From 3eab8d9d3569a12b19c5a859ca21060e9c67ab09 Mon Sep 17 00:00:00 2001
From: richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
Date: Tue, 17 Mar 2009 22:59:40 +0000
Subject: [PATCH] handle bogus pagination values (issue 2550530)

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4207 57a73879-2fb5-44c3-a270-3262357dd7e2
---
 CHANGES.txt               |  1 +
 roundup/cgi/templating.py | 20 ++++++++++++++------
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index fef50e9..56a4e26 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -6,6 +6,7 @@ are given with the most recent entry first.
 Fixes:
 - bug introduced into CVS export and view
 - bugs introduced in the migration to the email package (issue 2550531)
+- handle bogus pagination values (issue 2550530)
 
 
 2009-03-13 1.4.7 (r4202)
diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
index 17912c6..f536774 100644
--- a/roundup/cgi/templating.py
+++ b/roundup/cgi/templating.py
@@ -1131,7 +1131,7 @@ class _HTMLItem(HTMLInputMixin, HTMLPermissions):
         # The context for a search page should be the class, not any
         # node.
         self._client.nodeid = None
-        
+
         # use our fabricated request
         return pt.render(self._client, req.classname, req)
 
@@ -1959,7 +1959,7 @@ class LinkHTMLProperty(HTMLProperty):
                 else:
                     fn = lambda optionid: linkcl.get(optionid, propname)
             additional_fns.append(fn)
-            
+
         for optionid in options:
             # get the option value, and if it's None use an empty string
             option = linkcl.get(optionid, k) or ''
@@ -2147,7 +2147,7 @@ class MultilinkHTMLProperty(HTMLProperty):
             for opt in linkcl.filter(None, conditions, sort_on)
             if self._db.security.hasPermission("View", self._client.userid,
                 linkcl.classname, itemid=opt)]
-        
+
         # make sure we list the current values if they're retired
         for val in value:
             if val not in options:
@@ -2180,7 +2180,7 @@ class MultilinkHTMLProperty(HTMLProperty):
                 else:
                     fn = lambda optionid: linkcl.get(optionid, propname)
             additional_fns.append(fn)
-            
+
         for optionid in options:
             # get the option value, and if it's None use an empty string
             option = linkcl.get(optionid, k) or ''
@@ -2399,13 +2399,21 @@ class HTMLRequest(HTMLInputMixin):
         for name in ':pagesize @pagesize'.split():
             if self.form.has_key(name):
                 self.special_char = name[0]
-                self.pagesize = int(self.form.getfirst(name))
+                try:
+                    self.pagesize = int(self.form.getfirst(name))
+                except ValueError:
+                    # not an integer - ignore
+                    pass
 
         self.startwith = 0
         for name in ':startwith @startwith'.split():
             if self.form.has_key(name):
                 self.special_char = name[0]
-                self.startwith = int(self.form.getfirst(name))
+                try:
+                    self.startwith = int(self.form.getfirst(name))
+                except ValueError:
+                    # not an integer - ignore
+                    pass
 
         # dispname
         if self.form.has_key('@dispname'):
-- 
2.30.2