From bcd4383e0582abb52d02fb9fc42d82a936be32e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?=
 <acasajus@users.noreply.github.com>
Date: Fri, 15 Jul 2022 17:48:42 +0200
Subject: [PATCH] Sanitize the highlight contact id (#1160)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Sanitize also parameter

* Formatting

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
---
 app/dashboard/views/alias_contact_manager.py | 6 +++++-
 server.py                                    | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/dashboard/views/alias_contact_manager.py b/app/dashboard/views/alias_contact_manager.py
index 0f5e9671..f5c54321 100644
--- a/app/dashboard/views/alias_contact_manager.py
+++ b/app/dashboard/views/alias_contact_manager.py
@@ -234,7 +234,11 @@ def delete_contact(alias: Alias, contact_id: int):
 def alias_contact_manager(alias_id):
     highlight_contact_id = None
     if request.args.get("highlight_contact_id"):
-        highlight_contact_id = int(request.args.get("highlight_contact_id"))
+        try:
+            highlight_contact_id = int(request.args.get("highlight_contact_id"))
+        except ValueError:
+            flash("Invalid contact id", "error")
+            return redirect(url_for("dashboard.index"))
 
     alias = Alias.get(alias_id)
 
diff --git a/server.py b/server.py
index bb2e5c9a..43317caa 100644
--- a/server.py
+++ b/server.py
@@ -206,6 +206,7 @@ def load_user(alternative_id):
     user = User.get_by(alternative_id=alternative_id)
     if user and user.disabled:
         return None
+    sentry_sdk.set_user({"email": user.email, "id": user.id})
 
     return user