Merge pull request #224 from N-Field/patch-preview-int

fix 400 errors from /api/preview
2020-05-09 17:29:53 +01:00
parent f346e05312 992a44be36
commit 224bf25fc0
1 changed files with 2 additions and 1 deletions
--- a/app.py
+++ b/app.py
@@ -341,9 +341,10 @@ def route_admin_songs_id_delete(id):
@app.cache.cached(timeout=15, query_string=True)
 def route_api_preview():
    song_id = request.args.get('id', None)
-    if not song_id or not re.match('^[0-9]+$', song_id):
+    if not song_id or not re.match('^[0-9]{1,9}$', song_id):
        abort(400)

+    song_id = int(song_id)
    song = db.songs.find_one({'id': song_id})
    if not song:
        abort(400)