Permalink
Browse files

Do not allow negative offset or limit values

  • Loading branch information...
1 parent d337da7 commit 82ff68aef9dbe3129a4d36477abcc0d970ba0420 @matthiask committed May 10, 2012
Showing with 4 additions and 0 deletions.
  1. +4 −0 towel/api.py
View
@@ -429,6 +429,10 @@ def objects(self):
# Do not allow more than max_limit_per_page entries in one request, ever
limit = min(limit, self.max_limit_per_page)
+ # Sanitize range
+ offset = max(offset, 0)
+ limit = max(limit, 0)
+
page = Page(
queryset[offset:offset+limit],
offset,

0 comments on commit 82ff68a

Please sign in to comment.