Mercurial > farol > farol
diff farol/document.py @ 68:33cdb9faed64
Improve deletion of revisions (input validation)
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Thu, 09 Oct 2014 10:10:48 +0200 |
parents | 023080ffd995 |
children | 727c01e8e3e9 |
line wrap: on
line diff
--- a/farol/document.py Thu Oct 09 09:50:57 2014 +0200 +++ b/farol/document.py Thu Oct 09 10:10:48 2014 +0200 @@ -146,7 +146,11 @@ @document_required def del_revision(): index = int(request.form['index']) - del get_current()._tracking._history[index] + history = get_current()._tracking._history + if not (0 <= index < len(history)): + flash('Revision not found', 'danger') + abort(404) + del history[index] return redirect(url_for('.view')) @document.route('/distribution/edit', methods=['GET', 'POST'])