From 3a63a651a01fbe863febc011321ec4c54d24474a Mon Sep 17 00:00:00 2001 From: girst Date: Fri, 13 Aug 2021 20:02:08 +0200 Subject: [PATCH] avoid int(request.args.get('page')) this throws a ValueError when ?page=abc. the replacement returns a default value, or None instead. --- app/__init__.py | 5 ++++- app/browse/__init__.py | 10 +++++----- app/reddit/__init__.py | 2 +- app/youtube/__init__.py | 2 +- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/app/__init__.py b/app/__init__.py index 78de744..4fa9f9f 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -18,11 +18,14 @@ for name in cf['frontend']['modules'].split(','): # TODO: move this somewhere else @app.template_global() def querystring_page(fields): + def try_int(i): + try: int(i) + except: None tmp = dict(request.args) for field,what in fields.items(): if type(what) is tuple: (plusminus, default) = what - tmp[field] = int(tmp.get(field) or str(default)) + plusminus + tmp[field] = (try_int(tmp.get(field)) or int(default)) + plusminus elif type(what) is type(None): if field in tmp: del tmp[field] else: diff --git a/app/browse/__init__.py b/app/browse/__init__.py index cf9805d..22c19b5 100644 --- a/app/browse/__init__.py +++ b/app/browse/__init__.py @@ -18,7 +18,7 @@ frontend = Blueprint('browse', __name__, def search(): #token = getattr(current_user, 'token', 'guest') q = request.args.get('q') or request.args.get('search_query') - page = int(request.args.get('page') or 1) + page = request.args.get('page', 1, type=int) sp = make_sp(page, **{ k:v for k,v in request.args.items() @@ -48,16 +48,16 @@ def search(): def channel(channel_id, subpage="videos"): token = getattr(current_user, 'token', 'guest') if subpage == "videos": - page = int(request.args.get('page') or 1) + page = request.args.get('page', 1, type=int) sort_by = request.args.get('sort') or "newest" query = None elif subpage == "playlists": - page = int(request.args.get('page') or 1) + page = request.args.get('page', 1, type=int) sort_by = request.args.get('sort', "modified") query = None elif subpage == "search": query = request.args.get('q') - page = int(request.args.get('page') or 1) + page = request.args.get('page', 1, type=int) sort_by = None else: # we don't support /home, /about, ..., so redirect to /videos. return redirect(url_for('.channel', channel_id=channel_id)) @@ -135,7 +135,7 @@ def playlist(): playlist_id = request.args.get('list') if not playlist_id: raise BadRequest("No playlist ID") - page = int(request.args.get('page', 1)) + page = request.args.get('page', 1, type=int) xmlfeed = fetch_xml("playlist_id", playlist_id) if not xmlfeed: diff --git a/app/reddit/__init__.py b/app/reddit/__init__.py index 3bea039..61932c4 100644 --- a/app/reddit/__init__.py +++ b/app/reddit/__init__.py @@ -15,7 +15,7 @@ frontend = Blueprint('reddit', __name__, @frontend.route('/r//') def reddit(subreddit=None): token = getattr(current_user, 'token', 'guest') - count = int(request.args.get('count', 0)) + count = request.args.get('count', 0, type=int) before = request.args.get('before') after = request.args.get('after') diff --git a/app/youtube/__init__.py b/app/youtube/__init__.py index 4eb606c..97ac0c9 100644 --- a/app/youtube/__init__.py +++ b/app/youtube/__init__.py @@ -30,7 +30,7 @@ def feed(): flash(cf['frontend']['welcome_message'], "welcome") else: token = current_user.token - page = int(request.args.get('page', 0)) + page = request.args.get('page', 0, type=int) with sqlite3.connect(cf['global']['database']) as conn: c = conn.cursor() c.execute(""" -- 2.39.3