Closed Bug 1682122 Opened 5 years ago Closed 5 years ago

Protect numeric GET parameters against ValueErrors

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: mathjazz, Assigned: mathjazz)

Details

Attachments

(1 file)

Link to GitHub pull-request: https://github.com/mozilla/pontoon/pull/1770 5 years ago GitHub Bugzilla PR Linker 44 bytes, text/x-github-pull-request		Details \| Review

Matjaz Horvat [:mathjazz]

Assignee

Description

•

5 years ago

Passing GET parameters of wrong type can sometimes result in server errors. That happens particularly often when crawlers or attackers make requests to the views which take integers as inputs (e.g. IDs), causing ValueErrors.

Some of our views have protection against that, but many don't. Let's fix that by validating GET parameters that need to be integers.

GitHub Bugzilla PR Linker

Comment 1

•

5 years ago

Attached file Link to GitHub pull-request: https://github.com/mozilla/pontoon/pull/1770 — Details

Matjaz Horvat [:mathjazz]

Assignee

Updated

•

5 years ago

Status: ASSIGNED → RESOLVED

Closed: 5 years ago

Resolution: --- → FIXED

BMO Automation

Updated

•

4 years ago

Product: Webtools → Webtools Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Protect numeric GET parameters against ValueErrors

Categories

(Webtools Graveyard :: Pontoon, defect, P3)

Tracking

(Not tracked)

People

(Reporter: mathjazz, Assigned: mathjazz)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Updated

Attachment

General

Description

File Name

Content Type