Add stricter requirements to existing routes #1150

melroy89 · 2024-10-01T12:40:23Z

Only allow integers on specific path routes, like for entry_id or id, etc.
Increase safety as well
This will also solves the 500 errors, since the path is just invalid, meaning no invalid DB calls anymore. And no unnecessary DB load. The routes are only passed to the controller if they are valid requests...

Note: For now I leave the API routes as is. And I also leave the activity_pub routes as is.. Also indirectly fixes the 23rd issue in: #1119

melroy89 · 2024-10-01T12:59:05Z

Tested on: https://kbin.melroy.org/ (and works great!)

melroy89 added 5 commits October 1, 2024 14:28

Lets try it

fd60fe5

Complete the entry routes with integer requirements

2c2d0b5

Fix duplicate requirements

3687a2c

Add requirements for integer to ajax routes

ddb0280

Add integer requirements to post routes

c1bab1a

melroy89 added this to the v1.7.2 milestone Oct 1, 2024

melroy89 added enhancement New feature or request security Issues and pull requests that address security concerns labels Oct 1, 2024

Add integer requirement to message route

fb2afad

melroy89 requested review from BentiGorlich and Jerry-infosecexchange October 1, 2024 12:55

melroy89 mentioned this pull request Oct 1, 2024

Miscellaneous error/warning log items #1119

Closed

14 tasks

BentiGorlich approved these changes Oct 1, 2024

View reviewed changes

melroy89 merged commit d9fe926 into main Oct 1, 2024
7 checks passed

melroy89 deleted the add_requirements_to_routes branch October 1, 2024 13:01

melroy89 mentioned this pull request Oct 8, 2024

Language string (eg. nl, fr, eo, zh_TW) in routing path & DB look-up queries #1072

Closed

Provide feedback