[openstreetmap-website] SQL error returned to client by note search API (#673)
notifications at github.com
Thu Jan 9 06:30:01 UTC 2014
I was playing with the notes search API and tried to search for a string containing `(` which caused it treat the search term as a regex. The API docs forget to mention anywhere that the search supports regex so that was a surprise. But that is another matter.
The issue is that if an invalid regex is supplied to the search API, it returns a SQL error from postgres back to the client in a HTTP 500 response that includes the full SQL query being executed. The error should be caught and HTTP 400 status sent back to the client.
Reproducible with the following URL:
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rails-dev