Don't miss out Virtual Happy Hour this Friday (April 26).

Try our conversational search powered by Generative AI!

AI OnAI Off

[ProfileAPI_Segment]: Export segment return code 500 with special characters in requestId

Found in

EPiServer.Profiles.Client 1.6.0

Fixed in

EPiServer.Profiles.Client 1.7.0

(Or a related package)

Created

Aug 30, 2018

Updated

Nov 30, 2018

State

Closed, Fixed and tested

Description

Step to reproduce

  1. Export a segment with invalid requestId being 1' or '1'='1 or <script> like this: 

    GET: /api/v1.0/segments/ae975741-a389-406d-aa10-3aa122a0ee71/export/1' or '1'='1

Expected:
Returns a code 400 Bad Request.

Actual:
Returns code 500 Internal Server Error.