search: raise 400 on queries without query (#73420)
This commit is contained in:
parent
1e5dcde158
commit
3f8536d41e
|
@ -202,6 +202,9 @@ class SearchCell(CellBase):
|
|||
if not cell.is_visible(request) or not cell.page.is_visible(request.user):
|
||||
raise PermissionDenied
|
||||
|
||||
if 'q' not in request.GET:
|
||||
return HttpResponseBadRequest('missing query parameter')
|
||||
|
||||
query = request.GET.get('q')
|
||||
if '\x00' in query: # nul byte
|
||||
return HttpResponseBadRequest('invalid query string')
|
||||
|
|
|
@ -433,6 +433,9 @@ def test_search_api(app):
|
|||
# search nul byte
|
||||
resp = app.get('/ajax/search/%s/_text/?q=baz\x00' % cell.id, status=400)
|
||||
|
||||
# search no parameter
|
||||
resp = app.get('/ajax/search/%s/_text/' % cell.id, status=400)
|
||||
|
||||
|
||||
def test_search_on_root_page_api(settings, app):
|
||||
settings.KNOWN_SERVICES = {}
|
||||
|
|
Loading…
Reference in New Issue