diff --git a/rhodecode/controllers/admin/admin.py b/rhodecode/controllers/admin/admin.py --- a/rhodecode/controllers/admin/admin.py +++ b/rhodecode/controllers/admin/admin.py @@ -32,6 +32,7 @@ from webhelpers.paginate import Page from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator from rhodecode.lib.base import BaseController, render from rhodecode.model.db import UserLog +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -50,7 +51,7 @@ class AdminController(BaseController): .options(joinedload(UserLog.repository))\ .order_by(UserLog.action_date.desc()) - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) c.users_log = Page(users_log, page=p, items_per_page=10) c.log_data = render('admin/admin_log.html') diff --git a/rhodecode/controllers/admin/notifications.py b/rhodecode/controllers/admin/notifications.py --- a/rhodecode/controllers/admin/notifications.py +++ b/rhodecode/controllers/admin/notifications.py @@ -39,6 +39,7 @@ from rhodecode.model.notification import from rhodecode.lib.auth import LoginRequired, NotAnonymous from rhodecode.lib import helpers as h from rhodecode.model.meta import Session +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -62,7 +63,8 @@ class NotificationsController(BaseContro c.user = self.rhodecode_user notif = NotificationModel().get_for_user(self.rhodecode_user.user_id, filter_=request.GET.getall('type')) - p = int(request.params.get('page', 1)) + + p = safe_int(request.params.get('page', 1), 1) c.notifications = Page(notif, page=p, items_per_page=10) c.pull_request_type = Notification.TYPE_PULL_REQUEST c.comment_type = [Notification.TYPE_CHANGESET_COMMENT, diff --git a/rhodecode/controllers/changelog.py b/rhodecode/controllers/changelog.py --- a/rhodecode/controllers/changelog.py +++ b/rhodecode/controllers/changelog.py @@ -37,6 +37,7 @@ from rhodecode.lib.helpers import RepoPa from rhodecode.lib.compat import json from rhodecode.lib.graphmod import _colored, _dagwalker from rhodecode.lib.vcs.exceptions import RepositoryError, ChangesetDoesNotExistError +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -65,7 +66,7 @@ class ChangelogController(BaseRepoContro c.size = int(session.get('changelog_size', default)) # min size must be 1 c.size = max(c.size, 1) - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) branch_name = request.params.get('branch', None) try: if branch_name: diff --git a/rhodecode/controllers/followers.py b/rhodecode/controllers/followers.py --- a/rhodecode/controllers/followers.py +++ b/rhodecode/controllers/followers.py @@ -30,6 +30,7 @@ from rhodecode.lib.helpers import Page from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator from rhodecode.lib.base import BaseRepoController, render from rhodecode.model.db import Repository, User, UserFollowing +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -43,7 +44,7 @@ class FollowersController(BaseRepoContro super(FollowersController, self).__before__() def followers(self, repo_name): - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) repo_id = c.rhodecode_db_repo.repo_id d = UserFollowing.get_repo_followers(repo_id)\ .order_by(UserFollowing.follows_from) diff --git a/rhodecode/controllers/forks.py b/rhodecode/controllers/forks.py --- a/rhodecode/controllers/forks.py +++ b/rhodecode/controllers/forks.py @@ -42,6 +42,7 @@ from rhodecode.model.db import Repositor from rhodecode.model.repo import RepoModel from rhodecode.model.forms import RepoForkForm from rhodecode.model.scm import ScmModel +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -105,7 +106,7 @@ class ForksController(BaseRepoController @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', 'repository.admin') def forks(self, repo_name): - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) repo_id = c.rhodecode_db_repo.repo_id d = [] for r in Repository.get_repo_forks(repo_id): diff --git a/rhodecode/controllers/journal.py b/rhodecode/controllers/journal.py --- a/rhodecode/controllers/journal.py +++ b/rhodecode/controllers/journal.py @@ -41,6 +41,7 @@ from rhodecode.model.db import UserLog, from rhodecode.model.meta import Session from sqlalchemy.sql.expression import func from rhodecode.model.scm import ScmModel +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -57,7 +58,7 @@ class JournalController(BaseController): @NotAnonymous() def index(self): # Return a rendered template - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) c.user = User.get(self.rhodecode_user.user_id) all_repos = self.sa.query(Repository)\ @@ -177,7 +178,7 @@ class JournalController(BaseController): @LoginRequired() def public_journal(self): # Return a rendered template - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) c.following = self.sa.query(UserFollowing)\ .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\ diff --git a/rhodecode/controllers/search.py b/rhodecode/controllers/search.py --- a/rhodecode/controllers/search.py +++ b/rhodecode/controllers/search.py @@ -40,7 +40,7 @@ from whoosh.index import open_dir, Empty from whoosh.qparser import QueryParser, QueryParserError from whoosh.query import Phrase, Wildcard, Term, Prefix from rhodecode.model.repo import RepoModel -from rhodecode.lib.utils2 import safe_str +from rhodecode.lib.utils2 import safe_str, safe_int log = logging.getLogger(__name__) @@ -83,7 +83,7 @@ class SearchController(BaseController): log.debug(cur_query) if c.cur_query: - p = int(request.params.get('page', 1)) + p = safe_int(request.params.get('page', 1), 1) highlight_items = set() try: idx = open_dir(config['app_conf']['index_dir'], diff --git a/rhodecode/controllers/shortlog.py b/rhodecode/controllers/shortlog.py --- a/rhodecode/controllers/shortlog.py +++ b/rhodecode/controllers/shortlog.py @@ -31,6 +31,7 @@ from rhodecode.lib.auth import LoginRequ from rhodecode.lib.base import BaseRepoController, render from rhodecode.lib.helpers import RepoPage from pylons.controllers.util import redirect +from rhodecode.lib.utils2 import safe_int log = logging.getLogger(__name__) @@ -44,8 +45,8 @@ class ShortlogController(BaseRepoControl super(ShortlogController, self).__before__() def index(self, repo_name): - p = int(request.params.get('page', 1)) - size = int(request.params.get('size', 20)) + p = safe_int(request.params.get('page', 1), 1) + size = safe_int(request.params.get('size', 20), 20) def url_generator(**kw): return url('shortlog_home', repo_name=repo_name, size=size, **kw) diff --git a/rhodecode/lib/utils2.py b/rhodecode/lib/utils2.py --- a/rhodecode/lib/utils2.py +++ b/rhodecode/lib/utils2.py @@ -147,6 +147,23 @@ def generate_api_key(username, salt=None return hashlib.sha1(username + salt).hexdigest() +def safe_int(val, default=None): + """ + Returns int() of val if val is not convertable to int use default + instead + + :param val: + :param default: + """ + + try: + val = int(val) + except ValueError: + val = default + + return val + + def safe_unicode(str_, from_encoding=None): """ safe unicode function. Does few trick to turn str_ into unicode