From 308bb0830cfe69116e442bad4cd206dd402244be Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Mon, 18 Mar 2024 12:49:20 -0300 Subject: [PATCH] Bug 35129: Return 400 if _per_page=0 passed This patch adds a safe guard for when consumers pass _per_page=0 to endpoints. This condition is checked for on a centralized place and avoid reaching the controller in such scenarios that would provoke a division by zero exception. To test: 1. Apply the regression tests patch 2. Run: $ ktd --shell k$ prove t/db_dependent/api/v1/pagination.t => FAIL: We expect a 400, but get a 500 instead 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! No more explosions for this! 5. Sign off :-D Signed-off-by: Tomas Cohen Arazi Signed-off-by: Laura Escamilla Signed-off-by: Nick Clemens Signed-off-by: Katrin Fischer --- Koha/REST/V1/Auth.pm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index e0937e7a2a..4e729e88dd 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -352,6 +352,9 @@ sub validate_query_parameters { push @errors, { path => "/query/" . $param, message => 'Malformed query string' } unless exists $valid_parameters{$param}; } + push @errors, { path => "/query/_per_page", message => 'Invalid value: 0' } + if exists $existing_params->{_per_page} && $existing_params->{_per_page} == 0; + Koha::Exceptions::BadParameter->throw( error => \@errors ) if @errors; -- 2.39.5