- Issue created by @phernand42
- ๐บ๐ธUnited States phernand42
Adding a patch that performs a simple check for form_id parameter for any invalid characters (like dots, forward slashes, or backslashes). If invalid characters are detected, it immediately returns a 404 error response, stopping any further processing. Would love to get some reviews and feedback on this if possible.
- ๐บ๐ธUnited States phernand42
Updated patch attached
A colleague of mine recommended adding a check for form_id and ensuring it is valid. I also received feedback on the use NotFoundHttpException and instead should use BadRequestHttpException since that will throw an error 400 instead of a 404 which is more semantically appropriate. As for the additional check for form_id, would love to get some additional feedback on that and see if that's needed or not.
- ๐บ๐ธUnited States phernand42
I made a small update to if empty logic and used empty() instead to handle all false values. Updated patch attached.
- ๐ฎ๐ณIndia rakesh.regar Rajasthan, India
rakesh.regar โ made their first commit to this issueโs fork.
- Merge request !112Issue #3516961 :Incorrect path handling - Image Captcha. โ (Open) created by rakesh.regar
- ๐บ๐ธUnited States phernand42
Updated patch again, hopefully the last update :)
Made one more iteration which changes validation errors from throwing exceptions to returning structured JSON responses with 400 error code. This change should maintain JSON format for AJAX requests while still indicating errors.