Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(api-v2): Don't check file extensions of XSL files and Gravsearch templates (DSP-1005) #1749

Merged
merged 6 commits into from Nov 5, 2020

Conversation

benjamingeer
Copy link

@benjamingeer benjamingeer commented Nov 5, 2020

  • Don't check the extension of a file in Sipi used as an XSL transformation
  • Don't check the extension of a file in Sipi used as a Gravsearch template
  • Don't accept a full-text search term that looks like a Gravsearch query
  • Improve error messages

resolves DSP-1005

@benjamingeer benjamingeer self-assigned this Nov 5, 2020
Copy link
Contributor

@SepidehAlassi SepidehAlassi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, thanks for the quick fix!

get {
requestContext =>
val searchString = stringFormatter.toSparqlEncodedString(searchval, throw BadRequestException(s"Invalid search string: '$searchval'"))
if (searchStr.contains(OntologyConstants.KnoraApi.ApiOntologyHostname)) {
throw BadRequestException("It looks like you are submitting a Gravsearch request to a full-text search route")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hahaha, I love this!

@benjamingeer
Copy link
Author

Thanks for reviewing!

@subotic subotic merged commit 905766f into main Nov 5, 2020
@subotic subotic deleted the fix/DSP-1005-xsl-file branch November 5, 2020 21:11
@subotic subotic added the bug something isn't working label Nov 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants