# HG changeset patch
# User Benoît Allard <benoit.allard@greenbone.net>
# Date 1412842248 -7200
# Node ID 33cdb9faed64b51b671b6024dc9ea525b9e82caf
# Parent  023080ffd9953727a5ddd87f0f5330c2519ce3e0
Improve deletion of revisions (input validation)

diff -r 023080ffd995 -r 33cdb9faed64 farol/document.py
--- a/farol/document.py	Thu Oct 09 09:50:57 2014 +0200
+++ b/farol/document.py	Thu Oct 09 10:10:48 2014 +0200
@@ -146,7 +146,11 @@
 @document_required
 def del_revision():
     index = int(request.form['index'])
-    del get_current()._tracking._history[index]
+    history = get_current()._tracking._history
+    if not (0 <= index < len(history)):
+        flash('Revision not found', 'danger')
+        abort(404)
+    del history[index]
     return redirect(url_for('.view'))
 
 @document.route('/distribution/edit', methods=['GET', 'POST'])