You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@steve.apache.org by hu...@apache.org on 2015/03/22 19:18:07 UTC
svn commit: r1668427 - /steve/trunk/pytest/www/cgi-bin/rest_admin.py
Author: humbedooh
Date: Sun Mar 22 18:18:07 2015
New Revision: 1668427
URL: http://svn.apache.org/r1668427
Log:
cleanups, validate election and issue ids
Modified:
steve/trunk/pytest/www/cgi-bin/rest_admin.py
Modified: steve/trunk/pytest/www/cgi-bin/rest_admin.py
URL: http://svn.apache.org/viewvc/steve/trunk/pytest/www/cgi-bin/rest_admin.py?rev=1668427&r1=1668426&r2=1668427&view=diff
==============================================================================
--- steve/trunk/pytest/www/cgi-bin/rest_admin.py (original)
+++ steve/trunk/pytest/www/cgi-bin/rest_admin.py Sun Mar 22 18:18:07 2015
@@ -60,6 +60,10 @@ else:
l.pop(0)
action = l[0]
electionID = l[1] if len(l) > 1 else None
+ if electionID:
+ if re.search(r"([^A-Za-z0-9-.])", electionID):
+ response.respond(400, {'message': "Invalid election ID supplied, must be [A-Za-z0-9-.]+"})
+ sys.exit(0) # BAIL!
# List all existing/previous elections?
if action == "list":
@@ -127,6 +131,8 @@ else:
issue = l[2] if len(l) > 2 else None
if not issue:
response.respond(400, {'message': 'No issue ID specified'})
+ elif re.search(r"([^A-Za-z0-9-.])", issue):
+ response.respond(400, {'message': "Invalid issue ID supplied, must be [A-Za-z0-9-.]+"})
else:
issuepath = os.path.join(homedir, "issues", electionID, issue)
if os.path.isfile(issuepath + ".json"):