fix security issue OWASP-BLT#1552

website/views.py

@@ -1989,7 +1989,10 @@ def get_score(request):
 
 
 def comment_on_issue(request, issue_pk):
-
+    try:
+        issue_pk = int(issue_pk)
+    except ValueError:
+        raise Http404("Issue does not exist")
     issue = Issue.objects.filter(pk=issue_pk).first()
 
     if request.method == "POST" and isinstance(request.user,User):
@@ -2008,10 +2011,7 @@ def comment_on_issue(request, issue_pk):
 
             if parent_comment == None:
                 messages.error(request,"Parent comment doesn't exist.")
-                if isinstance(issue_pk, int):  # Check if issue_pk is an integer
-                    return redirect(f"/issue2/{issue_pk}")
-                else:
-                    raise Http404("Issue does not exist")
+                return redirect(f"/issue2/{issue_pk}")
 
             Comment.objects.create(
                 parent = parent_comment,