From 63dbfc15a6bc4b1ae55c82e20955be6d30e814c3 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Wed, 29 Jul 2015 00:39:09 +0100
Subject: [PATCH] Validate page numbers in URLs

---
 config/routes.rb | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/config/routes.rb b/config/routes.rb
index f5b7e4e72..085d67417 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -187,22 +187,22 @@ OpenStreetMap::Application.routes.draw do
   match "/preview/:format" => "site#preview", :via => :post, :as => :preview
 
   # traces
-  match "/user/:display_name/traces/tag/:tag/page/:page" => "trace#list", :via => :get
+  match "/user/:display_name/traces/tag/:tag/page/:page" => "trace#list", :via => :get, :page => /[1-9][0-9]*/
   match "/user/:display_name/traces/tag/:tag" => "trace#list", :via => :get
-  match "/user/:display_name/traces/page/:page" => "trace#list", :via => :get
+  match "/user/:display_name/traces/page/:page" => "trace#list", :via => :get, :page => /[1-9][0-9]*/
   match "/user/:display_name/traces" => "trace#list", :via => :get
   match "/user/:display_name/traces/tag/:tag/rss" => "trace#georss", :via => :get, :defaults => { :format => :rss }
   match "/user/:display_name/traces/rss" => "trace#georss", :via => :get, :defaults => { :format => :rss }
   match "/user/:display_name/traces/:id" => "trace#view", :via => :get
   match "/user/:display_name/traces/:id/picture" => "trace#picture", :via => :get
   match "/user/:display_name/traces/:id/icon" => "trace#icon", :via => :get
-  match "/traces/tag/:tag/page/:page" => "trace#list", :via => :get
+  match "/traces/tag/:tag/page/:page" => "trace#list", :via => :get, :page => /[1-9][0-9]*/
   match "/traces/tag/:tag" => "trace#list", :via => :get
-  match "/traces/page/:page" => "trace#list", :via => :get
+  match "/traces/page/:page" => "trace#list", :via => :get, :page => /[1-9][0-9]*/
   match "/traces" => "trace#list", :via => :get
   match "/traces/tag/:tag/rss" => "trace#georss", :via => :get, :defaults => { :format => :rss }
   match "/traces/rss" => "trace#georss", :via => :get, :defaults => { :format => :rss }
-  match "/traces/mine/tag/:tag/page/:page" => "trace#mine", :via => :get
+  match "/traces/mine/tag/:tag/page/:page" => "trace#mine", :via => :get, :page => /[1-9][0-9]*/
   match "/traces/mine/tag/:tag" => "trace#mine", :via => :get
   match "/traces/mine/page/:page" => "trace#mine", :via => :get
   match "/traces/mine" => "trace#mine", :via => :get
@@ -218,7 +218,7 @@ OpenStreetMap::Application.routes.draw do
   match "/user/:display_name/diary/rss" => "diary_entry#rss", :via => :get, :defaults => { :format => :rss }
   match "/diary/:language/rss" => "diary_entry#rss", :via => :get, :defaults => { :format => :rss }
   match "/diary/rss" => "diary_entry#rss", :via => :get, :defaults => { :format => :rss }
-  match "/user/:display_name/diary/comments/:page" => "diary_entry#comments", :via => :get, :page => /\d+/
+  match "/user/:display_name/diary/comments/:page" => "diary_entry#comments", :via => :get, :page => /[1-9][0-9]*/
   match "/user/:display_name/diary/comments/" => "diary_entry#comments", :via => :get
   match "/user/:display_name/diary" => "diary_entry#list", :via => :get
   match "/diary/:language" => "diary_entry#list", :via => :get
-- 
2.43.2