From 2b153ce09cbc6a5e17841f933d2b3f3e8e82d22f Mon Sep 17 00:00:00 2001
From: Peter Walker <peter@jamkazam.com>
Date: Fri, 25 May 2018 08:12:50 -0500
Subject: [PATCH] reject crashuploads that don't have client version field

---
 web/app/controllers/api_users_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/web/app/controllers/api_users_controller.rb b/web/app/controllers/api_users_controller.rb
index d5319bf0d..166561ecc 100644
--- a/web/app/controllers/api_users_controller.rb
+++ b/web/app/controllers/api_users_controller.rb
@@ -660,6 +660,11 @@ class ApiUsersController < ApiController
     @dump.crash_context = params[:crash_context]
     crash_date = params[:crash_date]
 
+    # make sure client is passing version information - if not its too old
+    unless (vdata = params[:version]).present?
+      render(json: {message: "blank version data #{vdata}"}, status: :unprocessable_entity) && return
+    end
+
     unless @dump.save
       # There are at least some conditions on valid dumps (need client_type)
       response.status = :unprocessable_entity