8000 [Form] Users can raise Exceptions by submitting unexpected data · Issue #5334 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Form] Users can raise Exceptions by submitting unexpected data #5334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tobion opened this issue Aug 24, 2012 · 2 comments · Fixed by #5337
Closed

[Form] Users can raise Exceptions by submitting unexpected data #5334

Tobion opened this issue Aug 24, 2012 · 2 comments · Fixed by #5337
Labels
Enhancement Form

Comments

@Tobion
Copy link
Contributor
Tobion commented Aug 24, 2012

I think it's bad that users can raise exceptions in the application by submitting unexpected data, e.g. by submitting a string when an array of a compound form is expected. So they can manually force a page to return http code "500 Internal Server Error" at any time. It's of course not a security issue as only the hacker himself sees the error. But IMO it's bad design because it is not fault-tolerant. And it's also quite wrong that users can externally raise internal errors. Furthermore they can spam the log entries this way.
@stof
Copy link
Member
stof commented Aug 24, 2012

the Form component is not aware of the way you handle your error reporting. So it cannot send a 4xx response for you (it does not send a 5xx for you either, or any other response).
However, all exceptions coming from the form component extend FormException, so you can handle them the way you want.

@Tobion Tobion mentioned this issue Aug 24, 2012
Merged
@Tobion
Copy link
Contributor Author
Tobion commented Aug 24, 2012

@stof I'm not talking about the response code. Neither it's possible to achieve what I mean in custom code.
See the reference PR.

@Tobion Tobion mentioned this issue Aug 25, 2012
Closed
@fabpot fabpot closed this as completed in ecab04c Aug 29, 2012
@Tobion Tobion mentioned this issue Jun 11, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement Form
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Form] don't allow users to force exceptions by submitting unexpected data Tobion/symfony
3 participants
@fabpot @stof @Tobion
0