[OH-Dev] [issue1017] mysite/search/views.py crash on invalid ?start= parameter
Asheesh Laroia
bugs at openhatch.org
Mon Jul 14 13:15:52 UTC 2014
New submission from Asheesh Laroia <asheesh at asheesh.org>:
I received this crash notification from the backend (via the
monitoring-private list), where if you go to
openhatch.org/search/?next=not_an_int , the backend crashes trying to turn
not_an_int into an integer.
Probably, we should catch this error via Python's exception catching
capacity and serve a HTTP redirect to the cleaned-up URL that they intended
to request. Probably we would redirect to something that just doesn't have
the ?next= parameter, if it doesn't parse properly as an integer.
We should also have a unit test that covers this.
It a reasonably straightforward fix. The hard part is writing a test and
generating the URL to redirect to.
---------- Forwarded message ----------
From: <mr_website at linode.openhatch.org>
Date: Mon, Jul 14, 2014 at 4:37 AM
Subject: [Monitoring-private] [Kaboom at OH] ERROR (EXTERNAL IP): Internal
Server Error: /search/
To: monitoring-private at lists.openhatch.org
Traceback (most recent call last):
File
"/home/deploy/milestone-a.buildout/vendor/packages/Django/django/core/handlers/base.py",
line 109, in get_response
response = callback(request, *callback_args, **callback_kwargs)
File "/home/deploy/milestone-a.buildout/mysite/search/views.py", line 70,
in search_index
start = int(request.GET.get('start', 1))
ValueError: invalid literal for int() with base 10: "111' or 1=@@version--"
----------
files: unnamed
messages: 4464
nosy: paulproteus
status: unread
title: mysite/search/views.py crash on invalid ?start= parameter
__________________________________________
Roundup issue tracker <bugs at openhatch.org>
<https://openhatch.org/bugs/issue1017>
__________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openhatch.org/pipermail/devel/attachments/20140714/11938589/attachment.html>
More information about the Devel
mailing list