From 2b7bcd9d68ef5fe103bb1114471732c259c7d456 Mon Sep 17 00:00:00 2001 From: Eric Barbour Date: Aug 10 2016 18:33:19 +0000 Subject: Force idx to be an int in hub routes * Also except ValueError on idx in get_widget --- diff --git a/hubs/app.py b/hubs/app.py index 0007f66..067a3ad 100755 --- a/hubs/app.py +++ b/hubs/app.py @@ -363,16 +363,16 @@ def hub_add_widget_post(name): 'hubs.html', hub=hub, session=session, edit=True) -@app.route('///') -@app.route('//') +@app.route('///') +@app.route('//') def widget_render(hub, idx): widget = get_widget(session, hub, idx) return widget.render(session) # , edit=False) # was blocking all widgets from working, sorry! -@app.route('///json') -@app.route('///json/') +@app.route('///json') +@app.route('///json/') def widget_json(hub, idx): widget = get_widget(session, hub, idx) response = flask.jsonify(widget.__json__(session)) @@ -380,8 +380,8 @@ def widget_json(hub, idx): return response -@app.route('///edit/', methods=['GET', 'POST']) -@app.route('///edit', methods=['GET', 'POST']) +@app.route('///edit/', methods=['GET', 'POST']) +@app.route('///edit', methods=['GET', 'POST']) def widget_edit(hub, idx): if flask.request.method == 'POST': return widget_edit_post(hub, idx) @@ -432,8 +432,8 @@ def widget_edit_post(hub, idx): return flask.redirect(flask.url_for('hub', name=hub)) -@app.route('///delete/', methods=['POST']) -@app.route('///delete', methods=['POST']) +@app.route('///delete/', methods=['POST']) +@app.route('///delete', methods=['POST']) def widget_edit_delete(hub, idx): ''' Remove a widget from a hub. ''' widget = get_widget(session, hub, idx) @@ -592,7 +592,7 @@ def get_widget(session, hub, idx): """ Utility shorthand to get a widget and 404 if not found. """ try: idx = int(idx) - except TypeError: + except (TypeError, ValueError): flask.abort(404) hub = get_hub(session, hub)