From e9b402ae4935e0c41c3c4d6ab286ede35cc18b9f Mon Sep 17 00:00:00 2001
From: Almad <almad@dracidoupe.cz>
Date: Fri, 22 Mar 2024 19:47:04 +0100
Subject: [PATCH] Require a valid number for id redirects (refs DDCZ-2H)

---
 ddcz/views/legacy.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/ddcz/views/legacy.py b/ddcz/views/legacy.py
index 239b39a..5278ab2 100644
--- a/ddcz/views/legacy.py
+++ b/ddcz/views/legacy.py
@@ -1,7 +1,11 @@
 import logging
 
 from django.apps import apps
-from django.http import HttpResponseRedirect, HttpResponsePermanentRedirect
+from django.http import (
+    HttpResponseRedirect,
+    HttpResponsePermanentRedirect,
+    HttpResponseBadRequest,
+)
 from django.http.response import HttpResponse
 from django.shortcuts import get_object_or_404
 from django.urls.base import reverse
@@ -79,6 +83,11 @@ def legacy_router(request):
     page_creation_type = request.GET.get("co", False)
     id = request.GET.get("id", False)
 
+    try:
+        id = int(id)
+    except ValueError:
+        return HttpBadRequest("id musí být číslo")
+
     # The LEGACY_PLAIN_ROUTER is redirecting basic pages.
     # Typically no creative pages are present here.
     if page_category in PAGE_TO_VIEW_MAP.keys():