[extensions-web] Validate UUID in the download code
- From: Jasper St. Pierre <jstpierre src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [extensions-web] Validate UUID in the download code
- Date: Wed, 26 Oct 2011 20:06:45 +0000 (UTC)
commit df5e2bc9448fa130136c6e9c8b411c895178f95b
Author: Jasper St. Pierre <jstpierre mecheye net>
Date: Wed Oct 26 11:34:18 2011 -0400
Validate UUID in the download code
sweettooth/extensions/views.py | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/sweettooth/extensions/views.py b/sweettooth/extensions/views.py
index 4d6abbb..17c5336 100644
--- a/sweettooth/extensions/views.py
+++ b/sweettooth/extensions/views.py
@@ -15,6 +15,9 @@ def download(request, uuid):
pk = request.GET['version_tag']
version = get_object_or_404(models.ExtensionVersion, pk=pk)
+ if version.extension.uuid != uuid:
+ raise Http404()
+
if version.status != models.STATUS_ACTIVE:
return HttpResponseForbidden()
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
