Validate strings before integer conversion in the API layer.

2025-05-19 05:08:43 +08:00 · 2017-11-26 21:45:37 +05:30 · 2017-11-26 21:45:37 +05:30 · 8904aba598
commit 8904aba598
parent 42d0c31140
2 changed files with 14 additions and 1 deletions
--- a/TODO.md
+++ b/TODO.md
@ -73,6 +73,8 @@
 - ~~during index_in_memory() validations should be front loaded~~
 - ~~Support token ranking field being a float~~
 - ~~https support~~
+- ~~Validate before string to int conversion in the http api layer~~
+- handle hyphens (replace them)
 - get collection should show schema
 - highlight of string arrays?
 - NOT operator support
@ -81,7 +83,6 @@
 - Test for snippets
 - Test for replication
 - Proper logging
- Validate before string to int conversion in the http api layer
 - > INT32_MAX validation for float field
 - art bool support
 - Add docs/explanation around ranking calc
--- a/src/api.cpp
+++ b/src/api.cpp
@ -140,6 +140,18 @@ void get_search(http_req & req, http_res & res) {
        req.params[PAGE] = "1";
    }

+    if(!StringUtils::is_uint64_t(req.params[NUM_TYPOS])) {
+        return res.send_400("Parameter `" + NUM_TYPOS + "` must be an unsigned integer.");
+    }
+
+    if(!StringUtils::is_uint64_t(req.params[PER_PAGE])) {
+        return res.send_400("Parameter `" + PER_PAGE + "` must be an unsigned integer.");
+    }
+
+    if(!StringUtils::is_uint64_t(req.params[PAGE])) {
+        return res.send_400("Parameter `" + PAGE + "` must be an unsigned integer.");
+    }
+
    std::string filter_str = req.params.count(FILTER) != 0 ? req.params[FILTER] : "";

    std::vector<std::string> search_fields;