0
Fixed

Unhandled invalid routing values

Tony Sheehy 8 years ago • updated by anonymous 4 years ago 4

The following are a series of views for which invalid routing ids / values will cause errors:

  • Edit action of the Agents controller, specifying a non-existent agent id or incorrectly formatted Guid. e.g. "Test"
  • Create Schedule action of the Operation controller, specify a non-existant id or incorrectly formatted Guid.
  • Operation Lists action of the Group controller, specifying an incorrectly formatted Guid.
  • Logs action of the Logging controller, specifying an incorrectly formatted DateTime e.g. "Test"

Some excellent finds Tony. Initial thoughts:

  • Specifying valid parameters for non-existent entities are fairly easy to cope with as we handle it in a few locations - typically just catching the exception and displaying the error back on the previous page.
  • Catching the incorrectly formatted DateTime for logging should be relatively easy - we can create a custom route that has restrictions on the parameters that ensures it meets certain conditions (regex for digits and potentially min/max values)
  • Forcing guids to be correct is slightly more difficult, but we can probably specify more routes with regex constraints

The following are a series of views for which invalid routing ids / values will cause errors:

  • Edit action of the Agents controller, specifying a non-existent agent id or incorrectly formatted Guid. e.g. "Test"
  • Create Schedule action of the Operation controller, specify a non-existant id or incorrectly formatted Guid.
  • Operation Lists action of the Group controller, specifying an incorrectly formatted Guid.
  • Logs action of the Logging controller, specifying an incorrectly formatted DateTime e.g. "Test"

Please confirm resolution.

Confirmed after small changes to group controller