Impose comprehensive input validation/sanitization on routes

Troglodyne-Internet-Widgets / tCMS

A Perl CMS with a focus on multiple media types, and flexible data storage backends

Other

2 stars 6 forks source link

Impose comprehensive input validation/sanitization on routes #261

Open teodesian opened 2 years ago

teodesian commented 2 years ago

Argument "25'nvOpzp" isn't numeric in int at lib/Trog/Routes/HTML.pm line 976.

teodesian commented 2 years ago

Argument "all" isn't numeric in int at lib/Trog/Routes/HTML.pm line 976.

teodesian commented 2 years ago

It looks like people are scanning the page/limit fields

I think I should implement comprehensive validators as part of the routes -- define expected params and validator methods This way it's always going to be in a good state for every route

teodesian commented 7 months ago

Also, be sure to add an INFO into the logs which will result in people passing invalid type data to get insta-banned.