fedora-hubs

Clone

#248 Handle exception thrown from /<name>/somestring.
Merged 7 years ago by atelic. Opened 7 years ago by atelic.
atelic/fedora-hubs fix/int-exception  into  develop

Force idx to be an int in hub routes
Eric Barbour • 7 years ago  
2b7bcd9
file modified
+9 -9 
@@ -363,16 +363,16 @@ 
 

          'hubs.html', hub=hub, session=session, edit=True)
 

  

  

- @app.route('/<hub>/<idx>/')
 

- @app.route('/<hub>/<idx>')
 

+ @app.route('/<hub>/<int:idx>/')
 

+ @app.route('/<hub>/<int:idx>')
 

  def widget_render(hub, idx):
 

      widget = get_widget(session, hub, idx)
 

      return widget.render(session)  # , edit=False)
 

      # was blocking all widgets from working, sorry!
 

  

  

- @app.route('/<hub>/<idx>/json')
 

- @app.route('/<hub>/<idx>/json/')
 

+ @app.route('/<hub>/<int:idx>/json')
 

+ @app.route('/<hub>/<int:idx>/json/')
 

  def widget_json(hub, idx):
 

      widget = get_widget(session, hub, idx)
 

      response = flask.jsonify(widget.__json__(session))
 
@@ -380,8 +380,8 @@ 
 

      return response
 

  

  

- @app.route('/<hub>/<idx>/edit/', methods=['GET', 'POST'])
 

- @app.route('/<hub>/<idx>/edit', methods=['GET', 'POST'])
 

+ @app.route('/<hub>/<int:idx>/edit/', methods=['GET', 'POST'])
 

+ @app.route('/<hub>/<int:idx>/edit', methods=['GET', 'POST'])
 

  def widget_edit(hub, idx):
 

      if flask.request.method == 'POST':
 

          return widget_edit_post(hub, idx)
 
@@ -432,8 +432,8 @@ 
 

      return flask.redirect(flask.url_for('hub', name=hub))
 

  

  

- @app.route('/<hub>/<idx>/delete/', methods=['POST'])
 

- @app.route('/<hub>/<idx>/delete', methods=['POST'])
 

+ @app.route('/<hub>/<int:idx>/delete/', methods=['POST'])
 

+ @app.route('/<hub>/<int:idx>/delete', methods=['POST'])
 

  def widget_edit_delete(hub, idx):
 

      ''' Remove a widget from a hub. '''
 

      widget = get_widget(session, hub, idx)
 
@@ -592,7 +592,7 @@ 
 

      """ Utility shorthand to get a widget and 404 if not found. """
 

      try:
 

          idx = int(idx)
 

-     except TypeError:
 

+     except (TypeError, ValueError):
 

          flask.abort(404)
 

  

      hub = get_hub(session, hub)

Calling int() on a string raises a ValueError, return 404 instead.

I'm :thumbsup: to the change but a little surprised on how we trigger this, since the only case I can think of is if idx is None

This was triggered from some dev data in fmn.sse where the img src attribute was not a full url and was trying to make a GET to /<name>/fake_image.png.

This is just a preventative measure so if we somehow get a messed up url from the streaming server, it doesn't crash the app.

Another way we could re-enforce our app is by specifying that idx must be an int in the routing, for example at https://pagure.io/fork/atelic/fedora-hubs/blob/fix/int-exception/f/hubs/app.py#_366 put <int:idx> in the routing itself :)

@pingou might as well change all the routes to use <int:idx>

@skrzepto that was my proposal indeed :)

rebased
7 years ago

:thumbsup: for me

Do we want to go belt and suspenders and add the original fix as well?

rebased
7 years ago

Why not?

Still looking good to me :)

Pull-Request has been merged by atelic
7 years ago
Metadata
None
No Tags
Changes Summary 1
+9 -9
file changed
hubs/app.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.