From 387e2dbeb9b86b10ccda6d409c23f522b886c0e3 Mon Sep 17 00:00:00 2001 From: dogeystamp Date: Wed, 26 Apr 2023 20:40:45 -0400 Subject: [PATCH] sachet/server/files/views.py: add check for invalid UUID --- sachet/server/files/views.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sachet/server/files/views.py b/sachet/server/files/views.py index 6a44bb3..e898e8b 100644 --- a/sachet/server/files/views.py +++ b/sachet/server/files/views.py @@ -27,6 +27,13 @@ class FilesMetadataAPI(ModelAPI): @auth_required(required_permissions=(Permissions.DELETE,)) def delete(self, share_id, auth_user=None): + try: + uuid.UUID(share_id) + except ValueError: + return jsonify(dict( + status="fail", + message=f"Invalid ID: '{share_id}'." + )) share = Share.query.filter_by(share_id=share_id).first() return super().delete(share)