request parameters are not validated
If you request, for example, a summary with limit=0 prewikka returns a 'division by 0 error' and a python trace back. Probably will be nicer if a the user requests an imposible situation the interface return a better error (and, why not, a correct page). I made a little patch to the limit=0 specific problem. But the patch have some issues like do not alert to the user and only work for the limit paramenter.
--- prewikka.cgi 2005-12-20 18:05:27.412040635 -0300 +++ prewikka.cgi.orig 2005-12-20 18:03:51.625609869 -0300 @@ -33,8 +33,7 @@ Request.Request.init(self) fs = cgi.FieldStorage() for key in fs.keys(): - value = fs.getvalue(key) - if not (key == "limit" and value <= '0'): self.arguments[key] = value + self.arguments[key] = fs.getvalue(key) for key in fs.headers.keys(): self.input_headers[key] = fs.headers.get(key)
thanks for your help
#1 Updated by Yoann VANDOORSELAERE over 17 years ago
- Status changed from New to Assigned
Thanks for the contribution! Unfortunately, this patch is prewikka.cgi centric, and a better solution need to be implemented from messagelisting.py.
#2 Updated by Yoann VANDOORSELAERE over 17 years ago
- Status changed from Assigned to Closed
- Resolution set to fixed
Fixed in r7539.
#3 Updated by Yoann VANDOORSELAERE about 14 years ago
- Project changed from PRELUDE SIEM to Prewikka
- Category deleted (
- Target version deleted (