search

Helioviewer-Project / api

The API for Helioviewer Project Services
Other
7 stars 14 forks source link

Error in HelioviewerLayers.php #127

Closed dgarciabriseno closed 1 year ago

dgarciabriseno commented 2 years ago

Trying to access array offset on value of type bool in /var/www/api.helioviewer.org/src/Helper/HelioviewerLayers.php on line 208

dgarciabriseno commented 2 years ago

Added a little more logging outside of a commit.

dgarciabriseno commented 2 years ago

Found the source of the error. Looks like a bot is sending an invalid screenshot request:

114.119.139.35 - - [19/May/2022:15:16:12 -0400] "GET /index.php?action=takeScreenshot&date=2020-10-03T19:12:04Z&imageScale=2.4204409&layers=%255BSDO HTTP/1.1" 200 42 "http://www.astroversilia.it/2020/03        /23/il-tripletto-del-leone-ai-tempi-del-corona/nggallery/image/leo-triplet-astrov?bld=opzioni-binarie-grossman%2F%2F%2F%2F%2F%2F%2F%2F%2F" "Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, l        ike Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://webmaster.petalsearch.com/site/petalbot)"

The offending parameter is:

&layers=%255BSDO

It is supposed to look like this, with [, ,, and ] replaced with their html escape characters

&layers=[SDO,AIA,304,1,100,0,60,1,2022-05-19T18:24:31.000Z]

The solution should be to validate that the given layer string is valid in the input validator.

dgarciabriseno commented 1 year ago

This is done, I confirmed the given get request returns an error "Invalid layer string"