Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(api-v2): Don't check file extensions of XSL files and Gravsearch templates (DSP-1005) #1749

Merged
merged 6 commits into from Nov 5, 2020

Conversation

@benjamingeer
Copy link
Collaborator

@benjamingeer benjamingeer commented Nov 5, 2020

  • Don't check the extension of a file in Sipi used as an XSL transformation
  • Don't check the extension of a file in Sipi used as a Gravsearch template
  • Don't accept a full-text search term that looks like a Gravsearch query
  • Improve error messages

resolves DSP-1005

@benjamingeer benjamingeer self-assigned this Nov 5, 2020
benjamingeer added 4 commits Nov 5, 2020
@benjamingeer benjamingeer requested a review from SepidehAlassi Nov 5, 2020
Copy link
Contributor

@SepidehAlassi SepidehAlassi left a comment

This looks good, thanks for the quick fix!

get {
requestContext =>
val searchString = stringFormatter.toSparqlEncodedString(searchval, throw BadRequestException(s"Invalid search string: '$searchval'"))
if (searchStr.contains(OntologyConstants.KnoraApi.ApiOntologyHostname)) {
throw BadRequestException("It looks like you are submitting a Gravsearch request to a full-text search route")

This comment has been minimized.

@SepidehAlassi

SepidehAlassi Nov 5, 2020
Contributor

hahaha, I love this!

@benjamingeer
Copy link
Collaborator Author

@benjamingeer benjamingeer commented Nov 5, 2020

Thanks for reviewing!

@subotic subotic merged commit 905766f into main Nov 5, 2020
8 checks passed
8 checks passed
Build Everything
Details
API Unit Tests
Details
API E2E Tests
Details
API Integration Tests
Details
Upgrade Integration Tests
Details
Docs Build Test
Details
Update next release draft
Details
Publish (on merge to main)
Details
@subotic subotic deleted the fix/DSP-1005-xsl-file branch Nov 5, 2020
@subotic subotic added the bug label Nov 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants