Mercurial > p > roundup > code

diff roundup/cgi/actions.py @ 5097:156cbc1d182c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Validate values for Integer and Numeric type filter parameters rather than passing output down to db level. Initial patch at: http://hg.python.org/tracker/roundup/rev/98508a47c126 by Martin.V.Loewis. Numeric test patch applied, Integer code and tests developed by John Rouillard.
author John Rouillard <rouilj@ieee.org>
date Sat, 25 Jun 2016 22:28:19 -0400
parents 9954a358da18
children 748ba87e1aca
line wrap: on
line diff
--- a/roundup/cgi/actions.py	Sat Jun 25 20:10:03 2016 -0400
+++ b/roundup/cgi/actions.py	Sat Jun 25 22:28:19 2016 -0400
@@ -247,6 +247,20 @@
                         # replace the single value with the split list
                         for v in l:
                             self.form.value.append(cgi.MiniFieldStorage(key, v))
+                elif isinstance(prop, hyperdb.Number):
+                    try:
+                        float(self.form[key].value)
+                    except ValueError:
+                        raise exceptions.FormError, "Invalid number: "+self.form[key].value
+                elif isinstance(prop, hyperdb.Integer):
+                    try:
+                        val=self.form[key].value
+                        if ( str(int(val)) == val ):
+                            pass
+                        else:
+                            raise ValueError
+                    except ValueError:
+                        raise exceptions.FormError, "Invalid integer: "+val
 
             self.form.value.append(cgi.MiniFieldStorage('@filter', key))
Roundup Issue Tracker: http://roundup-tracker.org/