[FIX] http: do not allow passing spaces around db in URL param
Until 9.0 our psycopg2 DSN connection strings do not allow having spaces within the db name, and passing some can cause duplicate registries to be loaded. Stripping spaces is a simple workaround until we actually support spaces within db names. Fixes #13078
This commit is contained in:
parent
b226510840
commit
b17b2a2eb7
|
@ -101,7 +101,7 @@ def ensure_db(redirect='/web/database/selector'):
|
|||
# If the db is taken out of a query parameter, it will be checked against
|
||||
# `http.db_filter()` in order to ensure it's legit and thus avoid db
|
||||
# forgering that could lead to xss attacks.
|
||||
db = request.params.get('db')
|
||||
db = request.params.get('db') and request.params.get('db').strip()
|
||||
|
||||
# Ensure db is legit
|
||||
if db and db not in http.db_filter([db]):
|
||||
|
|
Loading…
Reference in New Issue