From a1f7609653d60de4bfd58109b480be38abb787b7 Mon Sep 17 00:00:00 2001
From: Robert Sparks <rjsparks@nostrum.com>
Date: Wed, 19 Feb 2020 16:39:08 -0600
Subject: [PATCH] Improve validation of a value taken directly from a GET.

---
 ietf/blog/models.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ietf/blog/models.py b/ietf/blog/models.py
index 6044f35f..7bed4f53 100644
--- a/ietf/blog/models.py
+++ b/ietf/blog/models.py
@@ -3,6 +3,7 @@
 
 from django.db import models
 from django.db.models.functions import Coalesce
+from django.http import Http404
 from django.shortcuts import redirect, get_object_or_404
 from django.core.exceptions import ObjectDoesNotExist
 from django.utils import functional
@@ -279,6 +280,10 @@ def serve(self, request, *args, **kwargs):
         if not topic_id:
             topic_id = request.GET.get('secondary_topic') # For legacy URI support
         if topic_id:
+            try:
+                topic_id = int(topic_id)
+            except ValueError:
+                raise Http404
             filter_topic = get_object_or_404(Topic,id=topic_id)
             query_string_segments=[]
             for parameter, function in parameter_functions_map.items():