python 2.6 breaks attachments/milestone editing/likely more
|Reported by:||Owned by:||jonas|
the python 2.6 changelog entry:
The cgi module will now read variables from the query string of an HTTP POST request. This makes it possible to use form actions with URLs that include query strings such as “/cgi-bin/add.py?category=1”.
seems to break attachments for me. The query string is
and "action" is, of course, also a hidden posted with the form. This causes attachment.py (370):
if action == 'new':
to fail, because
req.args.get('action', 'view') returns an array
Attachments in tickets and wiki pages are affected, as is edit milestone and (given the source of the problem) likely exists for other POST'ed forms throughout trac.
I'm using trac-0.11.2 with python-2.6.0 on apache2-2.2.10 with apache2-mod_python-3.3.1 (the openSuSE-11.1 RC1 packages).
I looked through the code and found a few instances where a POST will expect scalar values and not check. To get my team up and running I patched trac locally by replacing calls to get with calls to getfirst each time my team stumbles into a broken form. This sweeps the problem under that carpet (if, for example, the query string's value differs from the form field's value for some reason), but at least its not python 2.6 specific.
Change History (7)
Changed 6 years ago by
comment:3 Changed 6 years ago by
- Priority changed from normal to high
- Severity changed from major to critical