search

Charcoal-SE / metasmoke

Web dashboard for SmokeDetector.
https://metasmoke.erwaysoftware.com
Creative Commons Zero v1.0 Universal
43 stars 34 forks source link

Problem with filter #47

Closed AWegnerGitHub closed 7 years ago

AWegnerGitHub commented 7 years ago

I am attempting to query the posts/search route with the following parameters (plus a valid key):

filter='%00%00%00%00%00%00%00%03%C3%BF%C3%BF%C2%80%00%00%00%00%00'
from_date=1481241600
to_date=1481846400

This filter should be everything in the posts section from here.

Url: https://metasmoke.erwaysoftware.com/api/posts/search/?filter=%2500%2500%2500%2500%2500%2500%2500%2503%25C3%25BF%25C3%25BF%25C2%2580%2500%2500%2500%2500%2500&from_date=1481241600&to_date=1481846400&key=aa6cb28600cfa209789a33284bca4b025beed39c5dfb171d5030c88189403d81&per_page=100&page=1

Error message:

Mysql2::Error: Unknown column 'api_keys.updated_at' in 'field list': SELECT api_keys.updated_at, api_keys.user_id, api_tokens.id, api_tokens.user_id, api_tokens.token, blacklisted_websites.created_at, blacklisted_websites.updated_at, commit_statuses.ci_url, deletion_logs.is_deleted, deletion_logs.updated_at, feedbacks.user_name, feedbacks.user_link, feedbacks.invalidated_at, feedbacks.chat_user_id, flags.reason, flags.updated_at, flags.post_id, ignored_users.user_id, ignored_users.created_at, posts.post_creation_date, posts.created_at, posts.score, posts.stack_exchange_user_id, posts.is_fp, posts_reasons.post_id, reasons.id, roles.resource_id, roles.created_at, sites.created_at, smoke_detectors.last_ping, smoke_detectors.location, smoke_detectors.updated_at, smoke_detectors.email_date, stack_exchange_users.question_count, stack_exchange_users.reputation, users.meta_stackexchange_chat_id, users_roles.user_id FROM `posts` WHERE (`posts`.`created_at` > '2016-12-09 00:00:00') AND (`posts`.`created_at` < '2016-12-16 00:00:00') ORDER BY `posts`.`id` DESC LIMIT 100 OFFSET 0

I attempted to add the api_keys filters too, but that didn't solve the problem.

ferrybig commented 7 years ago

You double encoded the filter string, the filter string the filter page creates is already percent encoded, and shouldn't be encoded again.

https://metasmoke.erwaysoftware.com/api/posts/search/?filter=%00%00%00%00%00%00%00%03%C3%BF%C3%BF%C2%80%00%00%00%00%00&from_date=1481241600&to_date=1481846400&key=aa6cb28600cfa209789a33284bca4b025beed39c5dfb171d5030c88189403d81&per_page=100&page=1 works for me

Also, you left your metasmoke key in the url, you should consider it compromised now

ArtOfCode- commented 7 years ago

^ That, except the key isn't too sensitive.