From 395b7e0b0a719bd60ea346fc8d051ef7c05d0776 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Tue, 20 Oct 2009 22:05:02 -0400
Subject: More bounds checking in answering

---
 framed.py  | 18 ++++++++++++------
 index.yaml |  2 +-
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/framed.py b/framed.py
index 89f5e03..9a519d2 100644
--- a/framed.py
+++ b/framed.py
@@ -41,30 +41,36 @@ class AnswerQuestion(webapp.RequestHandler):
 		try:
 			frame = int(frame)
 		except:
+			self.response.out.write("Frame must be an integer.")
 			return
-		if code == "" or answer == "":
+		if code == "" or answer == "" or frame < 0:
+			self.response.out.write("Not enough correct info supplied.")
 			return
 		answers = answer.split(",")
 		for i in range(len(answers)):
 			try:
 				answers[i] = int(answers[i])
-				if (answers[i] > 9):
-					return
 			except:
+				self.response.out.write("Answers must be integers.")
 				return
 		titleQuery = Title.all().filter('code = ', code).fetch(1)
 		if len(titleQuery) != 1 or len(answers) == 0 or (-1 in answers and len(answers) > 1):
+			self.response.out.write("Invalid answers")
 			return
 		maxAnswer = len(titleQuery[0].characters)
 		for ans in answers:
-			if ans >= maxAnswer:
+			if ans < -1 or ans >= maxAnswer:
+				self.response.out.write("Answer to big or too small")
 				return
+		if frame > titleQuery[0].lastThumb:
+			self.response.out.write("Frame is too big")
+			return
 		answer = Answer()
 		answer.title = titleQuery[0]
 		answer.answer = answers;
 		answer.frame = frame
 		answer.put()
-		self.response.out.write(str(answers) + "<br>" + code + "<br>" + str(frame));
+		self.response.out.write("Success<br>" + str(answers) + "<br>" + code + "<br>" + str(frame));
 
 class LoadNewTitles(webapp.RequestHandler):
 	def __init__(self):
@@ -198,4 +204,4 @@ def main():
 	run_wsgi_app(application)
 
 if __name__ == "__main__":
-	main()
\ No newline at end of file
+	main()
diff --git a/index.yaml b/index.yaml
index e8022a5..aeeb99c 100644
--- a/index.yaml
+++ b/index.yaml
@@ -10,7 +10,7 @@ indexes:
 # automatically uploaded to the admin console when you next deploy
 # your application using appcfg.py.
 
-# Used 30 times in query history.
+# Used 137 times in query history.
 - kind: Answer
   properties:
   - name: title
-- 
cgit v1.2.3-59-g8ed1b