[Python-checkins] r70404 - tracker/roundup-src/roundup/cgi/actions.py
martin.v.loewis
python-checkins at python.org
Sun Mar 15 23:09:15 CET 2009
Author: martin.v.loewis
Date: Sun Mar 15 23:09:15 2009
New Revision: 70404
Log:
Reapply r65359:
Validate CSV export request.
Modified:
tracker/roundup-src/roundup/cgi/actions.py
Modified: tracker/roundup-src/roundup/cgi/actions.py
==============================================================================
--- tracker/roundup-src/roundup/cgi/actions.py (original)
+++ tracker/roundup-src/roundup/cgi/actions.py Sun Mar 15 23:09:15 2009
@@ -1010,6 +1010,14 @@
columns = request.columns
klass = self.db.getclass(request.classname)
+ # validate the request
+ allprops = klass.getprops()
+ for c in filterspec.keys() + columns + [x[1] for x in group + sort]:
+ if not allprops.has_key(c):
+ # Can't use FormError, since that would try to use
+ # the same bogus field specs
+ raise exceptions.SeriousError, "Property %s does not exist" % c
+
# full-text search
if request.search_text:
matches = self.db.indexer.search(
More information about the Python-checkins
mailing list