[openstreetmap-website] SQL error returned to client by note search API (#673)

Toby Murray notifications at github.com
Thu Jan 9 06:30:01 UTC 2014

I was playing with the notes search API and tried to search for a string containing `(` which caused it treat the search term as a regex. The API docs forget to mention anywhere that the search supports regex so that was a surprise. But that is another matter.

The issue is that if an invalid regex is supplied to the search API, it returns a SQL error from postgres back to the client in a HTTP 500 response that includes the full SQL query being executed. The error should be caught and HTTP 400 status sent back to the client.

Reproducible with the following URL:  

Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20140108/c9c2823c/attachment.html>

More information about the rails-dev mailing list