search

minvws / nl-kat-coordination

Repo nl-kat-coordination for minvws
European Union Public License 1.2
123 stars 55 forks source link

TooManyFieldsSent when generating a report #3390

Open stephanie0x00 opened 4 weeks ago

stephanie0x00 commented 4 weeks ago

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

  1. Go through the onboarding for mispo.es.
  2. Change the filter to " Currently filtered on: Clearance level: L1, L2, L3, L4 Clearance type: Declared, Inherited "
  3. Select all 35 objects
  4. Select all report types
  5. Generate the report and observe the error.

Expected behavior Either a UI restriction preventing me from generating this many reports if such a restriction exists, or otherwise the report for the selected reports.

Screenshots image

OpenKAT version main commit 917f33dc9946ba5c237f0ed0f73dd46a5068433f (HEAD -> main, origin/main, origin/HEAD)

Additional context

<div id="browserTraceback">
    <ul class="traceback">

        <li class="frame django">

            <code class="fname">/usr/local/lib/python3.11/site-packages/django/http/request.py</code>, line 521, in __init__

            <div class="context" id="c128187644604928">

                <ol class="pre-context" id="pre128187644604928" start="514">

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>            # query_string normally contains URL-encoded data, a subset of ASCII.</pre></li>

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>            try:</pre></li>

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>                query_string = query_string.decode(self.encoding)</pre></li>

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>            except UnicodeDecodeError:</pre></li>

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>                # ... but some user agents are misbehaving :-(</pre></li>

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>                query_string = query_string.decode("iso-8859-1")</pre></li>

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>        try:</pre></li>

                </ol>

              <ol class="context-line" start="521">
                <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>            for key, value in parse_qsl(query_string, **parse_qsl_kwargs):
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</pre> <span>…</span></li>
              </ol>

                <ol class="post-context" id="post128187644604928" start="522">

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>                self.appendlist(key, value)</pre></li>

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>        except ValueError as e:</pre></li>

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>            # ValueError can also be raised if the strict_parsing argument to</pre></li>

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>            # parse_qsl() is True. As that is not used by Django, assume that</pre></li>

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>            # the exception was raised by exceeding the value of max_num_fields</pre></li>

                  <li onclick="toggle('pre128187644604928', 'post128187644604928')"><pre>            # instead of fragile checks of exception message strings.</pre></li>

              </ol>

            </div>

              <details>
                <summary class="commands">Local vars</summary>

            </details>

        </li>

        <li class="frame user">

            <code class="fname">/usr/local/lib/python3.11/urllib/parse.py</code>, line 788, in parse_qsl

            <div class="context" id="c128187601889472">

                <ol class="pre-context" id="pre128187601889472" start="781">

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre></pre></li>

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>    # If max_num_fields is defined then check that the number of fields</pre></li>

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>    # is less than max_num_fields. This prevents a memory exhaustion DOS</pre></li>

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>    # attack via post bodies with many fields.</pre></li>

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>    if max_num_fields is not None:</pre></li>

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>        num_fields = 1 + qs.count(separator)</pre></li>

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>        if max_num_fields &lt; num_fields:</pre></li>

                </ol>

              <ol class="context-line" start="788">
                <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>            raise ValueError('Max number of fields exceeded')
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</pre> <span>…</span></li>
              </ol>

                <ol class="post-context" id="post128187601889472" start="789">

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre></pre></li>

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>    r = []</pre></li>

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>    for name_value in qs.split(separator):</pre></li>

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>        if name_value or strict_parsing:</pre></li>

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>            name, has_eq, value = name_value.partition(eq)</pre></li>

                  <li onclick="toggle('pre128187601889472', 'post128187601889472')"><pre>            if not has_eq and strict_parsing:</pre></li>

              </ol>

            </div>

              <details>
                <summary class="commands">Local vars</summary>

            </details>

        </li>

          <li class="cause"><h3>

            The above exception (Max number of fields exceeded) was the direct cause of the following exception:

        </h3></li>

        <li class="frame django">

            <code class="fname">/usr/local/lib/python3.11/site-packages/django/core/handlers/exception.py</code>, line 55, in inner

            <div class="context" id="c128187611124416">

                <ol class="pre-context" id="pre128187611124416" start="48">

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre></pre></li>

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre>        return inner</pre></li>

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre>    else:</pre></li>

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre></pre></li>

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre>        @wraps(get_response)</pre></li>

