[ProfileAPI_Segment]: Export segment return code 500 with special characters in requestId

Found in

EPiServer.Profiles.Client 1.6.0

Fixed in

EPiServer.Profiles.Client 1.7.0

Created

Aug 30, 2018

Updated

Nov 30, 2018

State

Closed, Fixed and tested


Description

Step to reproduce

  1. Export a segment with invalid requestId being 1' or '1'='1 or <script> like this:

    GET: /api/v1.0/segments/ae975741-a389-406d-aa10-3aa122a0ee71/export/1' or '1'='1
    

Expected:
Returns a code 400 Bad Request.

Actual:
Returns code 500 Internal Server Error.