From 630492b67a6e503a255d179793545e37245307ea Mon Sep 17 00:00:00 2001
From: Manuel Araoz <manuelaraoz@gmail.com>
Date: Wed, 29 Apr 2015 12:24:47 -0300
Subject: [PATCH] add additional checks to /v1/blocks

---
 api/controllers/blocks.js | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/api/controllers/blocks.js b/api/controllers/blocks.js
index 8eafd3ea..38514522 100644
--- a/api/controllers/blocks.js
+++ b/api/controllers/blocks.js
@@ -68,12 +68,31 @@ Blocks.list = function(req, res) {
   var offset = parseInt(req.query.offset || 0);
   var limit = parseInt(req.query.limit || 10);
 
+  if (from < 0) {
+    res.status(422);
+    res.send('/v1/blocks/ "from" must be valid block height (a positive integer)');
+    return;
+  }
+  if (to < 0) {
+    res.status(422);
+    res.send('/v1/blocks/ "to" must be valid block height (a positive integer)');
+    return;
+  }
+  if (offset < 0) {
+    res.status(422);
+    res.send('/v1/blocks/ "offset" must be a positive integer');
+    return;
+  }
+  if (limit < 0) {
+    res.status(422);
+    res.send('/v1/blocks/ "limit" must be a positive integer');
+    return;
+  }
   if (to < from) {
     res.status(422);
     res.send('/v1/blocks/ "to" must be >= "from"');
     return;
   }
-  // TODO: add more parameter validation
 
   // TODO: return block_summary instead of block_full
   node.blockService.listBlocks(from, to, offset, limit)