search

freezed / ocp8

Du gras, oui, mais de qualité!
GNU General Public License v3.0
1 stars 0 forks source link

Regex isn't safe enough to parse URL query string #13

Closed freezed closed 5 years ago

freezed commented 5 years ago

if a key ends by s= (foos= by ex.) 1st check pass, but do not find the key GET['s'] and crash.

Traceback :

Request Method: GET
Request URL: http://127.0.0.1:8000/ersatz/search/?foos=fromage
Exception Type: MultiValueDictKeyError at /ersatz/search/
Exception Value: 's'