"items per page" user setting is not bound by the global maximum
On their settings page users can select the number of posts they see on each page. The number they can select is not checked and can be arbitrarily large. However, BibSonomy has an internal limit of 1000 posts it delivers per request. Therefore, users that enter a number on the settings page larger than 1000 will get errors as soon as they access a list of posts.
Solution: Limit the number users can enter in the "items per page" field such that is equal (use the same variable, probably externalize it into a config file) to the internal limit. Provide meaningful help and error messages.
Comments (5)
-
Account Deleted -
-
assigned issue to
-
assigned issue to
-
- changed status to open
-
Account Deleted - changed status to resolved
fixed issue
#10→ <<cset 2a330e5a88c2>>
-
Account Deleted The UpdateUserSettingsController now checks if the entered number exceeds the internal limit, and if so, it rejects the value via
errors.rejectValue(...)
If the user did not enter a number at all, however, this resulted in a default message which exposed internal information to the user :
Failed to convert property value of type java.lang.String to required type int for property user.settings.listItemcount; nested exception is java.lang.NumberFormatException: For input string: "abc"
The same problem existed for the 'birthday' input field in the 'my profile' tab. Both have been resolved by adding appropriate messages to the messages.properties file
typeMismatch.int = Please enter a valid number. typeMismatch.java.util.Date = Please enter a valid date.
- Log in to comment
Additionally, the exception should be catched in order to avoid error pages on the front end!