Permalink
Browse files

validate query params

  • Loading branch information...
Sanjay Bhangar
Sanjay Bhangar committed May 8, 2017
1 parent 7e65dc6 commit 1ecd725fe9216709d9991ed88edac3a1f5cd5fab
Showing with 5 additions and 0 deletions.
  1. +5 −0 osmtm/views/views.py
View
@@ -120,8 +120,13 @@ def get_projects(request, items_per_page):
filter = and_(Project.status != Project.status_archived, filter)
sort_by = 'project.%s' % request.params.get('sort_by', 'priority')
+ if sort_by not in ['project.priority', 'project.created', 'project.last_update']:
+ sort_by = 'project.priority'
direction = request.params.get('direction', 'asc')
+ if direction not in ['asc', 'desc']:
+ direction = 'asc'
direction_func = getattr(sqlalchemy, direction, None)
+
sort_by = direction_func(sort_by)
query = query.order_by(sort_by, desc(Project.id))

0 comments on commit 1ecd725

Please sign in to comment.