# HG changeset patch # User Isaac Jurado # Date 1383900481 -3600 # Node ID 77acd8ce01ce9f8250ea78887d858cf2fbdeca36 # Parent faa4b3fc4197e5ba6a6051adf5632bfd39ad5b9d hgweb: ignore non numeric "revcount" parameter values (issue4091) diff -r faa4b3fc4197 -r 77acd8ce01ce mercurial/hgweb/webcommands.py --- a/mercurial/hgweb/webcommands.py Thu Nov 21 11:30:52 2013 -0600 +++ b/mercurial/hgweb/webcommands.py Fri Nov 08 09:48:01 2013 +0100 @@ -228,9 +228,12 @@ query = req.form['rev'][0] revcount = web.maxchanges if 'revcount' in req.form: - revcount = int(req.form.get('revcount', [revcount])[0]) - revcount = max(revcount, 1) - tmpl.defaults['sessionvars']['revcount'] = revcount + try: + revcount = int(req.form.get('revcount', [revcount])[0]) + revcount = max(revcount, 1) + tmpl.defaults['sessionvars']['revcount'] = revcount + except ValueError: + pass lessvars = copy.copy(tmpl.defaults['sessionvars']) lessvars['revcount'] = max(revcount / 2, 1) @@ -307,9 +310,12 @@ revcount = shortlog and web.maxshortchanges or web.maxchanges if 'revcount' in req.form: - revcount = int(req.form.get('revcount', [revcount])[0]) - revcount = max(revcount, 1) - tmpl.defaults['sessionvars']['revcount'] = revcount + try: + revcount = int(req.form.get('revcount', [revcount])[0]) + revcount = max(revcount, 1) + tmpl.defaults['sessionvars']['revcount'] = revcount + except ValueError: + pass lessvars = copy.copy(tmpl.defaults['sessionvars']) lessvars['revcount'] = max(revcount / 2, 1) @@ -822,9 +828,12 @@ revcount = web.maxshortchanges if 'revcount' in req.form: - revcount = int(req.form.get('revcount', [revcount])[0]) - revcount = max(revcount, 1) - tmpl.defaults['sessionvars']['revcount'] = revcount + try: + revcount = int(req.form.get('revcount', [revcount])[0]) + revcount = max(revcount, 1) + tmpl.defaults['sessionvars']['revcount'] = revcount + except ValueError: + pass lessvars = copy.copy(tmpl.defaults['sessionvars']) lessvars['revcount'] = max(revcount / 2, 1) @@ -945,9 +954,12 @@ bg_height = 39 revcount = web.maxshortchanges if 'revcount' in req.form: - revcount = int(req.form.get('revcount', [revcount])[0]) - revcount = max(revcount, 1) - tmpl.defaults['sessionvars']['revcount'] = revcount + try: + revcount = int(req.form.get('revcount', [revcount])[0]) + revcount = max(revcount, 1) + tmpl.defaults['sessionvars']['revcount'] = revcount + except ValueError: + pass lessvars = copy.copy(tmpl.defaults['sessionvars']) lessvars['revcount'] = max(revcount / 2, 1)