[openstreetmap/openstreetmap-website] gpx parameter in editor URL causes Application error (Issue #3540)
Tom Hughes
notifications at github.com
Mon May 2 18:32:59 UTC 2022
Well that URL is not an API so it's not up to the user to provide arbitrary input so we don't try very hard to validate it.
What actually happens is that we call `trace_data_url(params[:gpx], :format => :xml)` to generate a URL to pass to the underlying iD instance and that throws an exception because rails expects the first parameter to be a trace object ID and it isn't.
Now sure I could write a bunch of code to validate it first and return 400 instead of 500 and the average user gains what from that? Pretty much nothing really.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3540#issuecomment-1115226848
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/3540/1115226848 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20220502/67509f90/attachment.htm>
More information about the rails-dev
mailing list