 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|||||||
Main Site| Bugs Please use this forum to report any bugs encountered, kindly provide screenshots, videos, and a detailed description of the problem, including steps taken to recreate it, so that we can effectively address the issue. |
|
|
Thread Tools | Display Modes |
02-14-2024
|
#1 |
Junior Member
 Join Date: Oct 2023
Posts: 10
Thanks: 10
Thanked 1 Time in 1 Post
 |
Catching routing errors
This is for someone who works on coding this site. Please check this out.
User profile actions use different controller routes, which is ok, but routing errors inside each controller are not properly controlled and this can cause vulnerabilities. For example, following a simple MVC pattern: /Vacantstare Something like /defaultController/indexAction($username) It goes to my profile, album section. /Vacantstare/ This is not correctly routed. It logically will try to fetch /vacantstareController/indexAction Which obviously doesn't exist. This request should throw a 404, page not found, but the error is not catched, and throws a 500 server error because it can't find the controller. The user id in the profile actions goes through an url variable, in two flavors: /u/userid /username And the actions that exist in one, go 500 in the other, instead of at least a 404. Any questions welcome if I didn't explain myself properly. Last edited by VacantStare; 02-19-2024 at 04:34 AM. Reason: 404, 404 |
|
|
«
Previous Thread
|
Next Thread
»
Threaded Mode
|
|
All times are GMT. The time now is 03:52 PM.