From 4c2f7d56675b887620dad1a975e83f49a5f74299 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Mon, 4 Apr 2022 23:15:25 +0200
Subject: [PATCH] fsd

---
 files/routes/posts.py     |  3 ++-
 files/routes/reporting.py | 10 ++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/files/routes/posts.py b/files/routes/posts.py
index ba364dfb1..87425c727 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -261,7 +261,8 @@ def post_id(pid, anything=None, v=None, sub=None):
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
 @auth_desired
 def viewmore(v, pid, sort, offset):
-	pid = int(pid)
+	try: pid = int(pid)
+	except: abort(400)
 	post = get_post(pid, v=v)
 	if post.club and not (v and (v.paid_dues or v.id == post.author_id)): abort(403)
 
diff --git a/files/routes/reporting.py b/files/routes/reporting.py
index eb332db8e..f5cb46d5d 100644
--- a/files/routes/reporting.py
+++ b/files/routes/reporting.py
@@ -70,10 +70,12 @@ def api_flag_comment(cid, v):
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
 @admin_level_required(2)
 def remove_report_post(v, pid, uid):
-	
-	pid = int(pid)
-	uid = int(uid)
-	
+
+	try:
+		pid = int(pid)
+		uid = int(uid)
+	except: abort(400)
+
 	report = g.db.query(Flag).filter_by(post_id=pid, user_id=uid).one()
 	
 	g.db.delete(report)