Closed Bug 641879 Opened 13 years ago Closed 13 years ago

Malformed search queries return 500 Internal Server Errors

Tracking

(Not tracked)

Status:

VERIFIED FIXED

Milestone:

1.7.7

People

(Reporter: stephend, Assigned: rhelmer)

References

(
URL
)

Details

(Whiteboard: [fuzzer])

Attachments

(1 file)

default to simple search, ignore invalid querytype 13 years ago Robert Helmer [:rhelmer] 742 bytes, patch	ryansnyder : review+	Details \| Diff \| Splinter Review

Stephen Donner [:stephend] Not actively reading bugmail

Reporter

Description

•

13 years ago

The following queries are all producing 500 Internal Server Errors:

500 HTTP Error code with Vulnerable URL: https://crash-stats.stage.mozilla.com/query/query?query_type=http%3A%2F%2Fwww.google.com%2F&do_query=1&query=%2F

500 HTTP Error code with Vulnerable URLhttps://crash-stats.stage.mozilla.com/query/query?query_type=a%3Benv&do_query=1&query=%2F

500 HTTP Error code with Vulnerable URL: https://crash-stats.stage.mozilla.com/query/query?query_type=%BF%27%22%28&do_query=1&query=%2F

500 HTTP Error code with Vulnerable URL: https://crash-stats.stage.mozilla.com/query/query?query_type=<script>var+pf_68747470733a2f2f63726173682d73746174732e73746167652e6d6f7a696c6c612e636f6d2f71756572792f7175657279_71756572795f74797065=new+Boolean();</script>&do_query=1&query=/

Flags: in-testsuite?

Flags: in-litmus?

Stephen Donner [:stephend] Not actively reading bugmail

Reporter

Updated

•

13 years ago

Whiteboard: [fuzzer]

Laura Thomson :laura

Updated

•

13 years ago

Assignee: nobody → rhelmer

Robert Helmer [:rhelmer]

Assignee

Updated

•

13 years ago

Status: NEW → ASSIGNED

Priority: -- → P1

Robert Helmer [:rhelmer]

Assignee

Comment 1

•

13 years ago

Attached patch default to simple search, ignore invalid querytype — Details — Splinter Review

Since $params['query_type'] is UGC, ignore it if it's not in our list of valid query types and default to 'simple'.

Attachment #519788 - Flags: review?(ryan)

Attachment #519788 - Flags: feedback?(laura)

Ryan Snyder [:ryansnyder] [:rsnyder] [:rysny]

Updated

•

13 years ago

Attachment #519788 - Flags: review?(ryan) → review+

Robert Helmer [:rhelmer]

Assignee

Comment 2

•

13 years ago

Committed revision 3009.

Status: ASSIGNED → RESOLVED

Closed: 13 years ago

Resolution: --- → FIXED

Stephen Donner [:stephend] Not actively reading bugmail

Reporter

Comment 3

•

13 years ago

Verified FIXED using https://crash-stats.stage.mozilla.com/query/query?query_type=http%3A%2F%2Fwww.google.com%2F&do_query=1&query=%2F.  Filed follow-up bug 642580 to deal with a bunch of others.

Status: RESOLVED → VERIFIED

Laura Thomson :laura

Updated

•

13 years ago

Attachment #519788 - Flags: feedback?(laura)

Nobody; OK to take it and work on it

Updated

•

13 years ago

Component: Socorro → General

Product: Webtools → Socorro

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Malformed search queries return 500 Internal Server Errors

Categories

(Socorro :: General, task, P1)

Tracking

(Not tracked)

People

(Reporter: stephend, Assigned: rhelmer)

References

(
URL
)

Details

(Whiteboard: [fuzzer])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Updated

Updated

Comment 1

Updated

Comment 2

Comment 3

Updated

Updated

Attachment

General

Description

File Name

Content Type