validate uuid token before use

cfp/decorators.py

@@ -1,8 +1,10 @@
 from django.core.exceptions import PermissionDenied
 from django.contrib.auth.decorators import login_required
 from django.shortcuts import get_object_or_404
+from django.http import Http404
 
 from functools import wraps
+from uuid import UUID
 
 from cfp.utils import is_staff
 from cfp.models import Participant, Volunteer
@@ -12,6 +14,10 @@ def speaker_required(view_func):
     def wrapped_view(request, **kwargs):
         speaker_token = kwargs.pop('speaker_token')
         if speaker_token:
+            try:
+                speaker_token = UUID(speaker_token)
+            except ValueError:
+                raise Http404
             speaker = get_object_or_404(Participant, site=request.conference.site, token=speaker_token)
         elif request.user.is_authenticated():
             speaker = get_object_or_404(Participant, site=request.conference.site, email=request.user.email)
@@ -26,6 +32,10 @@ def volunteer_required(view_func):
     def wrapped_view(request, **kwargs):
         volunteer_token = kwargs.pop('volunteer_token')
         if volunteer_token:
+            try:
+                volunteer_token = UUID(volunteer_token)
+            except ValueError:
+                raise Http404
             volunteer = get_object_or_404(Volunteer, site=request.conference.site, token=volunteer_token)
         elif request.user.is_authenticated():
             volunteer = get_object_or_404(Volunteer, site=request.conference.site, email=request.user.email)