rhodecode-enterprise-ce Commit - r3751:c36477cc

bookmarks: Add extra checks for bogus data in bookmarks repo/repo group ids passed.

marcink -

r3751:c36477cc new-ui

parent child

rhodecode/apps/my_account/views/my_account.py

0 +2 -2

                     default_redirect_url = ''
                     # save repo
-                    if entry.get('bookmark_repo'):
+                    if entry.get('bookmark_repo') and safe_int(entry.get('bookmark_repo')):
                         repo = Repository.get(entry['bookmark_repo'])
                         perm_check = HasRepoPermissionAny(
                             'repository.read', 'repository.write', 'repository.admin')
                             should_save = True
                             default_redirect_url = '${repo_url}'
                     # save repo group
-                    elif entry.get('bookmark_repo_group'):
+                    elif entry.get('bookmark_repo_group') and safe_int(entry.get('bookmark_repo_group')):
                         repo_group = RepoGroup.get(entry['bookmark_repo_group'])
                         perm_check = HasRepoGroupPermissionAny(
                             'group.read', 'group.write', 'group.admin')

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages