[OH-Dev] [issue1017] mysite/search/views.py crash on invalid ?start= parameter

[Asheesh Laroia]

New submission from Asheesh Laroia <asheesh at asheesh.org>:

I received this crash notification from the backend (via the
monitoring-private list), where if you go to
openhatch.org/search/?next=not_an_int , the backend crashes trying to turn
not_an_int into an integer.

Probably, we should catch this error via Python's exception catching
capacity and serve a HTTP redirect to the cleaned-up URL that they intended
to request. Probably we would redirect to something that just doesn't have
the ?next= parameter, if it doesn't parse properly as an integer.

We should also have a unit test that covers this.

It a reasonably straightforward fix. The hard part is writing a test and
generating the URL to redirect to.

---------- Forwarded message ----------
From: <mr_website at linode.openhatch.org>
Date: Mon, Jul 14, 2014 at 4:37 AM
Subject: [Monitoring-private] [Kaboom at OH] ERROR (EXTERNAL IP): Internal
Server Error: /search/
To: monitoring-private at lists.openhatch.org

Traceback (most recent call last):

  File
"/home/deploy/milestone-a.buildout/vendor/packages/Django/django/core/handlers/base.py",
line 109, in get_response
    response = callback(request, *callback_args, **callback_kwargs)

  File "/home/deploy/milestone-a.buildout/mysite/search/views.py", line 70,
in search_index
    start = int(request.GET.get('start', 1))

ValueError: invalid literal for int() with base 10: "111' or 1=@@version--"

----------
files: unnamed
messages: 4464
nosy: paulproteus
status: unread
title: mysite/search/views.py crash on invalid ?start= parameter

__________________________________________
Roundup issue tracker <bugs at openhatch.org>
<https://openhatch.org/bugs/issue1017>
__________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openhatch.org/pipermail/devel/attachments/20140714/11938589/attachment.html>