From 9457d423aa2ccfeb2e35c2b16700ac1a90b3007c Mon Sep 17 00:00:00 2001 From: Edward Betts Date: Wed, 16 Jun 2021 14:31:58 +0200 Subject: [PATCH] Validate input to missing items API --- web_view.py | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/web_view.py b/web_view.py index 1492968..980e37f 100755 --- a/web_view.py +++ b/web_view.py @@ -23,6 +23,8 @@ DB_URL = "postgresql:///matcher" database.init_db(DB_URL) entity_keys = {"labels", "sitelinks", "aliases", "claims", "descriptions", "lastrevid"} +re_qid = re.compile(r'^Q\d+$') + property_map = [ ("P238", ["iata"], "IATA airport code"), ("P239", ["icao"], "ICAO airport code"), @@ -998,8 +1000,20 @@ def api_find_osm_candidates(item_id): @app.route("/api/1/missing") def api_missing_wikidata_items(): qids_arg = request.args.get("qids") - qids = qids_arg.split(",") - if not qids or not qids[0]: + if not qids_arg: + return jsonify(success=False, + error="required parameter 'qids' is missing", + items=[], + isa_count=[]) + + qids = [] + for qid in qids_arg.upper().split(","): + qid = qid.strip() + m = re_qid.match(qid) + if not m: + continue + qids.append(qid) + if not qids: return jsonify(success=True, items=[], isa_count=[]) lat, lon = request.args.get("lat"), request.args.get("lon")