profile page exceptions caused by malformed requests

Description

if a profile page is loaded with an invalid url (e.g. : http://www.domain.com/?ctl=profile or : http://www.domain.com/?ctl=profile&userid= ), then an exception is logged. We need to ensure that this code is rewritten to add some defensive coding and not log erroneous errors.

Note: this is likely related to the spamming issue, hence why I am making it a 7.3.3 high issue

QA Test Plan

None

Activity

Show:
Ken Grierson
September 13, 2014, 12:24 AM

This is verified fixed in Platform/Content/Enterprise 7.3.3 build 93

Evan Smith
January 20, 2015, 12:38 AM

I was just about to open a bug that looks like it is related to this, and is reproducible on both 7.3.4 and the 7.4.0 beta. I have been getting a lot of exceptions in my logs, and occasionally crashed sites, it looks like some of these are caused by a "user" (I believe a spammer) trying to hit a profile page directly for a user id number that no longer exists. The result is 8 exceptions in a row (in 7.4.0) in the event log. If the "user" is not logged on they get a 404, if they are logged on they get a profile page for another userid (their own or next higher?).
I think this should be failing much more gracefully without all of the exceptions.
Cathel - Should this be reopened, or should I create a new bug?

cathal connolly
January 20, 2015, 12:47 AM

please log it as a different issue - we did fix this, but we also had a few pull requests for other variants, so your issue is either another variant or a few of those are clashing. If you can open up a new issue, and provide example url's that will help.

Assignee

Ken Grierson

Reporter

cathal connolly

Story Size

Unknown

Severity

Major

Triage

Triaged

Reported in Build #

Fixed in Build

Dev Owner

None

Includes Code Fix

No

Documentation Required

No

Trouble Ticket

None

Requires More Info

None

QA Story Points

None

QA Owner

None

Injected

None

Automation Required

None

Code Review Owner

None

Components

Fix versions

Priority

High
Configure