Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize offset when listing group activity #2859

drmalex07 opened this issue Jan 30, 2016 · 2 comments

Sanitize offset when listing group activity #2859

drmalex07 opened this issue Jan 30, 2016 · 2 comments


Copy link

@drmalex07 drmalex07 commented Jan 30, 2016

This is a very minor problem, apart that it causes HTTP 500 errors where it should simply ignore the offset parameter (or reply with a HTTP 400). It happens at because offset is not validated and passed as-is to the action api function.

We have encountered this type of errors several times in our production site, since crawling robots insist on trying URLs like

The above is tested on CKAN 2.2, but seems to be exactly the same at the master branch.

@amercader amercader self-assigned this Feb 2, 2016
Copy link

@amercader amercader commented Feb 2, 2016

You are right, we have a couple of these on some actions. The best thing is to add this decorator to the relevant action and try / except a ValidationError on the group controller.

Do you want to submit a small PR for this?

Copy link
Contributor Author

@drmalex07 drmalex07 commented Feb 2, 2016

That's ok, and is roughly what we've done in our fork to overcome it. I think the same problem also shows up in user activity lists (

So, i will return with a PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

2 participants