Return a HttpResponse instead of an exception on NUL in query string parameters

Raising an exception triggers an email-to-admin-action, and the whole
reason we have this NUL check is to *avoid* triggering those emails...
Hopefully explicitly returning a 400 HttpResponse will maek them go
away.
This commit is contained in:
Magnus Hagander
2021-11-04 17:07:50 +01:00
parent c4b2b65e8a
commit 37a5e66403

View File

@ -1,6 +1,5 @@
from django.conf import settings
from django.http import QueryDict
from django.core.exceptions import SuspiciousOperation
from django.http import QueryDict, HttpResponse
from pgweb.util.templateloader import initialize_template_collection, get_all_templates
@ -104,7 +103,11 @@ class PgMiddleware(object):
if k not in allowed:
del result[k]
if "\0" in request.GET[k]:
raise SuspiciousOperation("NUL escapes not allowed in query parameters")
return HttpResponse(
"NUL escapes not allowed in query parameters",
content_type='text/plain',
status=400
)
result.mutable = False
request.GET = result
else: