You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@steve.apache.org by hu...@apache.org on 2015/03/22 19:18:07 UTC

svn commit: r1668427 - /steve/trunk/pytest/www/cgi-bin/rest_admin.py

Author: humbedooh
Date: Sun Mar 22 18:18:07 2015
New Revision: 1668427

URL: http://svn.apache.org/r1668427
Log:
cleanups, validate election and issue ids

Modified:
    steve/trunk/pytest/www/cgi-bin/rest_admin.py

Modified: steve/trunk/pytest/www/cgi-bin/rest_admin.py
URL: http://svn.apache.org/viewvc/steve/trunk/pytest/www/cgi-bin/rest_admin.py?rev=1668427&r1=1668426&r2=1668427&view=diff
==============================================================================
--- steve/trunk/pytest/www/cgi-bin/rest_admin.py (original)
+++ steve/trunk/pytest/www/cgi-bin/rest_admin.py Sun Mar 22 18:18:07 2015
@@ -60,6 +60,10 @@ else:
             l.pop(0)
         action = l[0]
         electionID = l[1] if len(l) > 1 else None
+        if electionID:
+            if re.search(r"([^A-Za-z0-9-.])", electionID):
+                response.respond(400, {'message': "Invalid election ID supplied, must be [A-Za-z0-9-.]+"})
+                sys.exit(0) # BAIL!
  
         # List all existing/previous elections?
         if action == "list":
@@ -127,6 +131,8 @@ else:
                     issue = l[2] if len(l) > 2 else None
                     if not issue:
                         response.respond(400, {'message': 'No issue ID specified'})
+                    elif re.search(r"([^A-Za-z0-9-.])", issue):
+                        response.respond(400, {'message': "Invalid issue ID supplied, must be [A-Za-z0-9-.]+"})
                     else:
                         issuepath = os.path.join(homedir, "issues", electionID, issue)
                         if os.path.isfile(issuepath + ".json"):