input validation

author: Richard Jones <richard@mechanicalcat.net> 2013-01-23 14:44:09 +1100
committer: Richard Jones <richard@mechanicalcat.net> 2013-01-23 14:44:09 +1100
commit: a5be6054a16ac471ac11b08a6396537754f14222 (patch)
tree: 59cf7e6f6c7684e6a6a0af118101c4e237fe461e
parent: 9f1289a26d58209afcc0c35233e2da9cb9142ea7 (diff)
download: decorator-a5be6054a16ac471ac11b08a6396537754f14222.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/webui.py b/webui.py
index 7b3e811..9707988 100644
--- a/webui.py
+++ b/webui.py
@@ -2021,6 +2021,9 @@ class WebUI:
         # this is used to render the form as well as edit it... UGH
         #self.csrf_check()
 
+        if name not in self.form:
+            raise FormError("Invalid package name")
+
         name = self.form['name']
         editing = self.env['REQUEST_METHOD'] == "POST"
author	Richard Jones <richard@mechanicalcat.net>	2013-01-23 14:44:09 +1100
committer	Richard Jones <richard@mechanicalcat.net>	2013-01-23 14:44:09 +1100
commit	a5be6054a16ac471ac11b08a6396537754f14222 (patch)
tree	59cf7e6f6c7684e6a6a0af118101c4e237fe461e
parent	9f1289a26d58209afcc0c35233e2da9cb9142ea7 (diff)
download	decorator-a5be6054a16ac471ac11b08a6396537754f14222.tar.gz