From ae6af54282479e33a12484d8a6e1295934d513ee Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Tue, 17 Feb 2015 12:05:29 +0100 Subject: [PATCH] SONAR-5999 Check that params are valid integer --- .../WEB-INF/app/controllers/profiles_controller.rb | 10 +++++++--- .../webapp/WEB-INF/app/views/profiles/compare.html.erb | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/profiles_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/profiles_controller.rb index 3b00a8a16b0..3ac6eba4b8d 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/profiles_controller.rb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/profiles_controller.rb @@ -371,9 +371,13 @@ class ProfilesController < ApplicationController # GET /profiles/compare?id1=&id2= def compare @profiles = Profile.all(:order => 'language asc, name') - if params[:id1].present? && params[:id2].present? - @profile1 = Profile.find(params[:id1]) - @profile2 = Profile.find(params[:id2]) + id1 = params[:id1] + id2 = params[:id2] + if id1.present? && id2.present? && id1.respond_to?(:to_i) && id2.respond_to?(:to_i) + @id1 = params[:id1].to_i + @id2 = params[:id2].to_i + @profile1 = Profile.find(id1) + @profile2 = Profile.find(id2) arules1 = ActiveRule.all(:include => [{:active_rule_parameters => :rules_parameter}, :rule], :conditions => ['active_rules.profile_id=?', @profile1.id]) diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/profiles/compare.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/profiles/compare.html.erb index 5f0578dc5cc..54051821fc1 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/profiles/compare.html.erb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/profiles/compare.html.erb @@ -9,12 +9,12 @@
-- 2.39.5