Actions
Bug #15307
closedForeman API: GETing /api/hosts with per_page=-1 triggers database error
Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
API
Target version:
-
Description
Sending a GET request to "/api/hosts" with "per_page: -1" on a Foreman 1.10.3 server:
2016-06-06 15:28:26 ForemanErrorHandler ():742 CRITICAL: HTTP error "500 Internal Server Error" while GETing https://foreman.edst.ebaintern.de:443/api/hosts?per_page=-1!
2016-06-06 15:28:26 ForemanErrorHandler ():767 CRITICAL: Error returned: Mysql2::Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '-1 OFFSET 0' at line 1: SELECT `hosts`.* FROM `hosts` WHERE `hosts`.`type` IN ('Host::Managed') ORDER BY `hosts`.`name` ASC LIMIT -1 OFFSET 0
"per_page" is apparantly not getting validated to be non-negative when it should be.
Actions