diff options
author | Arjun Satarkar <me@arjunsatarkar.net> | 2023-08-04 00:17:14 +0000 |
---|---|---|
committer | Arjun Satarkar <me@arjunsatarkar.net> | 2023-08-04 00:17:14 +0000 |
commit | 5f9bc570696c6b8deb465d273bf539c92ad4afbf (patch) | |
tree | ebe6502a3b0a49b37d371a2486dee0a6305d2ea0 | |
parent | 8728aef0b53677d1198e0e3e65207710a02aa9dc (diff) | |
download | tagrss-5f9bc570696c6b8deb465d273bf539c92ad4afbf.tar tagrss-5f9bc570696c6b8deb465d273bf539c92ad4afbf.tar.gz tagrss-5f9bc570696c6b8deb465d273bf539c92ad4afbf.zip |
Do more user input validation
-rwxr-xr-x | serve.py | 12 | ||||
-rw-r--r-- | tagrss.py | 22 |
2 files changed, 25 insertions, 9 deletions
@@ -210,13 +210,19 @@ def add_feed_effect(): def manage_feed_view(): try: feed_id_raw: str = bottle.request.query["feed"] # type: ignore - feed_id: int = int(feed_id_raw) except KeyError: raise bottle.HTTPError(400, "Feed ID not given.") + try: + feed_id: int = int(feed_id_raw) + except ValueError: + raise bottle.HTTPError(400, f'"{feed_id_raw}" is not a valid feed ID.') feed: dict[str, typing.Any] = {} feed["id"] = feed_id - feed["source"] = core.get_feed_source(feed_id) - feed["title"] = core.get_feed_title(feed_id) + try: + feed["source"] = core.get_feed_source(feed_id) + feed["title"] = core.get_feed_title(feed_id) + except tagrss.FeedDoesNotExistError: + raise bottle.HTTPError(404, f"No feed has ID {feed_id}.") feed["tags"] = core.get_feed_tags(feed_id) feed["serialised_tags"] = serialise_tags(feed["tags"]) return bottle.template("manage_feed", feed=feed) @@ -38,6 +38,10 @@ class SqliteMissingForeignKeySupportError(StorageError): pass +class FeedDoesNotExistError(StorageError): + pass + + class FeedFetchError(Exception): def __init__( self, @@ -233,15 +237,21 @@ class SqliteStorageProvider(StorageProvider): def get_feed_source(self, feed_id: FeedId) -> str: with self.__get_connection(use_transaction=False) as conn: - return conn.execute( - "SELECT source FROM feeds WHERE id = ?;", (feed_id,) - ).fetchone()[0] + try: + return conn.execute( + "SELECT source FROM feeds WHERE id = ?;", (feed_id,) + ).fetchone()[0] + except TypeError: + raise FeedDoesNotExistError def get_feed_title(self, feed_id: FeedId) -> str: with self.__get_connection(use_transaction=False) as conn: - return conn.execute( - "SELECT title FROM feeds WHERE id = ?;", (feed_id,) - ).fetchone()[0] + try: + return conn.execute( + "SELECT title FROM feeds WHERE id = ?;", (feed_id,) + ).fetchone()[0] + except TypeError: + raise FeedDoesNotExistError def get_feed_tags(self, feed_id: FeedId) -> list[str]: with self.__get_connection(use_transaction=False) as conn: |