darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-05-05 08:31:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

sanitize

Browse Source
This commit is contained in:
Beverly Nguyen
2025-10-14 13:37:04 -07:00
parent e041ea433f
commit 2db7152bc4
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/main/views/organizations.py
View File

@@ -124,14 +124,10 @@ def organization_usage(org_id):
@main.route("/organizations/<uuid:org_id>/download-usage-report.csv", methods=["GET"]) @main.route("/organizations/<uuid:org_id>/download-usage-report.csv", methods=["GET"])
@user_has_permissions() @user_has_permissions()
def download_organization_usage_report(org_id): def download_organization_usage_report(org_id):
selected_year_input = request.args.get("selected_year") # Validate and sanitize selected_year to prevent header injection
# Validate selected_year to prevent header injection selected_year_input = request.args.get("selected_year", "")
if ( if selected_year_input.isdigit() and len(selected_year_input) == 4:
selected_year_input selected_year = str(int(selected_year_input))
and selected_year_input.isdigit()
and len(selected_year_input) == 4
):
selected_year = selected_year_input
else: else:
selected_year = str(datetime.now().year) selected_year = str(datetime.now().year)
services_usage = current_organization.services_and_usage( services_usage = current_organization.services_and_usage(