From d6133d628647281f97f2450f0e215039fc377fe5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Sat, 8 Dec 2018 08:25:24 +0100
Subject: [PATCH] api: check limit/offset parameters are valid (#28773)

---
 wcs/api.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/wcs/api.py b/wcs/api.py
index ced09c2fc..4fee511e0 100644
--- a/wcs/api.py
+++ b/wcs/api.py
@@ -213,9 +213,15 @@ class ApiFormsDirectory(Directory):
             roles_criterias = criterias
             criterias = management_directory.get_global_listing_criterias(ignore_user_roles=True)
 
-        limit = int(get_request().form.get('limit',
-            get_publisher().get_site_option('default-page-size') or 20))
-        offset = int(get_request().form.get('offset', 0))
+        def default_int(value, default):
+            try:
+                return int(value)
+            except (TypeError, ValueError):
+                return default
+
+        limit = default_int(get_request().form.get('limit',
+            get_publisher().get_site_option('default-page-size')), 20)
+        offset = default_int(get_request().form.get('offset'), 0)
         order_by = get_request().form.get('order_by',
             get_publisher().get_site_option('default-sort-order') or '-receipt_time')
 
-- 
2.20.0.rc2