From 435c98b35c80288f9e6af08d5272052a460c4a23 Mon Sep 17 00:00:00 2001
From: Jessica McKellar <jesstess@humbughq.com>
Date: Sat, 8 Dec 2012 12:31:41 -0500
Subject: [PATCH] Be more picky about the type of get_old_messages's narrow
 POST parameter.

This addresses 500s observed on prod due to bad narrow values.

(imported from commit 5a865ce41e8a90d3990332d906cba4336eb53ada)
---
 zephyr/views.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/zephyr/views.py b/zephyr/views.py
index 8805f62dbb..98b7bd4c6c 100644
--- a/zephyr/views.py
+++ b/zephyr/views.py
@@ -51,6 +51,12 @@ def to_non_negative_int(x):
         raise ValueError("argument is negative")
     return x
 
+def from_json_to_dict(json):
+    data = simplejson.loads(json)
+    if not isinstance(data, dict):
+        raise ValueError("argument is not a dictionary")
+    return data
+
 def get_stream(stream_name, realm):
     try:
         return Stream.objects.get(name__iexact=stream_name, realm=realm)
@@ -254,7 +260,7 @@ def api_get_old_messages(request, user_profile,
 def get_old_messages_backend(request, anchor = POST(converter=to_non_negative_int),
                              num_before = POST(converter=to_non_negative_int),
                              num_after = POST(converter=to_non_negative_int),
-                             narrow = POST('narrow', converter=simplejson.loads),
+                             narrow = POST('narrow', converter=from_json_to_dict),
                              user_profile=None, apply_markdown=True):
     query = Message.objects.select_related().filter(usermessage__user_profile = user_profile).order_by('id')