[Python-checkins] r65359 - tracker/roundup-src/roundup/cgi/actions.py
martin.v.loewis
python-checkins at python.org
Fri Aug 1 07:10:47 CEST 2008
Author: martin.v.loewis
Date: Fri Aug 1 07:10:46 2008
New Revision: 65359
Log:
Validate CSV export request.
Modified:
tracker/roundup-src/roundup/cgi/actions.py
Modified: tracker/roundup-src/roundup/cgi/actions.py
==============================================================================
--- tracker/roundup-src/roundup/cgi/actions.py (original)
+++ tracker/roundup-src/roundup/cgi/actions.py Fri Aug 1 07:10:46 2008
@@ -974,6 +974,14 @@
columns = request.columns
klass = self.db.getclass(request.classname)
+ # validate the request
+ allprops = klass.getprops()
+ for c in filterspec.keys() + columns + [x[1] for x in group + sort]:
+ if not allprops.has_key(c):
+ # Can't use FormError, since that would try to use
+ # the same bogus field specs
+ raise exceptions.SeriousError, "Property %s does not exist" % c
+
# full-text search
if request.search_text:
matches = self.db.indexer.search(
More information about the Python-checkins
mailing list