search

indico / indico

Indico - A feature-rich event management system, made @ CERN, the place where the Web was born.
https://getindico.io
MIT License
1.78k stars 430 forks source link

Error creating booking - possible input validation issue #402

Closed pferreir closed 14 years ago

pferreir commented 14 years ago 
# Ticket imported from Trac
# Originally assigned to: irolewic

We are receiving an error that seems to stem from improper input validation.

--------------------
User Comments

--------------------
Error details

exception message => list index out of range
exception type => exceptions.IndexError
traceback => 
  File "/usr/lib/python2.4/site-packages/cds_indico-0.97b2-py2.4.egg/MaKaC/webinterface/rh/base.py", line 462, in process
    self._checkParams( self._reqParams )

  File "/usr/lib/python2.4/site-packages/cds_indico-0.97b2-py2.4.egg/MaKaC/webinterface/rh/roomBooking.py", line 1022, in _checkParams
    candResv = self._loadResvCandidateFromParams( None, params )

  File "/usr/lib/python2.4/site-packages/cds_indico-0.97b2-py2.4.egg/MaKaC/webinterface/rh/roomBooking.py", line 413, in _loadResvCandidateFromParams
    self._checkParamsRepeatingPeriod( params )

  File "/usr/lib/python2.4/site-packages/cds_indico-0.97b2-py2.4.egg/MaKaC/webinterface/rh/roomBooking.py", line 127, in _checkParamsRepeatingPeriod
    sMinute = int( t[1] )

request handler => <class 'MaKaC.webinterface.rh.roomBooking.RHRoomBookingBookingForm'>
url => http://indico.cern.ch/roomBooking.py/bookingForm?roomLocation=CERN&roomID=100
indico-bot commented 14 years ago 
# Original comment by ian.rolewicz@c...

commit f25ab48c53175c458765a5be5f6aaba1337cfec6 Author: Ian Rolewicz ian.rolewicz@c... Date: Fri May 21 08:47:56 2010 +0200

[FIX] Error on booking creation

    - fixes #402
    - Added additional format checking on the server side to prevent users from getting this problem.
    - We suppose the users were using the Enter key to submit the form, which happened to bypass the validity checking of the fields
    - JavaScript was added to handle the case when a key is pressed
    - Other forms in the code were checked in order to see if any of them was submitted the same way, but none was find.
indico-bot commented 14 years ago 
# Original comment by Ian Rolewicz <ian.rolewicz@c...>

In f25ab48c53175c458765a5be5f6aaba1337cfec6:

[FIX] Error on booking creation

    - fixes #402
    - Added additional format checking on the server side to prevent users from getting this problem.
    - We suppose the users were using the Enter key to submit the form, which happened to bypass the validity checking of the fields
    - JavaScript was added to handle the case when a key is pressed
    - Other forms in the code were checked in order to see if any of them was submitted the same way, but none was find.
indico-bot commented 14 years ago 
# Original comment by Ian Rolewicz <ian.rolewicz@c...>

In f25ab48c53175c458765a5be5f6aaba1337cfec6:

[FIX] Error on booking creation

    - fixes #402
    - Added additional format checking on the server side to prevent users from getting this problem.
    - We suppose the users were using the Enter key to submit the form, which happened to bypass the validity checking of the fields
    - JavaScript was added to handle the case when a key is pressed
    - Other forms in the code were checked in order to see if any of them was submitted the same way, but none was find.