From 2764826da00d31230a0f9a4c294b0ca050b73d4f Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Sun, 19 Jan 2020 19:15:53 +0100 Subject: /journey/:id: verify that id is numeric As a side effect, this turns the response of GET /journey/edit (which should never happen in the first place) from an exception into a 404 error (#36) --- lib/Travelynx/Controller/Traveling.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/Travelynx/Controller') diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm index 7095312..bd8832c 100755 --- a/lib/Travelynx/Controller/Traveling.pm +++ b/lib/Travelynx/Controller/Traveling.pm @@ -657,7 +657,7 @@ sub journey_details { $self->param( journey_id => $journey_id ); - if ( not($journey_id) ) { + if ( not( $journey_id and $journey_id =~ m{ ^ \d+ $ }x ) ) { $self->render( 'journey', error => 'notfound', -- cgit v1.2.3