Home Explore Help
Sign In
subDesTagesMitExtraKaese
/
Zitap
1
1
Fork 0
Files Issues 13 Pull Requests 0 Wiki
Browse Source

sanitize input argument

subDesTagesMitExtraKaese 2 years ago
parent
ecc4541fdc
commit
58983b9fb9
2 changed files with 9 additions and 7 deletions
Split View Show Diff Stats
  1. 6 4
      zitap/helpers.py
  2. 3 3
      zitap/views.py

+ 6 - 4
zitap/helpers.py
View File 

@@ -14,11 +14,13 @@ def slots2string( participant : Participant, n_slots : int ) -> str :
 
     # Pad the string with 0s if necessary
 
     return '0' * (n_slots - len(string_value)) + string_value
 
 
-def string2slots( string : str ) -> bytes :
 
+def string2slots( string : str, n_slots : int ) -> bytes :
 
     """ Convert a string to a byte array. """
 
+    if len(string) != n_slots:
 
+        raise ValueError(f"Invalid string length: {len(string)} (expected {n_slots})")
 
 
     # Convert the string to a byte array
 
-    return int(string, 2).to_bytes((len(string) + 7) // 8, byteorder='big')
 
+    return int(string, 2).to_bytes((n_slots + 7) // 8, byteorder='big')
 
 
 def get_slot_count( event ) -> int :
 
     """ Get the number of slots in an event. """
 
@@ -30,8 +32,8 @@ def get_slot_count( event ) -> int :
 
 
     # Get the number of slots in the event
 
     days = event.date_set.count()
 
-    slots_per_day = timespan.total_seconds() // event.slot_interval.total_seconds()
 
-    return int(days * slots_per_day)
 
+    slots_per_day = int(timespan.total_seconds() // event.slot_interval.total_seconds())
 
+    return days * slots_per_day
 
 
 def slots2grid( event : Event ) -> dict :
 
     """ Convert the slots of an event to data for the grid. """

+ 3 - 3
zitap/views.py
View File 

@@ -110,7 +110,7 @@ def update_slots(request, url):
 
     if form.is_valid():
 
         data = form.cleaned_data
 
         participant = Participant.objects.get(id=request.session['participant_id'])
 
-        participant.slots = string2slots(data['slots'])
 
+        participant.slots = string2slots(data['slots'], get_slot_count(event))
 
         participant.save()
 
         return HttpResponseRedirect(f'/{event.url}')
 
 
@@ -130,14 +130,14 @@ def slots_api(request, url):
 
             form = UpdateSlotsForm(request.POST)
 
             if form.is_valid():
 
                 data = form.cleaned_data
 
-                participant.slots = string2slots(data['slots'])
 
+                participant.slots = string2slots(data['slots'], slot_count)
 
                 participant.save()
 
 
         # Get the slots of each participant
 
         data = {}
 
         participants = event.participant_set.all()
 
         for participant in participants:
 
-            data[participant.name] = slots2string(participant, slot_count)
 
+            data[participant.user.username] = slots2string(participant, slot_count)
 
         
         return JsonResponse(data)