github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-02 02:05:49 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Handle bad parameters in TopicsController#wordpress (#23404)

Browse Source 
We're seeing a large number of log noise from this endpoint due to malicious scanners that are trying to send clever params and seeing if they can break something.

This change simply rescues any NoMethodError during parameter parsing and re-raises a Discourse::InvalidParameters exception, which will be caught and render a 400.
This commit is contained in:
Ted Johansson
2023-09-05 16:35:46 +08:00
committed by GitHub
parent cf8c3cf3f0
commit 752a2cc654
2 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
spec/requests/topics_controller_spec.rb
View File

@ -78,6 +78,12 @@ RSpec.describe TopicsController do
"#{Discourse.base_url_no_prefix}#{moderator.avatar_template}",
)
end
it "does not error out when using invalid parameters" do
get "/t/#{p1.topic.id}/wordpress.json", params: { topic_id: 1, best: { leet: "haxx0r" } }
expect(response.status).to eq(400)
end
end
describe "#move_posts" do