Details
-
Suggestion
-
Resolution: Fixed
Description
The SearchRequestFactory (rewritten in 4.0) is used in 3 places: IssueNavigator, Jelly and SearchRequestURLHandler.
IssueNavigator handles its own validation of parameters, so it is free to call the create method on the factory knowing that it will not perform any validation. The URLHandler however does not perform any validation on parameters (it does validate JQL). But, instead of throwing an exception when trying to create a SearchRequest with invalid parameters, it silently drops them (in some cases - I have not checked all searchers).
For example, access an XML view with a temporary search request, e.g. /sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?created%3Abefore=QWERTY. The created:before parameter contains an invalid value, but the DateSearchInputTransformer#getSearchClause() method treats this the same as if the parameter was not specified. Thus, the XML view will actually return all issues (since no other parameters or JQL were specified).
This is not ideal - we should be returning a 400 code response to the client telling them that their input was invalid. The suggested way to do this (there might be others) is to create another method on the SearchRequestFactory interface that returns a Result object, which can contain the error messages produced when trying to create the search request from the invalid parameters. This would then be called instead of the old create method, and the URLHandler could properly report back the errors to the client.
Attachments
Issue Links
- is cloned from
-
JRASERVER-17684 FieldValidationException thrown when invalid input specified for SearchRequestViews
- Closed