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre>        def inner(request):</pre></li>

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre>            try:</pre></li>

                </ol>

              <ol class="context-line" start="55">
                <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre>                response = get_response(request)
                               ^^^^^^^^^^^^^^^^^^^^^</pre> <span>…</span></li>
              </ol>

                <ol class="post-context" id="post128187611124416" start="56">

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre>            except Exception as exc:</pre></li>

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre>                response = response_for_exception(request, exc)</pre></li>

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre>            return response</pre></li>

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre></pre></li>

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre>        return inner</pre></li>

                  <li onclick="toggle('pre128187611124416', 'post128187611124416')"><pre></pre></li>

              </ol>

            </div>

              <details>
                <summary class="commands">Local vars</summary>

            </details>

        </li>

        <li class="frame django">

            <code class="fname">/usr/local/lib/python3.11/site-packages/django/core/handlers/base.py</code>, line 185, in _get_response

            <div class="context" id="c128187611121280">

                <ol class="pre-context" id="pre128187611121280" start="178">

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>        inside the request/response middleware.</pre></li>

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>        """</pre></li>

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>        response = None</pre></li>

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>        callback, callback_args, callback_kwargs = self.resolve_request(request)</pre></li>

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre></pre></li>

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>        # Apply view middleware</pre></li>

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>        for middleware_method in self._view_middleware:</pre></li>

                </ol>

              <ol class="context-line" start="185">
                <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>            response = middleware_method(
                            </pre> <span>…</span></li>
              </ol>

                <ol class="post-context" id="post128187611121280" start="186">

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>                request, callback, callback_args, callback_kwargs</pre></li>

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>            )</pre></li>

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>            if response:</pre></li>

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>                break</pre></li>

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre></pre></li>

                  <li onclick="toggle('pre128187611121280', 'post128187611121280')"><pre>        if response is None:</pre></li>

              </ol>

            </div>

              <details>
                <summary class="commands">Local vars</summary>

            </details>

        </li>

        <li class="frame django">

            <code class="fname">/usr/local/lib/python3.11/site-packages/django/middleware/csrf.py</code>, line 465, in process_view

            <div class="context" id="c128187611120128">

                <ol class="pre-context" id="pre128187611120128" start="458">

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre>            # 0.2% of cases or less, so we can use strict Referer checking.</pre></li>

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre>            try:</pre></li>

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre>                self._check_referer(request)</pre></li>

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre>            except RejectRequest as exc:</pre></li>

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre>                return self._reject(request, exc.reason)</pre></li>

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre></pre></li>

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre>        try:</pre></li>

                </ol>

              <ol class="context-line" start="465">
                <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre>            self._check_token(request)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^</pre> <span>…</span></li>
              </ol>

                <ol class="post-context" id="post128187611120128" start="466">

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre>        except RejectRequest as exc:</pre></li>

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre>            return self._reject(request, exc.reason)</pre></li>

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre></pre></li>

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre>        return self._accept(request)</pre></li>

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre></pre></li>

                  <li onclick="toggle('pre128187611120128', 'post128187611120128')"><pre>    def process_response(self, request, response):</pre></li>

              </ol>

            </div>

              <details>
                <summary class="commands">Local vars</summary>

            </details>

        </li>

        <li class="frame django">

            <code class="fname">/usr/local/lib/python3.11/site-packages/django/middleware/csrf.py</code>, line 368, in _check_token

            <div class="context" id="c128187611161088">

                <ol class="pre-context" id="pre128187611161088" start="361">

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>            # CSRF.</pre></li>

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>            raise RejectRequest(REASON_NO_CSRF_COOKIE)</pre></li>

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre></pre></li>

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>        # Check non-cookie token for match.</pre></li>

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>        request_csrf_token = ""</pre></li>

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>        if request.method == "POST":</pre></li>

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>            try:</pre></li>

                </ol>

              <ol class="context-line" start="368">
                <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>                request_csrf_token = request.POST.get("csrfmiddlewaretoken", "")
                                          ^^^^^^^^^^^^</pre> <span>…</span></li>
              </ol>

                <ol class="post-context" id="post128187611161088" start="369">

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>            except UnreadablePostError:</pre></li>

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>                # Handle a broken connection before we've completed reading the</pre></li>

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>                # POST data. process_view shouldn't raise any exceptions, so</pre></li>

