Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Insufficient validation of URL query parameters #723

Open
CHTJonas opened this issue Aug 30, 2019 · 0 comments

Comments

@CHTJonas
Copy link
Member

commented Aug 30, 2019

Some pages use bare URL query strings without sufficient validation or error checking, leading to HTTP 500s further down the line. For example:

$from = new \DateTime($request->query->get('from'));

Navigating to the page https://www.camdram.net/venues/adc-theatre/shows.json?from=2003-01-01?limit=10 will cause an exception to be thrown (DateTime::__construct(): Failed to parse time string (2003-01-01?limit=10) at position 10 (?): Unexpected character). In cases such as these we should look to raise a 4XX client error.

Sentry issue: CAMDRAM-WEB-F2

@CHTJonas CHTJonas added the bug label Aug 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.