hgweb: ignore non numeric "revcount" parameter values (
issue4091)
--- a/mercurial/hgweb/webcommands.py Thu Nov 21 11:30:52 2013 -0600
+++ b/mercurial/hgweb/webcommands.py Fri Nov 08 09:48:01 2013 +0100
@@ -228,9 +228,12 @@
query = req.form['rev'][0]
revcount = web.maxchanges
if 'revcount' in req.form:
- revcount = int(req.form.get('revcount', [revcount])[0])
- revcount = max(revcount, 1)
- tmpl.defaults['sessionvars']['revcount'] = revcount
+ try:
+ revcount = int(req.form.get('revcount', [revcount])[0])
+ revcount = max(revcount, 1)
+ tmpl.defaults['sessionvars']['revcount'] = revcount
+ except ValueError:
+ pass
lessvars = copy.copy(tmpl.defaults['sessionvars'])
lessvars['revcount'] = max(revcount / 2, 1)
@@ -307,9 +310,12 @@
revcount = shortlog and web.maxshortchanges or web.maxchanges
if 'revcount' in req.form:
- revcount = int(req.form.get('revcount', [revcount])[0])
- revcount = max(revcount, 1)
- tmpl.defaults['sessionvars']['revcount'] = revcount
+ try:
+ revcount = int(req.form.get('revcount', [revcount])[0])
+ revcount = max(revcount, 1)
+ tmpl.defaults['sessionvars']['revcount'] = revcount
+ except ValueError:
+ pass
lessvars = copy.copy(tmpl.defaults['sessionvars'])
lessvars['revcount'] = max(revcount / 2, 1)
@@ -822,9 +828,12 @@
revcount = web.maxshortchanges
if 'revcount' in req.form:
- revcount = int(req.form.get('revcount', [revcount])[0])
- revcount = max(revcount, 1)
- tmpl.defaults['sessionvars']['revcount'] = revcount
+ try:
+ revcount = int(req.form.get('revcount', [revcount])[0])
+ revcount = max(revcount, 1)
+ tmpl.defaults['sessionvars']['revcount'] = revcount
+ except ValueError:
+ pass
lessvars = copy.copy(tmpl.defaults['sessionvars'])
lessvars['revcount'] = max(revcount / 2, 1)
@@ -945,9 +954,12 @@
bg_height = 39
revcount = web.maxshortchanges
if 'revcount' in req.form:
- revcount = int(req.form.get('revcount', [revcount])[0])
- revcount = max(revcount, 1)
- tmpl.defaults['sessionvars']['revcount'] = revcount
+ try:
+ revcount = int(req.form.get('revcount', [revcount])[0])
+ revcount = max(revcount, 1)
+ tmpl.defaults['sessionvars']['revcount'] = revcount
+ except ValueError:
+ pass
lessvars = copy.copy(tmpl.defaults['sessionvars'])
lessvars['revcount'] = max(revcount / 2, 1)