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>                # we'll ignore and serve the user a 403 (assuming they're still</pre></li>

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>                # listening, which they probably aren't because of the error).</pre></li>

                  <li onclick="toggle('pre128187611161088', 'post128187611161088')"><pre>                pass</pre></li>

              </ol>

            </div>

              <details>
                <summary class="commands">Local vars</summary>

            </details>

        </li>

        <li class="frame django">

            <code class="fname">/usr/local/lib/python3.11/site-packages/django/core/handlers/wsgi.py</code>, line 93, in _get_post

            <div class="context" id="c128187611154368">

                <ol class="pre-context" id="pre128187611154368" start="86">

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre>    def GET(self):</pre></li>

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre>        # The WSGI spec says 'QUERY_STRING' may be absent.</pre></li>

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre>        raw_query_string = get_bytes_from_wsgi(self.environ, "QUERY_STRING", "")</pre></li>

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre>        return QueryDict(raw_query_string, encoding=self._encoding)</pre></li>

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre></pre></li>

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre>    def _get_post(self):</pre></li>

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre>        if not hasattr(self, "_post"):</pre></li>

                </ol>

              <ol class="context-line" start="93">
                <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre>            self._load_post_and_files()
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^</pre> <span>…</span></li>
              </ol>

                <ol class="post-context" id="post128187611154368" start="94">

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre>        return self._post</pre></li>

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre></pre></li>

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre>    def _set_post(self, post):</pre></li>

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre>        self._post = post</pre></li>

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre></pre></li>

                  <li onclick="toggle('pre128187611154368', 'post128187611154368')"><pre>    @cached_property</pre></li>

              </ol>

            </div>

              <details>
                <summary class="commands">Local vars</summary>

            </details>

        </li>

        <li class="frame django">

            <code class="fname">/usr/local/lib/python3.11/site-packages/django/http/request.py</code>, line 391, in _load_post_and_files

            <div class="context" id="c128187599745984">

                <ol class="pre-context" id="pre128187599745984" start="384">

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>            # content type does not have a charset and should be always treated</pre></li>

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>            # as UTF-8.</pre></li>

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>            if self._encoding is not None and self._encoding.lower() != "utf-8":</pre></li>

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>                raise BadRequest(</pre></li>

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>                    "HTTP requests with the 'application/x-www-form-urlencoded' "</pre></li>

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>                    "content type must be UTF-8 encoded."</pre></li>

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>                )</pre></li>

                </ol>

              <ol class="context-line" start="391">
                <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>            self._post = QueryDict(self.body, encoding="utf-8")
                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</pre> <span>…</span></li>
              </ol>

                <ol class="post-context" id="post128187599745984" start="392">

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>            self._files = MultiValueDict()</pre></li>

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>        else:</pre></li>

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>            self._post, self._files = (</pre></li>

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>                QueryDict(encoding=self._encoding),</pre></li>

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>                MultiValueDict(),</pre></li>

                  <li onclick="toggle('pre128187599745984', 'post128187599745984')"><pre>            )</pre></li>

              </ol>

            </div>

              <details>
                <summary class="commands">Local vars</summary>

            </details>

        </li>

        <li class="frame django">

            <code class="fname">/usr/local/lib/python3.11/site-packages/django/http/request.py</code>, line 528, in __init__

            <div class="context" id="c128187600494528">

                <ol class="pre-context" id="pre128187600494528" start="521">

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>            for key, value in parse_qsl(query_string, **parse_qsl_kwargs):</pre></li>

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>                self.appendlist(key, value)</pre></li>

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>        except ValueError as e:</pre></li>

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>            # ValueError can also be raised if the strict_parsing argument to</pre></li>

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>            # parse_qsl() is True. As that is not used by Django, assume that</pre></li>

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>            # the exception was raised by exceeding the value of max_num_fields</pre></li>

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>            # instead of fragile checks of exception message strings.</pre></li>

                </ol>

              <ol class="context-line" start="528">
                <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>            raise TooManyFieldsSent(
                 ^^^^^^^^</pre> <span>…</span></li>
              </ol>

                <ol class="post-context" id="post128187600494528" start="529">

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>                "The number of GET/POST parameters exceeded "</pre></li>

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>                "settings.DATA_UPLOAD_MAX_NUMBER_FIELDS."</pre></li>

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>            ) from e</pre></li>

