mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-25 11:55:03 +03:00
Merge pull request #3184 from jaswilli/issue-3169
Fix up route parameter validation
This commit is contained in:
commit
012b93a885
@ -10,8 +10,8 @@ var EditorEditRoute = Ember.Route.extend(Ember.SimpleAuth.AuthenticatedRouteMixi
|
||||
|
||||
postId = Number(params.post_id);
|
||||
|
||||
if (!Number.isInteger(postId) || !Number.isFinite(postId) || postId <= 0) {
|
||||
this.transitionTo('error404', 'editor/' + params.post_id);
|
||||
if (!_.isNumber(postId) || !_.isFinite(postId) || postId % 1 !== 0 || postId <= 0) {
|
||||
return this.transitionTo('error404', 'editor/' + params.post_id);
|
||||
}
|
||||
|
||||
post = this.store.getById('post', postId);
|
||||
|
@ -9,8 +9,9 @@ var PostsPostRoute = Ember.Route.extend(Ember.SimpleAuth.AuthenticatedRouteMixin
|
||||
|
||||
postId = Number(params.post_id);
|
||||
|
||||
if (!Number.isInteger(postId) || !Number.isFinite(postId) || postId <= 0) {
|
||||
this.transitionTo('error404', params.post_id);
|
||||
if (!_.isNumber(postId) || !_.isFinite(postId) || postId % 1 !== 0 || postId <= 0)
|
||||
{
|
||||
return this.transitionTo('error404', params.post_id);
|
||||
}
|
||||
|
||||
post = this.store.getById('post', postId);
|
||||
|
Loading…
Reference in New Issue
Block a user