fdfd

drama/routes/comments.py

@@ -27,7 +27,9 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
 	if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
 	
 	try: cid = int(cid)
-	except: cid = int(cid, 36)
+	except:
+		try: cid = int(cid, 36)
+		except: abort(404)
 
 	comment = get_comment(cid, v=v)
 	

drama/routes/static.py

@@ -35,7 +35,9 @@ def log(v):
 def log_item(id, v):
 
 	try: id = int(id)
-	except: id = int(id, 36)
+	except:
+		try: id = int(id, 36)
+		except: abort(404)
 
 	action=g.db.query(ModAction).filter_by(id=id).first()
 

drama/routes/users.py

@@ -493,7 +493,9 @@ def user_profile(username):
 @limiter.exempt
 def user_profile_uid(uid):
 	try: uid = int(uid)
-	except: uid = int(uid, 36)
+	except:
+		try: uid = int(uid, 36)
+		except: abort(404)
 	x=get_account(uid)
 	return redirect(x.profile_url)
 

drama/routes/votes.py

@@ -117,8 +117,10 @@ def api_vote_comment(comment_id, new, v):
 	new = int(new)
 
 	try: comment_id = int(comment_id)
-	except: comment_id = int(comment_id, 36)
-	
+	except:
+		try: comment_id = int(comment_id, 36)
+		except: abort(404)
+
 	comment = get_comment(comment_id)
 
 	# check for existing vote