_id
         d = UserFollowing.get_repo_followers(repo_id)\
             .order_by(UserFollowing.follows_from)

rhodecode/controllers/forks.py

➞

Show inline comments

@@ @@ -42,6 +42,7 @@ from rhodecode.model.db import Repositor @@
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.forms import RepoForkForm
 from rhodecode.model.scm import ScmModel
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
@@ @@ -105,7 +106,7 @@ class ForksController(BaseRepoController @@
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     def forks(self, repo_name):
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         repo_id = c.rhodecode_db_repo.repo_id
         d = []
         for r in Repository.get_repo_forks(repo_id):

rhodecode/controllers/journal.py

➞

Show inline comments

@@ @@ -41,6 +41,7 @@ from rhodecode.model.db import UserLog, @@
 from rhodecode.model.meta import Session
 from sqlalchemy.sql.expression import func
 from rhodecode.model.scm import ScmModel
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
@@ @@ -57,7 +58,7 @@ class JournalController(BaseController): @@
     @NotAnonymous()
     def index(self):
         # Return a rendered template
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         c.user = User.get(self.rhodecode_user.user_id)
         all_repos = self.sa.query(Repository)\
@@ @@ -177,7 +178,7 @@ class JournalController(BaseController): @@
     @LoginRequired()
     def public_journal(self):
         # Return a rendered template
-        p = int(request.params.get('page', 1))
+        p = safe_int(request.params.get('page', 1), 1)
         c.following = self.sa.query(UserFollowing)\
             .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\

rhodecode/controllers/search.py

➞

Show inline comments

@@ @@ -40,7 +40,7 @@ from whoosh.index import open_dir, Empty @@
 from whoosh.qparser import QueryParser, QueryParserError
 from whoosh.query import Phrase, Wildcard, Term, Prefix
 from rhodecode.model.repo import RepoModel
 from rhodecode.lib.utils2 import safe_str
+from rhodecode.lib.utils2 import safe_str, safe_int
 log = logging.getLogger(__name__)
@@ @@ -83,7 +83,7 @@ class SearchController(BaseController): @@
             log.debug(cur_query)
         if c.cur_query:
-            p = int(request.params.get('page', 1))
+            p = safe_int(request.params.get('page', 1), 1)
             highlight_items = set()
             try:
                 idx = open_dir(config['app_conf']['index_dir'],

rhodecode/controllers/shortlog.py

➞

Show inline comments

@@ @@ -31,6 +31,7 @@ from rhodecode.lib.auth import LoginRequ @@
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.lib.helpers import RepoPage
 from pylons.controllers.util import redirect
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
@@ @@ -44,8 +45,8 @@ class ShortlogController(BaseRepoControl @@
         super(ShortlogController, self).__before__()
     def index(self, repo_name):
         p = int(request.params.get('page', 1))
         size = int(request.params.get('size', 20))
         p = safe_int(request.params.get('page', 1), 1)
         size = safe_int(request.params.get('size', 20), 20)
         def url_generator(**kw):
             return url('shortlog_home', repo_name=repo_name, size=size, **kw)

rhodecode/lib/utils2.py

➞

Show inline comments

@@ @@ -147,6 +147,23 @@ def generate_api_key(username, salt=None @@
     return hashlib.sha1(username + salt).hexdigest()
 def safe_int(val, default=None):
     """
     Returns int() of val if val is not convertable to int use default
     instead
     :param val:
     :param default:
     """
     try:
         val = int(val)
     except ValueError:
         val = default
     return val
 def safe_unicode(str_, from_encoding=None):
     """
     safe unicode function. Does few trick to turn str_ into unicode

0 comments (0 inline, 0 general)