Return a HttpResponse instead of an exception on NUL in query string parameters

Raising an exception triggers an email-to-admin-action, and the whole
reason we have this NUL check is to *avoid* triggering those emails...
Hopefully explicitly returning a 400 HttpResponse will maek them go
away.

diff --git a/pgweb/util/middleware.py b/pgweb/util/middleware.py
index 2120876fbc853e099486a958353b877bd3b87cd5..288684597108dedc533d98bdb44e938fa22861de 100644 (file)
--- a/pgweb/util/middleware.py
+++ b/pgweb/util/middleware.py
@@ -1,6 +1,5 @@
 from django.conf import settings
-from django.http import QueryDict
-from django.core.exceptions import SuspiciousOperation
+from django.http import QueryDict, HttpResponse
 
 from pgweb.util.templateloader import initialize_template_collection, get_all_templates
 
@@ -104,7 +103,11 @@ class PgMiddleware(object):
                 if k not in allowed:
                     del result[k]
                 if "\0" in request.GET[k]:
-                    raise SuspiciousOperation("NUL escapes not allowed in query parameters")
+                    return HttpResponse(
+                        "NUL escapes not allowed in query parameters",
+                        content_type='text/plain',
+                        status=400
+                    )
             result.mutable = False
             request.GET = result
         else: