Browse Source

Validate merger type before asking permission

shortcutme 5 years ago
parent
commit
3fd44a1813
1 changed files with 2 additions and 0 deletions
  1. 2 0
      plugins/MergerSite/MergerSitePlugin.py

+ 2 - 0
plugins/MergerSite/MergerSitePlugin.py

@@ -212,6 +212,8 @@ class UiWebsocketPlugin(object):
             return super(UiWebsocketPlugin, self).actionPermissionDetails(to, permission)
 
         merger_type = permission.replace("Merger:", "")
+        if not re.match("^[A-Za-z0-9-]+$", merger_type):
+            raise Exception("Invalid merger_type: %s" % merger_type)
         merged_sites = []
         for address, merged_type in merged_db.iteritems():
             if merged_type != merger_type: