projects / pgweb.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1adaab8) | patch
Explicitly disallow NUL characters in URL parameters
authorMagnus Hagander <magnus@hagander.net>
Sun, 12 Sep 2021 12:40:13 +0000 (14:40 +0200)
committerMagnus Hagander <magnus@hagander.net>
Sun, 12 Sep 2021 12:40:13 +0000 (14:40 +0200)
commit379796952f830751f280d988199dc1a39e038ac0
treebe18c8ef1710fb4a5911db688db3e703f718e14btree
parent1adaab8955ccf022b1c22b23d62a383854eb0e9ecommit | diff
Explicitly disallow NUL characters in URL parameters

This would already not work at a lower layer, but would typically
generate an internal server error exception instead of just an error
message.

Instead, put an explicit check in the middleware that's already
validating the query parameters and reject them with a 400 error.
pgweb/util/middleware.py diff | blob | blame | history
This is the code for the postgresql.org website