From 6cc369277333c44f244d4aebc56ea5a4dbf2284b Mon Sep 17 00:00:00 2001
From: "Brian \"Moses\" Hall" <moseshll@umich.edu>
Date: Fri, 13 Mar 2026 16:56:03 -0400
Subject: [PATCH 1/2] ETT-1352 imgsrv/download/pdf should not output stack
 traces with a bad seq - Remove imgsrv `seq` parameters that do not conform to
 \d+, \d+-\d+, or \d+,\d+... - Add superficial playwright test against example
 which previously would produce a 500 error

---
 imgsrv/lib/SRV/Utils.pm                       | 9 +++++++--
 pt/web/firebird/tests/imgsrv_download.spec.js | 7 +++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/imgsrv/lib/SRV/Utils.pm b/imgsrv/lib/SRV/Utils.pm
index fece35cce..8259e0071 100644
--- a/imgsrv/lib/SRV/Utils.pm
+++ b/imgsrv/lib/SRV/Utils.pm
@@ -503,9 +503,14 @@ sub parse_env {
             } else {
                 $value = join(',', @values);
             }
-            if ( ( $param eq 'seq' || $param eq 'seq[]' ) && ( $values[0] =~ m,^\d+$, || $values[0] =~ m{^\d+,\d+} || $values[0] =~ m{^\d+\-\d+} ) ) {
-              $value = "seq:" . join(',', sort { int($a) <=> int($b) } @values);
+            if ( $param eq 'seq' || $param eq 'seq[]' ) {
+              if ( $values[0] =~ m,^\d+$, || $values[0] =~ m{^\d+,\d+} || $values[0] =~ m{^\d+\-\d+} ) {
+                $value = "seq:" . join(',', sort { int($a) <=> int($b) } @values);
                 $key = 'file';
+              } else {
+                # Not a valid seq, remove it
+                next;
+              }
             }
             $$params{$key} = $value;
         }
diff --git a/pt/web/firebird/tests/imgsrv_download.spec.js b/pt/web/firebird/tests/imgsrv_download.spec.js
index 9e5e2c8c6..988024240 100644
--- a/pt/web/firebird/tests/imgsrv_download.spec.js
+++ b/pt/web/firebird/tests/imgsrv_download.spec.js
@@ -146,4 +146,11 @@ test.describe('imgsrv download', () => {
     expect(downloadHeaders['content-type']).toEqual('image/jpeg');
     expect(downloadBody.length).toBeGreaterThan(1);
   });
+
+  test('download pdf with bogus seq', async ({ request, page }) => {
+    const initialResponse = await request.get(
+      'http://apache:8080/cgi/imgsrv/download/pdf?id=test.pd_open&seq=mashed_potatoes'
+    );
+    expect(initialResponse.status()).toEqual(200);
+  });
 });

From e8d46e4f3f62e13a9af75c9886cb8133357ec338 Mon Sep 17 00:00:00 2001
From: "Brian \"Moses\" Hall" <moseshll@umich.edu>
Date: Wed, 18 Mar 2026 13:33:20 -0400
Subject: [PATCH 2/2] Update test URL to more realistic value based on reviewer
 feedback.

---
 pt/web/firebird/tests/imgsrv_download.spec.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pt/web/firebird/tests/imgsrv_download.spec.js b/pt/web/firebird/tests/imgsrv_download.spec.js
index 988024240..c6835a568 100644
--- a/pt/web/firebird/tests/imgsrv_download.spec.js
+++ b/pt/web/firebird/tests/imgsrv_download.spec.js
@@ -149,7 +149,7 @@ test.describe('imgsrv download', () => {
 
   test('download pdf with bogus seq', async ({ request, page }) => {
     const initialResponse = await request.get(
-      'http://apache:8080/cgi/imgsrv/download/pdf?id=test.pd_open&seq=mashed_potatoes'
+      'http://apache:8080/cgi/imgsrv/download/pdf?id=test.pd_open&attachment=1&tracker=D1&seq=mashed_potatoes'
     );
     expect(initialResponse.status()).toEqual(200);
   });