From 3f9b51f0c1e156f471298ccab206aa57210b3a98 Mon Sep 17 00:00:00 2001
From: justcool393 <justcool393@gmail.com>
Date: Sun, 16 Oct 2022 02:18:23 -0700
Subject: [PATCH] fix 500: abort 404 if not an integer

---
 files/routes/users.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/files/routes/users.py b/files/routes/users.py
index 6ea898cb8..5accc3725 100644
--- a/files/routes/users.py
+++ b/files/routes/users.py
@@ -26,7 +26,10 @@ def upvoters_downvoters(v, username, uid, cls, vote_cls, vote_dir, template, sta
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403)
 	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
-	uid = int(uid)
+	try:
+		uid = int(uid)
+	except:
+		abort(404)
 
 	page = max(1, int(request.values.get("page", 1)))
 
@@ -73,7 +76,10 @@ def upvoting_downvoting(v, username, uid, cls, vote_cls, vote_dir, template, sta
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): abort(403)
 	if not (v.id == u.id or v.admin_level >= PERMS['USER_VOTERS_VISIBLE']): abort(403)
 	id = u.id
-	uid = int(uid)
+	try:
+		uid = int(uid)
+	except:
+		abort(404)
 
 	page = max(1, int(request.values.get("page", 1)))