Handle non integer values passed to `object_pk` and `replied_to`

stephenmcd / mezzanine

CMS framework for Django

http://mezzanine.jupo.org

BSD 2-Clause "Simplified" License

4.75k stars 1.64k forks source link

Handle non integer values passed to `object_pk` and `replied_to` #2012

Closed Remiz closed 2 years ago

Remiz commented 2 years ago

When pentesters look for vulnerabilities they attempt to stuff random values to every forms (including the ratings and comments). This change prevents returning a 500 error when a non integer value is passed to object_pk in a rating or comment form.

jerivas commented 2 years ago

Thanks!

github-actions[bot] commented 2 years ago

:tada: This PR is included in version 5.1.0 :tada:

The release is available on:

GitHub release
v5.1.0

Your semantic-release bot :package::rocket: