loggerhead

Loggerhead does not escape special characters when embedding a revision ID in a URL

Bug #88286 reported by James Henstridge
4
Affects Status Importance Assigned to Milestone
loggerhead
Fix Released
Medium
Robey Pointer
loggerhead 1.2

Bug Description

Loggerhead uses Bazaar revision IDs in some of its URLS (e.g. /files/$revid and /changes/$revid), but does not perform URL escaping on links to these pages. This causes problems if the revision ID contains reserved URL characters.

As a concrete example of the problem, revisions imported from Arch contain a percent character to separate the Arch archive and branch names. Without escaping this character, we get an invalid URL.

Revision history for this message
Robey Pointer (robey) wrote :

yep, i can see it on the old arch revisions in paramiko. hrm...

it looks like these urls should be going through turbogears' url() function. something screwy must be going on. more investigation needed.

Changed in loggerhead:
assignee: nobody → robey
importance: Undecided → Medium
status: Unconfirmed → Confirmed
Revision history for this message
Robey Pointer (robey) wrote :

i believe this may be fixed in the trunk.

Changed in loggerhead:
status: Confirmed → Fix Committed
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

I just ran into this again, on revisions imported by bzr-svn, which has revids which are url-encoded versions of the path in the revid. Loggerhead ends up looking for, and not finding, the url-decoded versions of these paths... you can see this in action at:

http://codebrowse.launchpad.net/~mwhudson/pydoctor/dev/changes

(try clicking any of the "porting branches from bzr..." check in messages).

I can reproduce this locally without any of the launchpad-loggerhead code -- really seems like this bug is either back or was never fixed.

Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

Argh argh argh, it seems the problem with the pydoctor branches is in fact a problem with cherrypy. It "helpfully" mangles url segments that contain %2Fs:

        # Decode any leftover %2F in the virtual_path atoms.
        virtual_path = [x.replace("%2F", "/") for x in virtual_path]

So, I don't know how to fix this without getting away from cherrypy (2). Maybe make the considered revid a query argument? That's such a hack though.

Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

Released in 1.2.

Changed in loggerhead:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.