[k] 'NoneType' object has no attribute 'get'

VERIFIED FIXED in 2.2.1

Status

--
major
VERIFIED FIXED
8 years ago
8 years ago

People

(Reporter: stephend, Assigned: rrosario)

Tracking

unspecified
2.2.1

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [infrasec-qa:input], URL)

(Reporter)

Description

8 years ago
Props to Acunetix, which found this :-)

STR:

Load http://support-stage.mozilla.com/en-US/questions/new?product=desktop&category=1ACUstart42423\%27ACUendACUstart42423%22ACUendACUstart42423;ACUend

Traceback:

Traceback (most recent call last):

  File "/data/virtualenvs/kitsune/src/django/django/core/handlers/base.py", line 100, in get_response
    response = callback(request, *callback_args, **callback_kwargs)

  File "/data/www/support-stage-new.mozilla.com/kitsune/apps/questions/views.py", line 119, in new_question
    deadend = category.get('deadend', False)

AttributeError: 'NoneType' object has no attribute 'get'
For the record, I don't think this is a security issue, we just need a better error message (or to ignore) invalid categories.
Since I got > 900 stack traces from an automated scan hitting this => 2.2.1.
Target Milestone: --- → 2.2.1
(Assignee)

Updated

8 years ago
Assignee: nobody → rrosario
(Assignee)

Comment 4

8 years ago
http://github.com/jsocol/kitsune/commit/7fe7228c3d9f449f302b88c2b4e99fe2e37eb014
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
(Reporter)

Comment 5

8 years ago
Verified FIXED; now getting a 404.

Michael: please remove [infrasec-qa:input] if I shouldn't have added it; thanks!
Status: RESOLVED → VERIFIED
Duplicate of this bug: 585806
You need to log in before you can comment on or make changes to this bug.