Non-ascii in the URL causes an OOPS
Bug #200572 reported by
Diogo Matsubara
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Critical
|
Tim Penhey |
Bug Description
1. Open http://
2. OOPS-796F3143 ProgrammingError ERROR: invalid byte sequence for encoding "UTF8": 0xedb4b5 HINT: This error can also happen if the byte sequence does not match the encoding expected by the server, which is controlled by "client_encoding".
2010-08-16 OOPS looks a bit different: OOPS-1689S359
Related branches
lp:~thumper/launchpad/fix-unicode-path-oops
- Robert Collins (community): Approve
-
Diff: 179 lines (+48/-28)8 files modifiedlib/canonical/launchpad/doc/renamed-view.txt (+1/-1)
lib/canonical/launchpad/helpers.py (+0/-20)
lib/canonical/launchpad/rest/configuration.py (+4/-0)
lib/canonical/launchpad/webapp/publisher.py (+6/-1)
lib/canonical/launchpad/webapp/tests/test_publication.py (+13/-3)
lib/lp/services/encoding.py (+21/-0)
lib/lp/services/mail/sendmail.py (+2/-2)
lib/lp/services/mail/tests/test_sendmail.py (+1/-1)
Changed in launchpad-foundations: | |
assignee: | flacoste → nobody |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in launchpad-foundations: | |
importance: | Medium → Low |
description: | updated |
Changed in launchpad: | |
importance: | High → Critical |
summary: |
- ProgrammingError triggered traversing on distro architecture + Non-ascii in the URL causes an OOPS |
visibility: | private → public |
Changed in launchpad: | |
status: | Triaged → In Progress |
assignee: | nobody → Tim Penhey (thumper) |
tags: | removed: lp-foundations |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
<flacoste> we should tansform that into UnexpectedFormData? launchpad. dev/%ED45 would suffer the same fate launchpad. net/ubuntu/ hoary/bar /edge.launchpad .net/ubuntu/ hoary/% ee you get no OOPS page, but a Please try again. :)
<flacoste> this can happen in a lot of place actually
<Rinchen> +1 for UFDs
<Rinchen> the more we can capture, the better we can diagnose
<kiko> well
<kiko> sure, UFD is fine.
<matsubara> I think it should be a 404
<flacoste> for example, i'm sure http://
<BjornT> i think it should be a 404 as well. it's not a form.
<kiko> if you visit http://
<kiko> you get a 404
<kiko> so I correct myself
<kiko> 404 -- this is just an artifact of improper utf8 handling in the query?
<matsubara> flacoste: the traceback looks different.
<kiko> matsubara, if you visit https:/
<matsubara> flacoste: and the one described in the bug report goes directly into the db
<flacoste> normal, it's not the same code path
<flacoste> but the exception should be the same, no?
<matsubara> I mean, the one described in the report triggers a DB ProgrammingError kind of error, while the other triggers the usual UnicodeDecodeError
<flacoste> right,
<stub> We don't have any guards in our FooSet.getByName methods for invalid UTF8, so PG will barf.
<flacoste> i remember adding a ascii encoding to Pillar for tests purpose
<kiko> flacoste, matsubara: can you guys meet up and make a decision later?
<flacoste> actually, there are many places where invalid UTF8 can be introduced
<kiko> this is an issue that really annoys me as I /hate/ nonsense in the OOPS summaries
<stub> A decorator for our byname methods might be cool
<flacoste> stub is volunteering :-)
<stub> I'm bikeshedding
...
<kiko> [ACTION] matsubara, flacoste and stub to discuss UTF-8 safety of byName and other random attacks to launchpad.net
<stub> its safe - PG barfs because it checks properly