# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2019-06-16 16:03:24
# Node ID c36477cc4337f3f1a287a6467a19bb852a13e774
# Parent  200520681cc3fda7ba62c4dbdb0bbeef408b23e3

bookmarks: Add extra checks for bogus data in bookmarks repo/repo group ids passed.

diff --git a/rhodecode/apps/my_account/views/my_account.py b/rhodecode/apps/my_account/views/my_account.py
--- a/rhodecode/apps/my_account/views/my_account.py
+++ b/rhodecode/apps/my_account/views/my_account.py
@@ -423,7 +423,7 @@ class MyAccountView(BaseAppView, DataGri
         default_redirect_url = ''
 
         # save repo
-        if entry.get('bookmark_repo'):
+        if entry.get('bookmark_repo') and safe_int(entry.get('bookmark_repo')):
             repo = Repository.get(entry['bookmark_repo'])
             perm_check = HasRepoPermissionAny(
                 'repository.read', 'repository.write', 'repository.admin')
@@ -432,7 +432,7 @@ class MyAccountView(BaseAppView, DataGri
                 should_save = True
                 default_redirect_url = '${repo_url}'
         # save repo group
-        elif entry.get('bookmark_repo_group'):
+        elif entry.get('bookmark_repo_group') and safe_int(entry.get('bookmark_repo_group')):
             repo_group = RepoGroup.get(entry['bookmark_repo_group'])
             perm_check = HasRepoGroupPermissionAny(
                 'group.read', 'group.write', 'group.admin')