Sanitize the highlight contact id (#1160)

* Sanitize also parameter * Formatting Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-15 17:48:42 +02:00 · 2022-07-15 17:48:42 +02:00 · bcd4383e05
parent 67be5ba050
commit bcd4383e05
2 changed files with 6 additions and 1 deletions
--- a/app/dashboard/views/alias_contact_manager.py
+++ b/app/dashboard/views/alias_contact_manager.py
@ -234,7 +234,11 @@ def delete_contact(alias: Alias, contact_id: int):
 def alias_contact_manager(alias_id):
    highlight_contact_id = None
    if request.args.get("highlight_contact_id"):
-        highlight_contact_id = int(request.args.get("highlight_contact_id"))
+        try:
+            highlight_contact_id = int(request.args.get("highlight_contact_id"))
+        except ValueError:
+            flash("Invalid contact id", "error")
+            return redirect(url_for("dashboard.index"))

    alias = Alias.get(alias_id)

--- a/server.py
+++ b/server.py
@ -206,6 +206,7 @@ def load_user(alternative_id):
    user = User.get_by(alternative_id=alternative_id)
    if user and user.disabled:
        return None
+    sentry_sdk.set_user({"email": user.email, "id": user.id})

    return user