Improve validation of a value taken directly from a GET.

ietf-tools · Feb 19, 2020 · a1f7609 · a1f7609
1 parent 6013e06
commit a1f7609
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/ietf/blog/models.py b/ietf/blog/models.py
@@ -3,6 +3,7 @@
 
 from django.db import models
 from django.db.models.functions import Coalesce
+from django.http import Http404
 from django.shortcuts import redirect, get_object_or_404
 from django.core.exceptions import ObjectDoesNotExist
 from django.utils import functional
@@ -279,6 +280,10 @@ def serve(self, request, *args, **kwargs):
         if not topic_id:
             topic_id = request.GET.get('secondary_topic') # For legacy URI support
         if topic_id:
+            try:
+                topic_id = int(topic_id)
+            except ValueError:
+                raise Http404
             filter_topic = get_object_or_404(Topic,id=topic_id)
             query_string_segments=[]
             for parameter, function in parameter_functions_map.items():