400/500 error for certain express parameters
More examples
https://www.galileo.usg.edu/express?link=sanb%94%20\o%20%93Sanborn%20Fire%20Insurance%20Maps
http://www.galileo.usg.edu/express?password=tremble\
See also
https://stackoverflow.com/questions/22473768/rescue-an-actioncontrollerbadrequest
Rules for each parameter
password
galileo_search: /^[a-zA-Z0-9@]+$
(galileo_admin):
validates :password, format: { with: /\A[a-zA-Z0-9@]+\z/,
message: "only allows letters, numbers and '@'" }
Edited by Brad Baxter