Custom Query (2152 matches)
Results (472 - 474 of 2152)
| Ticket | Resolution | Summary | Owner | Reporter |
|---|---|---|---|---|
| #1057 | fixed | JSONP parameter isn't escaped | dread | |
| Description |
$ curl "http://127.0.0.1:5000/api/rest/package/annakarenina?callback=<script>jsoncallback" gives: <script>jsoncallback({"id": "c10ebd31-5b45-4f6f-885d-dca9b18caec4", "name": "annakarenina", "title": "A Novel By Tolstoy",
which could run script code in the client who made the call. One idea for filtering: http://tav.espians.com/sanitising-jsonp-callback-identifiers-for-security.html Maybe just better to have a restricted whitelist of characters to be even more sure. Same as: https://trac.dataco.coi.gov.uk/projects/datagov/ticket/906 |
|||
| #1058 | fixed | Give 400 error (not 500) for invalid locale or package_form | dread | dread |
| Description |
Examples which prompt annoying exception emails: http://ckan.net/locale?locale=ja
Module ckan.i18n:21 in set_session_locale
assert locale in _KNOWN_LOCALES
A bot has caused these: http://ca.ckan.net/package/new?package_form=gov
Module ckan.forms.registry:32 in get_fieldset
raise ValueError('Could not find package_form name %r in those found: \n%r' % (package_form, [en.name for en in entrypoints]))
ValueError: Could not find package_form name u'gov)' in those found: ['gov', 'standard', 'ca']
|
|||
| #1059 | fixed | Loader coping better with poor search indexing | dread | dread |
| Description |
Loader currently checks for same name, but also should check for name_, name etc. |
|||
Note: See TracQuery
for help on using queries.
