mirror of
https://github.com/postgres/pgweb.git
synced 2025-08-06 09:57:57 +00:00
Return a HttpResponse instead of an exception on NUL in query string parameters
Raising an exception triggers an email-to-admin-action, and the whole reason we have this NUL check is to *avoid* triggering those emails... Hopefully explicitly returning a 400 HttpResponse will maek them go away.
This commit is contained in:
@ -1,6 +1,5 @@
|
||||
from django.conf import settings
|
||||
from django.http import QueryDict
|
||||
from django.core.exceptions import SuspiciousOperation
|
||||
from django.http import QueryDict, HttpResponse
|
||||
|
||||
from pgweb.util.templateloader import initialize_template_collection, get_all_templates
|
||||
|
||||
@ -104,7 +103,11 @@ class PgMiddleware(object):
|
||||
if k not in allowed:
|
||||
del result[k]
|
||||
if "\0" in request.GET[k]:
|
||||
raise SuspiciousOperation("NUL escapes not allowed in query parameters")
|
||||
return HttpResponse(
|
||||
"NUL escapes not allowed in query parameters",
|
||||
content_type='text/plain',
|
||||
status=400
|
||||
)
|
||||
result.mutable = False
|
||||
request.GET = result
|
||||
else:
|
||||
|
Reference in New Issue
Block a user