浏览代码

Fix url regexp.

\d allows numbers from other digit systems, so urls like: http://demo.getpinry.com/१७/ are possible. This could lead to some nasty security issues in the future (ie. if you try to use pin number without using `int(...)`).
pull/62/head
Tomasz Wysocki 10 年前
父节点
当前提交
bd984f9fd2
共有 1 个文件被更改,包括 1 次插入1 次删除
  1. +1
    -1
      pinry/core/urls.py

+ 1
- 1
pinry/core/urls.py 查看文件

@@ -30,7 +30,7 @@ urlpatterns = patterns('',
name='tag-pins'),
url(r'^pins/user/(?P<user>(\w|-)+)/$', TemplateView.as_view(template_name='core/pins.html'),
name='user-pins'),
url(r'^(?P<pin>\d+)/$', TemplateView.as_view(template_name='core/pins.html'),
url(r'^(?P<pin>[0-9]+)/$', TemplateView.as_view(template_name='core/pins.html'),
name='recent-pins'),
url(r'^$', TemplateView.as_view(template_name='core/pins.html'),
name='recent-pins'),


正在加载...
取消
保存