Module: check_mk
Branch: master
Commit: 248d88b4fcd20f34e39853ae5cb20d35bbd2e81c
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=248d88b4fcd20f…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Oct 22 15:12:08 2013 +0200
Fixed injection in bookmark edit page
---
web/htdocs/sidebar.py | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/web/htdocs/sidebar.py b/web/htdocs/sidebar.py
index d932919..8435f4e 100644
--- a/web/htdocs/sidebar.py
+++ b/web/htdocs/sidebar.py
@@ -585,7 +585,10 @@ def ajax_add_bookmark():
def page_edit_bookmark():
html.header(_("Edit Bookmark"))
- n = int(html.var("num"))
+ try:
+ n = int(html.var("num"))
+ except ValueError:
+ raise MKGeneralException(_("Invalid bookmark id."))
bookmarks = load_bookmarks()
if n >= len(bookmarks):
raise MKGeneralException(_("Unknown bookmark id: %d. This is probably a
problem with reload or browser history. Please try again.") % n)