scrub all attempts to do stupid things with page

2025-04-24 17:22:35 +02:00 · 2024-08-20 11:29:38 -05:00 · 2024-08-20 11:29:38 -05:00 · a00d460ce0
commit a00d460ce0
parent 9ad4b27a50
1 changed files with 7 additions and 0 deletions
--- a/app.rb
+++ b/app.rb
@ -85,6 +85,13 @@ before do
    content_type :html, 'charset' => 'utf-8'
    redirect '/' if request.post? && !csrf_safe?
  end
+
+  if params[:page]
+    params[:page] = params[:page].to_s
+    unless params[:page] =~ /^\d+$/ && params[:page].to_i > 0
+      params[:page] = '1'
+    end
+  end
 end

 after do