github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 15:28:37 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Gracefully handle an array of IDs passed to Topics#show (#28631)

Browse Source 
We're seeing a lot of log noise coming from unhandled exceptions stemming from requests to TopicsController#show where id is passed in as an array.

In the implementation of the method, we assume that if id is present it will be a string. This is because one of the routes to this action uses :id as a URL fragment, and so must be a string. However, there are other routes that go to this endpoint as well. Some of them don't have this URL fragment, so you can pass an arbitrary id query parameter.

Instead of a downstream unhandled exception, we raise a Discourse::InvalidParameters upfront.
This commit is contained in:
Ted Johansson
2024-08-29 14:22:42 +08:00
committed by GitHub
parent 0ee68b3583
commit bfad9a7170
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/topics_controller.rb
View File

@ -51,6 +51,10 @@ class TopicsController < ApplicationController
end
def show
if params[:id].is_a?(Array)
raise Discourse::InvalidParameters.new("Show only accepts a single ID")
end
flash["referer"] ||= request.referer[0..255] if request.referer
# TODO: We'd like to migrate the wordpress feed to another url. This keeps up backwards