Bug #4710

invalid input in GET request causes server error

Added by Justin Simpson over 9 years ago. Updated almost 9 years ago.

Status:VerifiedStart date:02/20/2013
Priority:MediumDue date:
Assignee:José Raddaoui Marín% Done:

100%

Category:SecurityEstimated time:2.00 hours
Target version:Release 1.4.0
Google Code Legacy ID: Tested version:
Sponsored:No Requires documentation:

Description

e.g. url http://demo.ica-atom.org/;informationobject/browse?limit=1(((

test value of incoming GET parameters to make sure they are of the correct datatype. In this example, limit must be an integer between 1 and MAX_VALUE. MAX_VALUE should be configurable, either via the gui (admin-settings) or in a config file.

History

#1 Updated by Jesús García Crespo about 9 years ago

  • Assignee changed from David Juhasz to Jesús García Crespo

#2 Updated by José Raddaoui Marín almost 9 years ago

  • Assignee changed from Jesús García Crespo to José Raddaoui Marín

#3 Updated by José Raddaoui Marín almost 9 years ago

  • Estimated time set to 2.00

#4 Updated by José Raddaoui Marín almost 9 years ago

  • Status changed from New to QA/Review
  • % Done changed from 0 to 100

Applied in changeset atom|commit:406ed9b9f164979457be801c104027c6e9a8b4e2.

#5 Updated by Dan Gillean almost 9 years ago

  • Status changed from QA/Review to Verified

Also available in: Atom PDF