#217 ✓invalid

Will paginate causes exception when given non-numerical :page

Reported by Jxtps | May 8th, 2008 @ 07:17 PM

If you pass in a :page parameter that is not a number, it gets converted to 0 and the offset gets computed to a negative value, which causes the database to barf.

(this website has the problem - I'm assuming it's running will_paginate - browsing to http://err.lighthouseapp.com/projects/466-plugins/tickets?page=not_... causes a 502)

The fix is a one-liner and the patch is:

Index: lib/will_paginate/collection.rb

--- lib/will_paginate/collection.rb (revision 2012) +++ lib/will_paginate/collection.rb (working copy) @@ -17,6 +17,7 @@ # def initialize(page, per_page, total = nil) @current_page = page.to_i + @current_page = 1 if @current_page < 1 @per_page = per_page.to_i

   self.total_entries = total if total

i.e. just add the line forcing @current_page to 1 if it's less than 1.

Would be sweet if the trunk could get updated.

(why this would happen? cause some script kiddie thinks it's funny to do 5k+ posts to your website with random crap, and it's always great to wake up to an inbox with 800+ 'someone tried to hack your website' emails...)

Comments and changes to this ticket

  • Mislav

    Mislav May 16th, 2008 @ 12:06 PM

    • State changed from “new” to “invalid”
    • Assigned user changed from “Chris Wanstrath” to “Mislav”


    It's supposed to throw an error so you can handle it as you wish in your controllers. In Rails 2, apps respond with 404 instead of 5xx, but you can override that, too. See #210, #144

    I agree that 800+ exception notifier emails isn't fun, but you'll stop receiving those after you properly handle the exception in your app. You can even make it default to page 1.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Everyone's favorite Ruby library for pagination of practically anything!

People watching this ticket