svn commit: r1668429 - /steve/trunk/pytest/www/cgi-bin/rest_voter.py

[humbedooh]

Author: humbedooh
Date: Sun Mar 22 18:20:53 2015
New Revision: 1668429

URL: http://svn.apache.org/r1668429
Log:
validate election/issue id in voter rest

Modified:
    steve/trunk/pytest/www/cgi-bin/rest_voter.py

Modified: steve/trunk/pytest/www/cgi-bin/rest_voter.py
URL: 
http://svn.apache.org/viewvc/steve/trunk/pytest/www/cgi-bin/rest_voter.py?rev=1668429&r1=1668428&r2=1668429&view=diff
==============================================================================
--- steve/trunk/pytest/www/cgi-bin/rest_voter.py (original)
+++ steve/trunk/pytest/www/cgi-bin/rest_voter.py Sun Mar 22 18:20:53 2015
@@ -61,7 +61,10 @@ if pathinfo:
     
     if not voterID and karma < 3 and (action != "request" and action != 
"peek"):
         response.respond(403, {'message': "Voter UID missing"})
-    
+    elif electionID and re.search(r"([^A-Za-z0-9-.])", electionID):
+        response.respond(400, {'message': "Invalid election ID specified"})
+    elif issueID and re.search(r"([^A-Za-z0-9-.])", issueID):
+        response.respond(400, {'message': "Invalid issue ID specified"})
     elif action == "view":
         # View a list of issues for an election
         if electionID and not issueID: