[Python-checkins] r70404 - tracker/roundup-src/roundup/cgi/actions.py

martin.v.loewis python-checkins at python.org
Sun Mar 15 23:09:15 CET 2009

• Previous message: [Python-checkins] r70403 - tracker/roundup-src/roundup/cgi/client.py
• Next message: [Python-checkins] r70405 - python/trunk/Lib/Queue.py
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Author: martin.v.loewis
Date: Sun Mar 15 23:09:15 2009
New Revision: 70404
Log:
Reapply r65359:
Validate CSV export request.
Modified:
 tracker/roundup-src/roundup/cgi/actions.py
Modified: tracker/roundup-src/roundup/cgi/actions.py
==============================================================================
--- tracker/roundup-src/roundup/cgi/actions.py	(original)
+++ tracker/roundup-src/roundup/cgi/actions.py	Sun Mar 15 23:09:15 2009
@@ -1010,6 +1010,14 @@
 columns = request.columns
 klass = self.db.getclass(request.classname)
 
+ # validate the request
+ allprops = klass.getprops()
+ for c in filterspec.keys() + columns + [x[1] for x in group + sort]:
+ if not allprops.has_key(c):
+ # Can't use FormError, since that would try to use
+ # the same bogus field specs
+ raise exceptions.SeriousError, "Property %s does not exist" % c
+
 # full-text search
 if request.search_text:
 matches = self.db.indexer.search(

---

• Previous message: [Python-checkins] r70403 - tracker/roundup-src/roundup/cgi/client.py
• Next message: [Python-checkins] r70405 - python/trunk/Lib/Queue.py
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list