search

openmeteo / enhydris

A database with a web interface for the storage and management of hydro/meteorological measurements and time series
GNU Affero General Public License v3.0
18 stars 11 forks source link

Internal server error in some malicious requests #430

Closed aptiko closed 3 years ago

aptiko commented 3 years ago

When visiting /?sort=:

Traceback:

File "/opt/enhydris-openmeteo/venv/lib/python3.7/site-packages/django/core/handlers/exception.py" in inner
  34.             response = get_response(request)

File "/opt/enhydris-openmeteo/venv/lib/python3.7/site-packages/django/core/handlers/base.py" in _get_response
  115.                 response = self.process_exception_by_middleware(e, request)

File "/opt/enhydris-openmeteo/venv/lib/python3.7/site-packages/django/core/handlers/base.py" in _get_response
  113.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/opt/enhydris-openmeteo/venv/lib/python3.7/site-packages/django/views/generic/base.py" in view
  71.             return self.dispatch(request, *args, **kwargs)

File "/opt/enhydris-openmeteo/venv/lib/python3.7/site-packages/django/views/generic/base.py" in dispatch
  97.         return handler(request, *args, **kwargs)

File "/opt/enhydris-openmeteo/venv/lib/python3.7/site-packages/django/views/generic/list.py" in get
  142.         self.object_list = self.get_queryset()

File "/opt/enhydris-openmeteo/enhydris/views_common.py" in get_queryset
  62.         sort_order = self._get_sort_order()

File "/opt/enhydris-openmeteo/enhydris/views_common.py" in _get_sort_order
  86.             field = item[1:] if item[0] == "-" else item

Exception Type: IndexError at /
Exception Value: string index out of range