From d95c29bdd643a827083b3e462d3f363d80c96024 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Wed, 12 Jun 2024 10:33:37 -0500 Subject: Validate input before attempting to use it. --- qc_app/samples.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/qc_app/samples.py b/qc_app/samples.py index 62b0361..e7be458 100644 --- a/qc_app/samples.py +++ b/qc_app/samples.py @@ -22,6 +22,7 @@ from functional_tools import take from qc_app import jobs from qc_app.files import save_file +from qc_app.input_validation import is_empty_input, is_integer_input from qc_app.db_utils import ( with_db_connection, database_connection, @@ -207,14 +208,26 @@ def upload_samples(): code=307) with database_connection(app.config["SQL_URI"]) as conn: - species = species_by_id(conn, request.form.get("species_id")) + _speciesid = request.form.get("species_id") + if is_integer_input(_speciesid): + flash("You did not provide a valid species. Please select one to " + "continue.", + "alert-danger") + return redirect(url_for("entry.upload_file")) + species = species_by_id(conn, _speciesid) if not bool(species): flash("Invalid species!", "alert-error") return samples_uploads_page + _population_id = request.form.get("inbredset_id") + if not is_integer_input(_population_id): + flash("You did not provide a valid population. Please select one " + "to continue.", + "alert-danger") + return redirect("samples.select_species", code=307) population = with_db_connection( lambda conn: population_by_id( - conn, int(request.form.get("inbredset_id")))) + conn, int(_population_id))) if not bool(population): flash("Invalid grouping/population!", "alert-error") return samples_uploads_page -- cgit v1.2.3