diff options
| author | Daniel Friesel <derf@finalrewind.org> | 2020-01-19 19:15:53 +0100 |
|---|---|---|
| committer | Daniel Friesel <derf@finalrewind.org> | 2020-01-19 19:15:53 +0100 |
| commit | 2764826da00d31230a0f9a4c294b0ca050b73d4f (patch) | |
| tree | 70d06c2edef2eb3cd120625d031113e7a3531392 | |
| parent | 243302b9bb90eb0d3f31731dea705ea42ed0c1a1 (diff) | |
/journey/:id: verify that id is numeric
As a side effect, this turns the response of GET /journey/edit (which should
never happen in the first place) from an exception into a 404 error (#36)
| -rwxr-xr-x | lib/Travelynx/Controller/Traveling.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm index 7095312..bd8832c 100755 --- a/lib/Travelynx/Controller/Traveling.pm +++ b/lib/Travelynx/Controller/Traveling.pm @@ -657,7 +657,7 @@ sub journey_details { $self->param( journey_id => $journey_id ); - if ( not($journey_id) ) { + if ( not( $journey_id and $journey_id =~ m{ ^ \d+ $ }x ) ) { $self->render( 'journey', error => 'notfound', |