From: Christophe Simonis <chs@odoo.com>
Date: Thu, 20 Nov 2014 15:06:55 +0000 (+0100)
Subject: [FIX] http.py: invalid request must return a status code 400
X-Git-Url: http://git.inspyration.org/?a=commitdiff_plain;h=473fe9a331f5b8521df5c789845ea4d2f899fcbb;p=odoo%2Fodoo.git

[FIX] http.py: invalid request must return a status code 400
---

diff --git a/openerp/http.py b/openerp/http.py
index b301823..b1874a0 100644
--- a/openerp/http.py
+++ b/openerp/http.py
@@ -261,8 +261,8 @@ class WebRequest(object):
     def _call_function(self, *args, **kwargs):
         request = self
         if self.endpoint.routing['type'] != self._request_type:
-            raise Exception("%s, %s: Function declared as capable of handling request of type '%s' but called with a request of type '%s'" \
-                % (self.endpoint.original, self.httprequest.path, self.endpoint.routing['type'], self._request_type))
+            raise werkzeug.exceptions.BadRequest("%s, %s: Function declared as capable of handling request of type '%s' but called with a request of type '%s'" %
+                                                 (self.endpoint.original, self.httprequest.path, self.endpoint.routing['type'], self._request_type))
 
         kwargs.update(self.endpoint.arguments)
 
@@ -463,7 +463,11 @@ class JsonRequest(WebRequest):
             request = self.httprequest.stream.read()
 
         # Read POST content or POST Form Data named "request"
-        self.jsonrequest = simplejson.loads(request)
+        try:
+            self.jsonrequest = simplejson.loads(request)
+        except simplejson.JSONDecodeError:
+            raise werkzeug.exceptions.BadRequest('Invalid JSON data')
+
         self.params = dict(self.jsonrequest.get("params", {}))
         self.context = self.params.pop('context', dict(self.session.context))