Dockery/Pinry
1
0
Fork 0
mirror of https://github.com/pinry/pinry.git synced 2026-03-18 10:00:54 +01:00
Code Issues Packages Projects Releases Activity

Fix url regexp.

Browse Source 
\d allows numbers from other digit systems, so urls like: http://demo.getpinry.com/१७/ are possible. This could lead to some nasty security issues in the future (ie. if you try to use pin number without using `int(...)`).
This commit is contained in:
Tomasz Wysocki
2014-04-03 11:12:39 +02:00
parent 25c02407ba
commit bd984f9fd2
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pinry/core/urls.py
View File

@@ -30,7 +30,7 @@ urlpatterns = patterns('',
name='tag-pins'),
url(r'^pins/user/(?P<user>(\w|-)+)/$', TemplateView.as_view(template_name='core/pins.html'),
name='user-pins'),
url(r'^(?P<pin>\d+)/$', TemplateView.as_view(template_name='core/pins.html'),
url(r'^(?P<pin>[0-9]+)/$', TemplateView.as_view(template_name='core/pins.html'),
name='recent-pins'),
url(r'^$', TemplateView.as_view(template_name='core/pins.html'),
name='recent-pins'),