The dm-sheriff site crashes when invalid date values are passed in the URL. An ArgumentError is thrown and a RoR error page displayed. STR 1. Visit https://dm-sheriff01.mozilla.org/?today="&from="&to=" 2. You will get an error page Code http://github.com/kourge/sheriff/blob/master/app.rb#L23 Date.parse() is called on user supplied data in lines 23/24 . The resulting exception is not caught resulting in application crash. Suggested fix Catch the ArgumentError exception and log that malicious input was encountered
The server appears to go down while testing and comes back up eventually. During this time, my session is invalid and I can't log back in. Does the application automatically restart after a given amount of time?
The application appears to have crashed after inputting a negative value on the preferences page for 'Email me about my upcoming sheriff duties X days in advance'
Component: Webdev → Sheriff
Product: mozilla.org → Webtools
Component: Sheriff → Sheriff Calendar
Product: Webtools → Webtools Graveyard
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.