Description
In src/core/views/views.py, the marker_preview() function calls Marker.objects.get(id=marker_id) without any error handling. If the provided id is invalid, null, or does not exist in the database, an unhandled Marker.DoesNotExist exception is raised, resulting in an HTTP 500 error instead of a proper 404 response.
Location
File: src/core/views/views.py
Function: marker_preview()
Branch: develop
Current Code
@require_http_methods(["GET"])
def marker_preview(request):
marker_id = request.GET.get("id")
marker = Marker.objects.get(id=marker_id) # No exception handling
...Problem
- If
id is missing from the query string, marker_id is None, and .get(id=None) raises ValueError or DoesNotExist.
- If
id refers to a non-existent marker, DoesNotExist is raised and results in a 500 error.
- There is no
try/except or use of get_object_or_404.
Suggested Fix
@require_http_methods(["GET"])
def marker_preview(request):
marker_id = request.GET.get("id")
marker = get_object_or_404(Marker, id=marker_id)
...Severity
Medium — Any user or bot can trigger HTTP 500 errors by accessing /marker/?id=invalid.
Description
In
src/core/views/views.py, themarker_preview()function callsMarker.objects.get(id=marker_id)without any error handling. If the providedidis invalid, null, or does not exist in the database, an unhandledMarker.DoesNotExistexception is raised, resulting in an HTTP 500 error instead of a proper 404 response.Location
File:
src/core/views/views.pyFunction:
marker_preview()Branch:
developCurrent Code
Problem
idis missing from the query string,marker_idisNone, and.get(id=None)raisesValueErrororDoesNotExist.idrefers to a non-existent marker,DoesNotExistis raised and results in a 500 error.try/exceptor use ofget_object_or_404.Suggested Fix
Severity
Medium — Any user or bot can trigger HTTP 500 errors by accessing
/marker/?id=invalid.