From: Bill Erickson <berick@esilibrary.com>
Date: Tue, 29 May 2012 13:39:58 +0000 (-0400)
Subject: tpac : sanity check record ID in detail page path
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=785124d2f39097072fa96376c8230bf5b999d0dd;p=contrib%2FConifer.git

tpac : sanity check record ID in detail page path

If the ID is malformed (or nonexistent), return a BAD_REQUEST status and
exit early to avoid any unnecessary DB lookups and error logging.

Signed-off-by: Bill Erickson <berick@esilibrary.com>
Signed-off-by: Mike Rylander <mrylander@gmail.com>
---

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Record.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Record.pm
index bd5a22e04c..70010bd858 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Record.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Record.pm
@@ -21,8 +21,10 @@ sub load_record {
 
     $self->timelog("load_record() began");
 
-    my $rec_id = $ctx->{page_args}->[0]
-        or return Apache2::Const::HTTP_BAD_REQUEST;
+    my $rec_id = $ctx->{page_args}->[0];
+
+    return Apache2::Const::HTTP_BAD_REQUEST 
+        unless $rec_id and $rec_id =~ /^\d+$/;
 
     $self->added_content_stage1($rec_id);
     $self->timelog("past added content stage 1");