From 6f8e68846c445e48130289b0bcc9177a421d847c Mon Sep 17 00:00:00 2001
From: virusdefender <virusdefender@outlook.com>
Date: Tue, 26 Mar 2019 09:33:05 +0800
Subject: [PATCH] check is id

---
 contest/views/oj.py | 4 ++--
 utils/shortcuts.py  | 7 +++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/contest/views/oj.py b/contest/views/oj.py
index 6626badb..3aeb6810 100644
--- a/contest/views/oj.py
+++ b/contest/views/oj.py
@@ -8,7 +8,7 @@ from django.core.cache import cache
 from problem.models import Problem
 from utils.api import APIView, validate_serializer
 from utils.constants import CacheKey
-from utils.shortcuts import datetime2str
+from utils.shortcuts import datetime2str, check_is_id
 from account.models import AdminType
 from account.decorators import login_required, check_contest_permission
 
@@ -35,7 +35,7 @@ class ContestAnnouncementListAPI(APIView):
 class ContestAPI(APIView):
     def get(self, request):
         id = request.GET.get("id")
-        if not id:
+        if not id or not check_is_id(id):
             return self.error("Invalid parameter, id is required")
         try:
             contest = Contest.objects.get(id=id, visible=True)
diff --git a/utils/shortcuts.py b/utils/shortcuts.py
index 1569ce31..f4c7e85e 100644
--- a/utils/shortcuts.py
+++ b/utils/shortcuts.py
@@ -85,3 +85,10 @@ def get_env(name, default=""):
 
 def DRAMATIQ_WORKER_ARGS(time_limit=3600_000, max_retries=0, max_age=7200_000):
     return {"max_retries": max_retries, "time_limit": time_limit, "max_age": max_age}
+
+
+def check_is_id(value):
+    try:
+        return int(value) > 0
+    except Exception as e:
+        return False