Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malformatted API query parameter values resulting in server errors. #3063

Closed
SychO9 opened this issue Sep 1, 2021 · 0 comments · Fixed by #3064
Closed

Malformatted API query parameter values resulting in server errors. #3063

SychO9 opened this issue Sep 1, 2021 · 0 comments · Fixed by #3064
Assignees
@SychO9
Labels
type/cleanup
Milestone
1.1

Comments

@SychO9
Copy link
Member

SychO9 commented Sep 1, 2021
edited
Loading

If you pass for example ?page[limit]=% to an API endpoint, that results in a server error because the the value is currently not sanitised to be an integer.

We need to check all extraction methods on the AbstractSerializeController and make sure all values are sanitised. While there is currently no risk, user input should not be resulting in server errors.
@SychO9 SychO9 added this to the 1.1 milestone Sep 1, 2021
@SychO9 SychO9 self-assigned this Sep 1, 2021
@SychO9 SychO9 mentioned this issue Sep 2, 2021
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SychO9 SychO9

Labels
type/cleanup
Projects
None yet
Milestone
1.1
Development

Successfully merging a pull request may close this issue.

Sanitise integer query parameters flarum/framework
1 participant
@SychO9