From 5cef3c44f07fd051b6fae505b3487bd14f1280d6 Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Wed, 9 Nov 2016 23:00:07 +0100 Subject: [PATCH] Trap integer overflow errors in search query This just caused a database error to leak through to the user, but also flooded the logs. --- pgweb/search/views.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pgweb/search/views.py b/pgweb/search/views.py index bf0077b8..3650976f 100644 --- a/pgweb/search/views.py +++ b/pgweb/search/views.py @@ -251,13 +251,18 @@ def search(request): }, RequestContext(request)) # perform the query for general web search - curs.execute("SELECT * FROM site_search(%(query)s, %(firsthit)s, %(hitsperpage)s, %(allsites)s, %(suburl)s)", { + try: + curs.execute("SELECT * FROM site_search(%(query)s, %(firsthit)s, %(hitsperpage)s, %(allsites)s, %(suburl)s)", { 'query': query, 'firsthit': firsthit - 1, 'hitsperpage': hitsperpage, 'allsites': allsites, 'suburl': suburl }) + except ProgrammingError: + return render_to_response('search/sitesearch.html', { + 'search_error': 'Error executing search query.' + }, RequestContext(request)) hits = curs.fetchall() conn.close()