summaryrefslogtreecommitdiff
path: root/pgweb/util/middleware.py
diff options
context:
space:
mode:
authorMagnus Hagander2021-11-04 16:07:50 +0000
committerMagnus Hagander2021-11-04 16:10:59 +0000
commit37a5e6640319eddce61798dcaf3326c98b6fdccf (patch)
tree98e9406f48da55374dcfaddf6e86c66bd3d7290a /pgweb/util/middleware.py
parentc4b2b65e8a9fc1bb60e5b7c1d80fbb7d3f807a44 (diff)
Return a HttpResponse instead of an exception on NUL in query string parameters
Raising an exception triggers an email-to-admin-action, and the whole reason we have this NUL check is to *avoid* triggering those emails... Hopefully explicitly returning a 400 HttpResponse will maek them go away.
Diffstat (limited to 'pgweb/util/middleware.py')
-rw-r--r--pgweb/util/middleware.py9
1 files changed, 6 insertions, 3 deletions
diff --git a/pgweb/util/middleware.py b/pgweb/util/middleware.py
index 2120876f..28868459 100644
--- a/pgweb/util/middleware.py
+++ b/pgweb/util/middleware.py
@@ -1,6 +1,5 @@
from django.conf import settings
-from django.http import QueryDict
-from django.core.exceptions import SuspiciousOperation
+from django.http import QueryDict, HttpResponse
from pgweb.util.templateloader import initialize_template_collection, get_all_templates
@@ -104,7 +103,11 @@ class PgMiddleware(object):
if k not in allowed:
del result[k]
if "\0" in request.GET[k]:
- raise SuspiciousOperation("NUL escapes not allowed in query parameters")
+ return HttpResponse(
+ "NUL escapes not allowed in query parameters",
+ content_type='text/plain',
+ status=400
+ )
result.mutable = False
request.GET = result
else: