Patchwork [stable] hgweb: ignore non numeric "revcount" parameter values (issue4091)

login
register
mail settings
Submitter Isaac Jurado
Date Nov. 8, 2013, 8:48 a.m.
Message ID <b0666e2272d4cdd67927.1383900492@pepino.omniaccess.com>
Download mbox | patch
Permalink /patch/2887/
State Accepted
Commit 77acd8ce01ce9f8250ea78887d858cf2fbdeca36
Headers show

Comments

Isaac Jurado - Nov. 8, 2013, 8:48 a.m.
# HG changeset patch
# User Isaac Jurado <diptongo@gmail.com>
# Date 1383900481 -3600
#      Fri Nov 08 09:48:01 2013 +0100
# Branch stable
# Node ID b0666e2272d4cdd6792767c6ff96687dfa2aa097
# Parent  d825e4025e39d1c39db943cdc89818abd0a87c27
hgweb: ignore non numeric "revcount" parameter values (issue4091)
Matt Mackall - Nov. 22, 2013, 8:04 p.m.
On Fri, 2013-11-08 at 09:48 +0100, Isaac Jurado wrote:
> # HG changeset patch
> # User Isaac Jurado <diptongo@gmail.com>
> # Date 1383900481 -3600
> #      Fri Nov 08 09:48:01 2013 +0100
> # Branch stable
> # Node ID b0666e2272d4cdd6792767c6ff96687dfa2aa097
> # Parent  d825e4025e39d1c39db943cdc89818abd0a87c27
> hgweb: ignore non numeric "revcount" parameter values (issue4091)

Queued for stable, thanks.

Patch

diff --git a/mercurial/hgweb/webcommands.py b/mercurial/hgweb/webcommands.py
--- a/mercurial/hgweb/webcommands.py
+++ b/mercurial/hgweb/webcommands.py
@@ -228,9 +228,12 @@ 
     query = req.form['rev'][0]
     revcount = web.maxchanges
     if 'revcount' in req.form:
-        revcount = int(req.form.get('revcount', [revcount])[0])
-        revcount = max(revcount, 1)
-        tmpl.defaults['sessionvars']['revcount'] = revcount
+        try:
+            revcount = int(req.form.get('revcount', [revcount])[0])
+            revcount = max(revcount, 1)
+            tmpl.defaults['sessionvars']['revcount'] = revcount
+        except ValueError:
+            pass
 
     lessvars = copy.copy(tmpl.defaults['sessionvars'])
     lessvars['revcount'] = max(revcount / 2, 1)
@@ -307,9 +310,12 @@ 
 
     revcount = shortlog and web.maxshortchanges or web.maxchanges
     if 'revcount' in req.form:
-        revcount = int(req.form.get('revcount', [revcount])[0])
-        revcount = max(revcount, 1)
-        tmpl.defaults['sessionvars']['revcount'] = revcount
+        try:
+            revcount = int(req.form.get('revcount', [revcount])[0])
+            revcount = max(revcount, 1)
+            tmpl.defaults['sessionvars']['revcount'] = revcount
+        except ValueError:
+            pass
 
     lessvars = copy.copy(tmpl.defaults['sessionvars'])
     lessvars['revcount'] = max(revcount / 2, 1)
@@ -822,9 +828,12 @@ 
 
     revcount = web.maxshortchanges
     if 'revcount' in req.form:
-        revcount = int(req.form.get('revcount', [revcount])[0])
-        revcount = max(revcount, 1)
-        tmpl.defaults['sessionvars']['revcount'] = revcount
+        try:
+            revcount = int(req.form.get('revcount', [revcount])[0])
+            revcount = max(revcount, 1)
+            tmpl.defaults['sessionvars']['revcount'] = revcount
+        except ValueError:
+            pass
 
     lessvars = copy.copy(tmpl.defaults['sessionvars'])
     lessvars['revcount'] = max(revcount / 2, 1)
@@ -945,9 +954,12 @@ 
     bg_height = 39
     revcount = web.maxshortchanges
     if 'revcount' in req.form:
-        revcount = int(req.form.get('revcount', [revcount])[0])
-        revcount = max(revcount, 1)
-        tmpl.defaults['sessionvars']['revcount'] = revcount
+        try:
+            revcount = int(req.form.get('revcount', [revcount])[0])
+            revcount = max(revcount, 1)
+            tmpl.defaults['sessionvars']['revcount'] = revcount
+        except ValueError:
+            pass
 
     lessvars = copy.copy(tmpl.defaults['sessionvars'])
     lessvars['revcount'] = max(revcount / 2, 1)