[Mpuls-commits] r5653 - base/trunk/mpulsweb/lib
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Nov 24 15:35:27 CET 2011
Author: bh
Date: 2011-11-24 15:35:26 +0100 (Thu, 24 Nov 2011)
New Revision: 5653
Modified:
base/trunk/mpulsweb/lib/validators.py
Log:
Validate type_ending as list of ints in EvaluationFormValidator.
This prevents an SQL injection in the
EvaluateController.type_ending_clause method in some mpuls applications
(WASKA, WASKA3 and WASKO).
Modified: base/trunk/mpulsweb/lib/validators.py
===================================================================
--- base/trunk/mpulsweb/lib/validators.py 2011-11-24 14:32:52 UTC (rev 5652)
+++ base/trunk/mpulsweb/lib/validators.py 2011-11-24 14:35:26 UTC (rev 5653)
@@ -693,7 +693,7 @@
month_style='dd.mm.jjjj')
typelist = ForEach(String(), convert_to_list=True)
- type_ending = ForEach(String(), convert_to_list=True)
+ type_ending = ForEach(Int(), convert_to_list=True)
phase = ForEach(String(), convert_to_list=True)
show_percent = Bool(if_missing=False)
selected_ids = Wrapper(to_python=lambda s: [int(item)
More information about the Mpuls-commits
mailing list