48k.eu-mirror
/
ogcp
mirror of https://git.48k.eu/ogcp
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

views: fix folder/update validation 

Validate request parameters before accessing the dictionary values.
Prevent web backtrace.
master
Alejandro Sirgo Rica 2024-06-13 15:53:52 +02:00
parent 5d9780e8d8
commit 509d0e8dcf
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ogcp/views.py
View File

@ -1427,12 +1427,12 @@ def action_folder_update():
return redirect(url_for("scopes"))
else:
params = request.args.to_dict()
folder_id = int(params.get('folder'))
if not folder_id:
if not 'folder' in params:
flash(_('Please, select a folder to modify'), category='error')
return redirect(url_for('scopes'))
folder_id = int(params.get('folder'))
scopes, clients = get_scopes()
folder = find_element_scope(folder_id, 'folder', scopes)
form.server.data = params['scope-server']