Attachments from bug reports don't open when there is an empty space in url

Bug #825458 reported by Sam_
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Critical
Robert Collins

Bug Description

Bug #824470
Screenshot from comment #1
error ID OOPS-2050AX76

Bug #825046
Screenshot from comment #1
error ID OOPS-2050EDGEA60

Bug #825004
Screenshot from comment #1
error ID OOPS-2050EDGEE63

Bug #824916
Screenshot from comment #1
error ID OOPS-2050EDGEB79
Traceback (most recent call last):

    Module zope.publisher.publish, line 128, in publish
    publication.beforeTraversal(request)
    Module canonical.launchpad.webapp.publication, line 314, in beforeTraversal
    raise NotFound(self.getApplication(request), '')

NotFound: Object: <canonical.launchpad.webapp.publisher.RootObject object at 0x293f690>, name: ''<br />

Exceptions from title: the url from screenshots there don't contain empty space.
Bug #825313
Screenshot from comment #1
error ID OOPS-2050EDGEA81

Bug #825296
Click on linked bug report in comment #5
error ID OOPS-2050EDGEB89

- - - - - Below are ok.

Bug #819029
Screenshot from comment #4 is ok.

Bug #824953
Screenshot from comment #1 is ok.

Sam_ (and-sam)
description: updated
description: updated
Brad Crittenden (bac)
Changed in launchpad:
status: New → Triaged
importance: Undecided → High
Sam_ (and-sam)
description: updated
Brad Crittenden (bac)
summary: - Screenshots from bug reports don't open when there is an empty space in
+ Attachments from bug reports don't open when there is an empty space in
url
Revision history for this message
Robert Collins (lifeless) wrote :

This is a regression: we recently changed our url processing to only accept urls we would generate, and we forgot that we use untrusted data (filenames) in urls sent to the main appserver (because the appserver needs to check authentication cookies before deciding whether to redirect to the private librarian, for the case of private bugs). This change was made to avoid a set of systematic bugs and glitches in url routing.

one way to address this would be to change our implementation of that change, another would be to make the urls we generate, even for attachments with unicode elements or whitespace, match our more restrictive rules (e.g. by folding the name down).

tags: added: regression
Changed in launchpad:
importance: High → Critical
Revision history for this message
Kovid Goyal (kovid) wrote :

While we wait for the fix, is there any way that the attachments can be accessed in the meantime? A direct way to access the librarian, perhaps?

Revision history for this message
Sam_ (and-sam) wrote :

If the name of attachment doesn't have empty space in it, it works. I'm able to access all my screenshots this way.
The problem is most users don't know this at the moment and the local application names screenshots like 'screenshot at timestamp' by default (which isn't btw. the case in Natty). Workaround is to kindly ask the bug reporter if it can be uploaded again without space in it's name.

Revision history for this message
Robert Collins (lifeless) wrote :

rev 13687 rolls back the change and will fix the issue site wide;

We have to qa 4 revisions to be able to deploy this:

Revision 13675 can not be deployed: needstesting
Assignee: wallyworld
[r=sinzui][bug=823689] Display new affiliation information for each person entry in a picker search result.
Fixes: Bug:823689

Revision 13679 can not be deployed: needstesting
Assignee: danilo
[r=jcsackett][bug=820511] Log Job IDs on INFO level when running jobs to ease debugging efforts when things go wrong.
Fixes: Bug:820511

Revision 13681 can not be deployed: needstesting
Assignee: danilo
[r=adeuring][bug=728220] Filter out any quoted strings from queries executed on the session DB when storing OOPS reports.
Fixes: Bug:728220

Revision 13682 can not be deployed: needstesting
Assignee: julian-edwards
[r=julian-edwards][bug=824532] Don't copy superseded sources from the parent series when initializing a new distroseries.

If we can't qa them in a sensible timeframe we'll roll production backwards to address the issue. Either way, we can't do anything until the UK wake up - we don't have asiapac coverage this week.

Revision history for this message
Sam_ (and-sam) wrote :

I'm able to open the screenshot of comment #1, which has empty space. (Bug #827232)
Not an expert, but I wonder if it may have something to do with colons not correctly translated
e.g. <screenshot at time:stamp>.

Revision history for this message
Robert Collins (lifeless) wrote :

Sorry, I meant to update this - we deployed the reversion on Monday, so all these attachments should work without any issue.

We're really sorry for the inconvenience this caused!

Changed in launchpad:
status: Triaged → Fix Released
assignee: nobody → Robert Collins (lifeless)
tags: added: critical-analysis
Revision history for this message
Francis J. Lacoste (flacoste) wrote :

This regression was introduced in rev 13664 as a fix to bug 819841.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.