# HG changeset patch # User Marcin Kuzminski # Date 2017-02-07 12:16:15 # Node ID cbdeb8723038579ad79136b4f666cacaa5b4aa29 # Parent 1948964e882a2cbc4b14204fcb4dc6bebabc17d8 api: cleanup sessions enforce older_then must be a valid INT. diff --git a/rhodecode/api/views/server_api.py b/rhodecode/api/views/server_api.py --- a/rhodecode/api/views/server_api.py +++ b/rhodecode/api/views/server_api.py @@ -28,6 +28,7 @@ from rhodecode.api.utils import ( from rhodecode.lib.utils import repo2db_mapper from rhodecode.lib import system_info from rhodecode.lib import user_sessions +from rhodecode.lib.utils2 import safe_int from rhodecode.model.db import UserIpMap from rhodecode.model.scm import ScmModel @@ -223,7 +224,7 @@ def cleanup_sessions(request, apiuser, o if not has_superadmin_permission(apiuser): raise JSONRPCForbidden() - older_then = Optional.extract(older_then) + older_then = safe_int(Optional.extract(older_then)) or 60 older_than_seconds = 60 * 60 * 24 * older_then config = system_info.rhodecode_config().get_value()['value']['config']