darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-04-13 22:01:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

sanitize

Browse Source
This commit is contained in:
Beverly Nguyen
2025-10-14 13:37:04 -07:00
parent e041ea433f
commit 2db7152bc4
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/main/views/organizations.py
View File

@@ -124,14 +124,10 @@ def organization_usage(org_id):
@main.route("/organizations/<uuid:org_id>/download-usage-report.csv", methods=["GET"])
@user_has_permissions()
def download_organization_usage_report(org_id):
selected_year_input = request.args.get("selected_year")
# Validate selected_year to prevent header injection
if (
selected_year_input
and selected_year_input.isdigit()
and len(selected_year_input) == 4
):
selected_year = selected_year_input
# Validate and sanitize selected_year to prevent header injection
selected_year_input = request.args.get("selected_year", "")
if selected_year_input.isdigit() and len(selected_year_input) == 4:
selected_year = str(int(selected_year_input))
else:
selected_year = str(datetime.now().year)
services_usage = current_organization.services_and_usage(