Insufficient `content-type` validation in `post_comment`

Question

minusf opened this issue 2 years ago · comments

Non-existing models are not handled.
From a recent security scan against our site:

Exception Type: LookupError at /c/post/
Exception Value: App 'wagtailcore' doesn't have a 'page' AND 1='1/*' model.

apps.get_model returns LookupError for non-existing models. This is not handled in the code.

minusf · Answer 1 · Thu Apr 07 2022 17:07:19 GMT+0800 (China Standard Time)

ah this was actually fixed in 4da9d1f.
sorry for the noise!