Validate input before attempting to use it.

1 files changed, 15 insertions, 2 deletions

diff --git a/qc_app/samples.py b/qc_app/samples.py
index 62b0361..e7be458 100644
--- a/qc_app/samples.py
+++ b/qc_app/samples.py
@@ -22,6 +22,7 @@ from functional_tools import take
 
 from qc_app import jobs
 from qc_app.files import save_file
+from qc_app.input_validation import is_empty_input, is_integer_input
 from qc_app.db_utils import (
     with_db_connection,
     database_connection,
@@ -207,14 +208,26 @@ def upload_samples():
                                     code=307)
 
     with database_connection(app.config["SQL_URI"]) as conn:
-        species = species_by_id(conn, request.form.get("species_id"))
+        _speciesid = request.form.get("species_id")
+        if is_integer_input(_speciesid):
+            flash("You did not provide a valid species. Please select one to "
+                  "continue.",
+                  "alert-danger")
+            return redirect(url_for("entry.upload_file"))
+        species = species_by_id(conn, _speciesid)
         if not bool(species):
             flash("Invalid species!", "alert-error")
             return samples_uploads_page
 
+        _population_id = request.form.get("inbredset_id")
+        if not is_integer_input(_population_id):
+            flash("You did not provide a valid population. Please select one "
+                  "to continue.",
+                  "alert-danger")
+            return redirect("samples.select_species", code=307)
         population = with_db_connection(
             lambda conn: population_by_id(
-                conn, int(request.form.get("inbredset_id"))))
+                conn, int(_population_id)))
         if not bool(population):
             flash("Invalid grouping/population!", "alert-error")
             return samples_uploads_page