Bootstrap weird characters check should send error response header

RESOLVED FIXED in 4.x (triaged)

Status

addons.mozilla.org Graveyard
Public Pages
--
minor
RESOLVED FIXED
11 years ago
2 years ago

People

(Reporter: wenzel, Assigned: wenzel)

Tracking

4.x (triaged)

Details

Attachments

(1 attachment)

(Assignee)

Description

11 years ago
In bootstrap.php, a check for weird characters in the request URL is performed. When something unusual is found, the request is currently forwarded to the front page.

This can lead to strange results, when Firefox's XPI installer tries downloading a file (it fetches the front page and tries to handle it as a valid file). Instead, such an a failed attempt should return an HTTP error code, possibly "400 Bad Request".
(Assignee)

Updated

11 years ago
Depends on: 372302
Severity: normal → minor
Target Milestone: --- → 3.x (triaged)
(Assignee)

Comment 1

11 years ago
Created attachment 274161 [details] [diff] [review]
Send "bad request" response instead of forwarding to front page

Here's a fix for the issue. Does that seem okay?
Assignee: nobody → fwenzel
Status: NEW → ASSIGNED
Attachment #274161 - Flags: review?
(Assignee)

Updated

11 years ago
Attachment #274161 - Flags: review? → review?(shaver)
(Assignee)

Comment 2

11 years ago
Comment on attachment 274161 [details] [diff] [review]
Send "bad request" response instead of forwarding to front page

Wil, do you have time to review this?

Also, do you think that 400 Bad Request is the right error to throw here?
Attachment #274161 - Flags: review?(shaver) → review?(clouserw)
Comment on attachment 274161 [details] [diff] [review]
Send "bad request" response instead of forwarding to front page

works for me
Attachment #274161 - Flags: review?(clouserw) → review+
(Assignee)

Comment 4

11 years ago
This is in the trunk, r6467, and will go online with the next push. Thanks.
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.