From 65efc309a8a15ab09442694f2e847c2046b6f776 Mon Sep 17 00:00:00 2001
From: rr- <rr-@sakuya.pl>
Date: Sun, 14 Aug 2016 11:43:19 +0200
Subject: [PATCH] server/comments: catch bad IDs

---
 server/szurubooru/func/comments.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/szurubooru/func/comments.py b/server/szurubooru/func/comments.py
index 80462f84..ec6efa89 100644
--- a/server/szurubooru/func/comments.py
+++ b/server/szurubooru/func/comments.py
@@ -2,6 +2,7 @@ import datetime
 from szurubooru import db, errors
 from szurubooru.func import users, scores, util
 
+class InvalidCommentIdError(errors.ValidationError): pass
 class CommentNotFoundError(errors.NotFoundError): pass
 class EmptyCommentTextError(errors.ValidationError): pass
 
@@ -22,6 +23,10 @@ def serialize_comment(comment, auth_user, options=None):
         options)
 
 def try_get_comment_by_id(comment_id):
+    try:
+        comment_id = int(comment_id)
+    except ValueError:
+        raise InvalidCommentIdError('Invalid comment ID: %r.' % comment_id)
     return db.session \
         .query(db.Comment) \
         .filter(db.Comment.comment_id == comment_id) \