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>        self._mutable = mutable</pre></li>

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre></pre></li>

                  <li onclick="toggle('pre128187600494528', 'post128187600494528')"><pre>    @classmethod</pre></li>

              </ol>

            </div>

              <details>
                <summary class="commands">Local vars</summary>

            </details>

        </li>

    </ul>
  </div>

  <form action="https://dpaste.com/" name="pasteform" id="pasteform" method="post">
  <div id="pastebinTraceback" class="pastebin">

    <textarea name="content" id="traceback_area" cols="140" rows="25">Environment:

Request Method: POST
Request URL: http://127.0.0.1:8000/en/aa/reports/generate-report/view/?observed_at=2024-08-21&amp;clearance_level=1&amp;clearance_level=2&amp;clearance_level=3&amp;clearance_level=4&amp;clearance_type=declared&amp;clearance_type=inherited&amp;ooi=all

Django Version: 5.0.8
Python Version: 3.11.9
Installed Applications:
['whitenoise.runserver_nostatic',
 'django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.humanize',
 'django.forms',
 'django_components',
 'django_components.safer_staticfiles',
 'django_otp',
 'django_otp.plugins.otp_static',
 'django_otp.plugins.otp_totp',
 'two_factor',
 'account',
 'tools',
 'fmea',
 'rocky',
 'crisis_room',
 'onboarding',
 'katalogus',
 'django_password_validators',
 'django_password_validators.password_history',
 'rest_framework',
 'tagulous',
 'compressor',
 'reports',
 'knox',
 'csp']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
 'whitenoise.middleware.WhiteNoiseMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.locale.LocaleMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'rocky.middleware.auth_token.AuthTokenMiddleware',
 'django_structlog.middlewares.RequestMiddleware',
 'django_otp.middleware.OTPMiddleware',
 'rocky.middleware.auth_required.AuthRequiredMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'rocky.middleware.onboarding.OnboardingMiddleware',
 'csp.middleware.CSPMiddleware']

Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/django/http/request.py", line 521, in __init__
    for key, value in parse_qsl(query_string, **parse_qsl_kwargs):
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/urllib/parse.py", line 788, in parse_qsl
    raise ValueError('Max number of fields exceeded')
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The above exception (Max number of fields exceeded) was the direct cause of the following exception:
  File "/usr/local/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
               ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/core/handlers/base.py", line 185, in _get_response
    response = middleware_method(

  File "/usr/local/lib/python3.11/site-packages/django/middleware/csrf.py", line 465, in process_view
    self._check_token(request)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/middleware/csrf.py", line 368, in _check_token
    request_csrf_token = request.POST.get("csrfmiddlewaretoken", "")
                         ^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/core/handlers/wsgi.py", line 93, in _get_post
    self._load_post_and_files()
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/http/request.py", line 391, in _load_post_and_files
    self._post = QueryDict(self.body, encoding="utf-8")
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/django/http/request.py", line 528, in __init__
    raise TooManyFieldsSent(
    ^^^^^^^^

Exception Type: TooManyFieldsSent at /en/aa/reports/generate-report/view/
Exception Value: The number of GET/POST parameters exceeded settings.DATA_UPLOAD_MAX_NUMBER_FIELDS.
</textarea>
  <br><br>
  </div></form><div id="requestinfo">
  <h2>Request information</h2>

    <h3 id="user-info">USER</h3>
    <p>superuser@localhost</p>

  <h3 id="get-info">GET</h3>

Variable | Value
-- | --
observed_at | '2024-08-21'
clearance_level | '4'
clearance_type | 'inherited'
ooi | 'all'

</div>

  <div id="explanation">
    <p>
      You’re seeing this error because you have <code>DEBUG = True</code> in your
      Django settings file. Change that to <code>False</code>, and Django will
      display a standard page generated by the handler for this status code.
    </p>
  </div>
underdarknl commented 4 weeks ago

The default seems to be set at a 100 post fields. Which admittedly is a bit low, and would also break on selecting all Objects on the OOI-list page if the number of shown items is bigger than 100. I suggest we increase this max number by changing the setting DATA_UPLOAD_MAX_NUMBER_FIELDS to 500 or so. For usecases where the user wants a report generated on all ooi's, the user should use the 'select all ooi's' button, and as such we should not send the Actual OOI Primary keys to the server, but rather the Query, and use that.