github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-31 14:48:03 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Prevent null-byte searches causing 500 error (#8226)

Browse Source 
This fix ensures that searches that contain a null byte return a 400
error instead of causing a 500 error.

For some reason from rspec we will reach the raise statement inside
of the `rescue_from ArgumentError` block, but outside of rspec it will
not execute the raise statement and so a 500 is thrown instead of
reaching the `rescue_from Discourse::InvalidParameters` block inside of
the application controller.

This fix raises Discourse::InvalidParameters directly from the search
controller instead of relying on `PG::Connection.escape_string` to
raise the `ArgumentError`.
This commit is contained in:
Blake Erickson
2019-10-22 08:44:52 -06:00
committed by GitHub
parent 283a0add80
commit 7d09af7eda
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
spec/requests/search_controller_spec.rb
View File

@ -197,6 +197,13 @@ describe SearchController do
expect(response.status).to eq(400)
end
it "returns a 400 error if you search for null bytes" do
term = "hello\0hello"
get "/search.json", params: { q: term }
expect(response.status).to eq(400)
end
it "logs the search term" do
SiteSetting.log_search_queries = true
get "/search.json", params: { q: 'bantha' }