external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(fastapi): sanitize PP/O parameters for package search

Browse source 
This definitely leaked through in more areas. We'll need to reuse
this new utility function in a few other routes in upcoming commits.

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2021-10-29 20:26:57 -07:00
parent 8dcdc7ff38
commit 7f4c011dc3
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
3 changed files with 24 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

7
aurweb/routers/packages.py
View file

@ -30,8 +30,11 @@ async def packages_get(request: Request, context: Dict[str, Any],
context["q"] = dict(request.query_params)
# Per page and offset.
per_page = context["PP"] = int(request.query_params.get("PP", 50))
offset = context["O"] = int(request.query_params.get("O", 0))
offset, per_page = util.sanitize_params(
request.query_params.get("O", defaults.O),
request.query_params.get("PP", defaults.PP))
context["O"] = offset
context["PP"] = per_page
# Query search by.
search_by = context["SeB"] = request.query_params.get("SeB", "nd")