Validate the request parameters [#3070630]

We should make sure that requests sent to the server are valid.

This patch is on top of #3070616: Various minor fixes.

Comment	File	Size	Author
#3	client_hints_3070630_interdiff_1_3.txt	642 bytes	jan.stoeckler
#3	client_hints_3070630_3.patch	4.27 KB	jan.stoeckler
	client-hints-request-validate.patch	4.09 KB	tstoeckler

Comments

Comment #1

26 July 2019 at 13:46

tstoeckler created an issue. See original summary.

Comment #2

jan.stoeckler

he/his

German

commented 4 August 2019 at 11:21

Awesome! Should we also add a check for the existence of the actual image (file) or is that not a good idea? If not, why not? Thanks!

Comment #3

jan.stoeckler

he/his

German

commented 4 August 2019 at 14:10

Status	File	Size
new	client_hints_3070630_3.patch	4.27 KB
new	client_hints_3070630_interdiff_1_3.txt	642 bytes

This (#3) approach seems a bit naive and might potentially expose the existence of files that should not be exposed. Maybe add further checks for extension or mime-type of target file? Thankful for any guidance!

Validate the request parameters

Comments

Comment #1

Comment #2

Comment #3

Referenced by

News items

Our community

Documentation

Drupal code base

Governance of community