Project

General

Profile

Bug #118

request parameters are not validated

Added by over 13 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Target version:
Start date:
Due date:
% Done:

0%

Resolution:
fixed

Description

If you request, for example, a summary with limit=0 prewikka returns a 'division by 0 error' and a python trace back. Probably will be nicer if a the user requests an imposible situation the interface return a better error (and, why not, a correct page). I made a little patch to the limit=0 specific problem. But the patch have some issues like do not alert to the user and only work for the limit paramenter.

--- prewikka.cgi        2005-12-20 18:05:27.412040635 -0300
+++ prewikka.cgi.orig   2005-12-20 18:03:51.625609869 -0300
@@ -33,8 +33,7 @@
         Request.Request.init(self)
         fs = cgi.FieldStorage()
         for key in fs.keys():
-            value = fs.getvalue(key)
-            if not (key == "limit" and value <= '0'): self.arguments[key] = value
+            self.arguments[key] = fs.getvalue(key)
         for key in fs.headers.keys():
             self.input_headers[key] = fs.headers.get(key)

thanks for your help

History

#1 Updated by Yoann VANDOORSELAERE over 13 years ago

  • Status changed from New to Assigned

Thanks for the contribution! Unfortunately, this patch is prewikka.cgi centric, and a better solution need to be implemented from messagelisting.py.

#2 Updated by Yoann VANDOORSELAERE over 13 years ago

  • Status changed from Assigned to Closed
  • Resolution set to fixed

Fixed in r7539.

#3 Updated by Yoann VANDOORSELAERE almost 10 years ago

  • Project changed from PRELUDE SIEM to Prewikka
  • Category deleted (5)
  • Target version deleted (0.9.3)

Also available in: Atom PDF