Changeset 262

Timestamp:

08/25/08 18:14:07 (3 months ago)

Author:

akaihola

Message:

[threadedtopics] Added a bit of validation.

Files:

• trunk/threadedtopics/templatetags/threadedtopicstags.py (modified) (1 diff)

trunk/threadedtopics/templatetags/threadedtopicstags.py

@@ -122 +122 @@
         get_dict = self.get_dict.resolve(context)
         get_param_name = self.get_param_name.resolve(context)
-        topic_id_strings = get_dict.getlist(get_param_name)
+
+        # validate topic IDs: only integers and 'add' allowed
+        topic_id_strings = [s for s in get_dict.getlist(get_param_name)
+                            if s.isdigit() or s == 'add']
+
         context[self.add_open_varname] = 'add' in topic_id_strings
         topic_ids = [int(s) for s in topic_id_strings if s and s != 'add']