kallithea Changeset - cf7d952c292f

Changeset - cf7d952c292f

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Mads Kiilerich - 9 years ago 2016-07-28 16:28:34
madski@unity3d.com

diff: make sure context parameter is an integer

Prevent Abort in mdiff on malformed URLs.

3 files changed with 5 insertions and 5 deletions:

kallithea/controllers/compare.py

kallithea/controllers/files.py

kallithea/controllers/pullrequests.py

0 comments (0 inline, 0 general)

kallithea/controllers/compare.py

➞

Show inline comments

@@ @@ -34,7 +34,7 @@ from pylons import request, tmpl_context @@
 from pylons.i18n.translation import _
 from webob.exc import HTTPFound, HTTPBadRequest
 from kallithea.lib.utils2 import safe_str
+from kallithea.lib.utils2 import safe_str, safe_int
 from kallithea.lib.vcs.utils.hgcompat import unionrepo
 from kallithea.lib import helpers as h
 from kallithea.lib.base import BaseRepoController, render
@@ @@ -201,7 +201,7 @@ class CompareController(BaseRepoControll @@
         c.ignorews_url = _ignorews_url
         c.context_url = _context_url
         ignore_whitespace = request.GET.get('ignorews') == '1'
         line_context = request.GET.get('context', 3)
+        line_context = safe_int(request.GET.get('context'), 3)
         org_repo = Repository.get_by_repo_name(org_repo)
         other_repo = Repository.get_by_repo_name(other_repo)

kallithea/controllers/files.py

➞

Show inline comments

@@ @@ -42,7 +42,7 @@ from kallithea.lib import helpers as h @@
 from kallithea.lib.compat import OrderedDict
 from kallithea.lib.utils2 import convert_line_endings, detect_mode, safe_str, \
     str2bool
+    str2bool, safe_int
 from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
 from kallithea.lib.base import BaseRepoController, render
 from kallithea.lib.vcs.backends.base import EmptyChangeset
@@ @@ -598,7 +598,7 @@ class FilesController(BaseRepoController @@
                                    'repository.admin')
     def diff(self, repo_name, f_path):
         ignore_whitespace = request.GET.get('ignorews') == '1'
         line_context = request.GET.get('context', 3)
+        line_context = safe_int(request.GET.get('context'), 3)
         diff2 = request.GET.get('diff2', '')
         diff1 = request.GET.get('diff1', '') or diff2
         c.action = request.GET.get('diff')

kallithea/controllers/pullrequests.py

➞

Show inline comments

@@ @@ -659,7 +659,7 @@ class PullrequestsController(BaseRepoCon @@
         c.statuses = c.cs_repo.statuses(raw_ids)
         ignore_whitespace = request.GET.get('ignorews') == '1'
         line_context = request.GET.get('context', 3)
+        line_context = safe_int(request.GET.get('context'), 3)
         c.ignorews_url = _ignorews_url
         c.context_url = _context_url
         c.fulldiff = request.GET.get('fulldiff')

0 comments (0 inline, 0 general)