Parse project page numbers without reporting errors

We get lots of garbage error reports from people fuzzing the page parameter. This will return a specific error for them, and won't report them to Yeller. Relates to #492
clojars · Aug 22, 2016 · 5d5f4a8 · 5d5f4a8
1 parent 523c15b
commit 5d5f4a8
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/src/clojars/web.clj b/src/clojars/web.clj
@@ -67,8 +67,11 @@
                                     params)]
              (search search-obj % validated-params))))
    (GET "/projects" {:keys [params]}
-        (try-account
-          #(browse db % params)))
+         (try-account
+           #(let [validated-params (if (:page params)
+                                     (assoc params :page (try-parse-page (:page params)))
+                                     params)]
+             (browse db % validated-params))))
    (GET "/security" []
         (try-account
           #(html-doc "Security" {:account %}

diff --git a/src/clojars/web/browse.clj b/src/clojars/web/browse.clj
@@ -49,4 +49,4 @@
       (let [i (count-projects-before db from)
             page (inc (int (/ i per-page)))]
         (redirect (str "/projects?page=" page "#" (mod i per-page))))
-      (browse-page db account (Integer. (or (:page params) 1)) per-page))))
+      (browse-page db account (or (:page params) 1) per-page))))