Skip to content

Commit

Permalink
Throw error when query with wrongly encoded parameter
Browse files Browse the repository at this point in the history
  • Loading branch information
@Marco129
Marco129 committed Feb 16, 2016
1 parent b1a9536 commit 312d065
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 0 deletions.
48 changes: 48 additions & 0 deletions spec/RestQuery.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ var cache = require('../src/cache');
var Config = require('../src/Config');
var rest = require('../src/rest');

var querystring = require('querystring');
var request = require('request');

var config = new Config('test');
var nobody = auth.nobody(config);

Expand Down Expand Up @@ -92,4 +95,49 @@ describe('rest query', () => {
}).catch((error) => { console.log(error); });
});

it('query with wrongly encoded parameter', (done) => {
rest.create(config, nobody, 'TestParameterEncode', {foo: 'bar'}
).then(() => {
return rest.create(config, nobody,
'TestParameterEncode', {foo: 'baz'});
}).then(() => {
var headers = {
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest'
};
request.get({
headers: headers,
url: 'http://localhost:8378/1/classes/TestParameterEncode?'
+ querystring.stringify({
where: '{"foo":{"$ne": "baz"}}',
limit: 1
}).replace('=', '%3D'),
}, (error, response, body) => {
expect(error).toBe(null);
var b = JSON.parse(body);
expect(b.code).toEqual(Parse.Error.INVALID_QUERY);
expect(b.error).toEqual('Improper encode of parameter');
done();
});
}).then(() => {
var headers = {
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest'
};
request.get({
headers: headers,
url: 'http://localhost:8378/1/classes/TestParameterEncode?'
+ querystring.stringify({
limit: 1
}).replace('=', '%3D'),
}, (error, response, body) => {
expect(error).toBe(null);
var b = JSON.parse(body);
expect(b.code).toEqual(Parse.Error.INVALID_QUERY);
expect(b.error).toEqual('Improper encode of parameter');
done();
});
});
});

});
8 changes: 8 additions & 0 deletions src/Routers/ClassesRouter.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
import PromiseRouter from '../PromiseRouter';
import rest from '../rest';

import url from 'url';

export class ClassesRouter {
// Returns a promise that resolves to a {response} object.
handleFind(req) {
Expand Down Expand Up @@ -33,6 +35,12 @@ export class ClassesRouter {
if (typeof body.where === 'string') {
body.where = JSON.parse(body.where);
}

let count = typeof body.where === 'object' ? 1 : 0;
if (body.length != options.length + count) {
throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Improper encode of parameter');
}

return rest.find(req.config, req.auth, req.params.className, body.where, options)
.then((response) => {
if (response && response.results) {
Expand Down

0 comments on commit 312d065

Please sign in to comment.