From 4eb08ec1d429e827cf4a89070c4fca6151e7aab5 Mon Sep 17 00:00:00 2001
From: Emmanuel Viennet <emmanuel.viennet@gmail.com>
Date: Tue, 10 May 2022 18:18:44 +0200
Subject: [PATCH] formsemestre_recapcomplet: 404 if invalid formsemestre_id

---
 app/scodoc/sco_recapcomplet.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/scodoc/sco_recapcomplet.py b/app/scodoc/sco_recapcomplet.py
index 96d576bf..cc4fb2bc 100644
--- a/app/scodoc/sco_recapcomplet.py
+++ b/app/scodoc/sco_recapcomplet.py
@@ -32,7 +32,7 @@ import time
 from xml.etree import ElementTree
 
 from flask import g, request
-from flask import url_for
+from flask import abort, url_for
 
 from app import log
 from app.but import bulletin_but
@@ -83,6 +83,8 @@ def formsemestre_recapcomplet(
     force_publishing: publie les xml et json même si bulletins non publiés
     selected_etudid: etudid sélectionné (pour scroller au bon endroit)
     """
+    if not isinstance(formsemestre_id, int):
+        abort(404)
     formsemestre = FormSemestre.query.get_or_404(formsemestre_id)
     file_formats = {"csv", "json", "xls", "xlsx", "xlsall", "xml"}
     supported_formats = file_formats | {"html", "evals"}