Query Param Validation Meta-bug
Bug #1457634 reported by
Jason Boyer
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Evergreen |
Confirmed
|
Medium
|
Unassigned | ||
Bug Description
Eg: *
Else, N/A
Related to bug 1457625, we need to work on being less trusting of query params, not just locg. I don't know that there are any security issues as of yet but triggering ISE's just by playing with query params is not good. At least a 500 error implies that we have checked the params and found them lacking, vs. plowing ahead until we hit a wall. (Sane defaulting allows users to be sloppy and still see results, that's another thing to consider.)
| tags: | added: opac search |
| Changed in evergreen: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
To post a comment you must log in.
