# HG changeset patch # User Marcin Kuzminski # Date 2012-10-19 21:44:35 # Node ID f53faff4487ed10558fc4311d418327ec4b7dbaf # Parent d0c2299d08d4ca0cd51a56942da5373b95d361aa get_or_404 method does validation for ID beeing an INT diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py --- a/rhodecode/model/db.py +++ b/rhodecode/model/db.py @@ -118,11 +118,15 @@ class BaseModel(object): @classmethod def get_or_404(cls, id_): - if id_: - res = cls.query().get(id_) - if not res: - raise HTTPNotFound - return res + try: + id_ = int(id_) + except (TypeError, ValueError): + raise HTTPNotFound + + res = cls.query().get(id_) + if not res: + raise HTTPNotFound + return res @classmethod def getAll(cls):