Commit c47aacb3 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Handle null byte searches



Some vulnerability scanners try to find security issues in all webforms
and submit invalid null byte into the search from. This is cleaned out
by django and leads to 'q' not being set which gives a 500 error. Check
if the 'q' key exists in the cleaned_data if not return an empty list.
Signed-off-by: Jelle van der Waa's avatarJelle van der Waa <jelle@vdwaa.nl>
parent 4678d90c
......@@ -59,6 +59,8 @@ def exact_matches(self):
# only do exact match search if 'q' is sole parameter
if self.changed_data != ['q']:
return []
if 'q' not in self.cleaned_data:
return []
return Package.objects.normal().filter(pkgname=self.cleaned_data['q'])
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment