Edgewall Software
Modify

Opened 12 years ago

Closed 12 years ago

Last modified 9 years ago

#11120 closed defect (wontfix)

SearchModule: ValueError: invalid literal for int() with base 10: 'notanint'

Reported by: Alex Willmer <al.willmer@…> Owned by:
Priority: normal Milestone:
Component: search system Version:
Severity: normal Keywords: patch
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

How to reproduce

While doing a GET operation on /search, Trac issued an internal error.

Pass a none integer to the noquickjump parameter in a search URL to cause an unhandled exception. e.g. http://trac.edgewall.org/search?q=fred&noquickjump=notanint

Request parameters: 

{'changeset': u'on',
 'milestone': u'on',
 'noquickjump': u'notanint',
 'q': u'fred',
 'ticket': u'on',
 'wiki': u'on'}

User agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22

System Information

System information not available

Enabled Plugins

Plugin information not available

Python Traceback

Traceback (most recent call last):
  File "/usr/local/virtualenv/1.1dev/lib/python2.6/site-packages/Trac-1.1.2dev_r11711-py2.6.egg/trac/web/main.py", line 497, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/local/virtualenv/1.1dev/lib/python2.6/site-packages/Trac-1.1.2dev_r11711-py2.6.egg/trac/web/main.py", line 214, in dispatch
    resp = chosen_handler.process_request(req)
  File "/usr/local/virtualenv/1.1dev/lib/python2.6/site-packages/Trac-1.1.2dev_r11711-py2.6.egg/trac/search/web_ui.py", line 100, in process_request
    data['quickjump'] = self._check_quickjump(req, query)
  File "/usr/local/virtualenv/1.1dev/lib/python2.6/site-packages/Trac-1.1.2dev_r11711-py2.6.egg/trac/search/web_ui.py", line 160, in _check_quickjump
    noquickjump = int(req.args.get('noquickjump', '0'))
ValueError: invalid literal for int() with base 10: 'notanint'

Attachments (1)

noquickjump_as_bool.patch (876 bytes ) - added by Alex Willmer <al.willmer@…> 12 years ago.

Download all attachments as: .zip

Change History (7)

by Alex Willmer <al.willmer@…>, 12 years ago

Attachment: noquickjump_as_bool.patch added

comment:1 by Alex Willmer <al.willmer@…>, 12 years ago

Keywords: patch added

comment:2 by anonymous, 12 years ago

An alternative is to interpret noquickjump=something in the same way filters such as ticket=on are intepreted. Namely that the presence or absence of the argument is used, and the value is ignored. This would change the semantics of existing links though i.e. http://trac.edgewall.org/search?q=fred&noquickjump=0 would mean the reverse of what it does now.

comment:3 by Alex Willmer <al.willmer@…>, 12 years ago

Possibly a wider problem, or is this the intentional way to indicate an erroneous input? 

me@ubuntu1210:~/src/trac$ svn info | grep Revision
Revision: 11713
me@ubuntu1210:~/src/trac$ ack-grep -a "int\\(req.args.get" trac/
trac/ticket/admin.py
675:                                   str(int(req.args.get(key)))) for key

trac/ticket/report.py
153:        id = int(req.args.get('id', -1))
301:        asc = bool(int(req.args.get('asc', 1)))
398:        page = int(req.args.get('page', '1'))

trac/ticket/web_ui.py
528:        id = int(req.args.get('id'))
529:        version = as_int(req.args.get('version'), None)
852:        new_version = int(req.args.get('version', 1))
853:        old_version = int(req.args.get('old_version', new_version))
1048:        new_version = int(req.args.get('version', 1))
1049:        old_version = int(req.args.get('old_version', new_version))

trac/wiki/web_api.py
40:        version = as_int(req.args.get('version'), None)

trac/wiki/web_ui.py
256:        version = int(req.args.get('version', 0)) or None
257:        old_version = int(req.args.get('old_version', 0)) or version
356:            version = int(req.args.get('version', 0))
357:        old_version = int(req.args.get('old_version') or 0) or version

trac/admin/web_ui.py
457:                anchor = '#no%d' % (int(req.args.get('plugin')) + 1)

trac/timeline/web_ui.py
94:        maxrows = int(req.args.get('max', 50 if format == 'rss' else 0))
129:        daysback = as_int(req.args.get('daysback'),

trac/search/web_ui.py
219:        page = int(req.args.get('page', '1'))

trac/versioncontrol/diff.py
325:        context = int(req.args.get('contextlines', pref))
332:    arg = int(req.args.get('contextall', 0))

trac/versioncontrol/web_ui/log.py
87:        limit = int(req.args.get('limit') or self.default_log_limit)

comment:4 by Remy Blank, 12 years ago

We usually don't prevent 500s on URLs that were edited. What we are careful about is that you shouldn't be able to generate a 500 by navigating only (or submitting forms).

comment:5 by Alex Willmer <al.willmer@…>, 12 years ago

Resolution: wontfix
Status: newclosed

Then I'm happy to close this bug. Thank you for clarifying

comment:6 by Christian Boos, 9 years ago

(revisited in #12325, as we'd like to minimize spurious tracebacks in the logs)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from (none) to the specified user.

Add Comment
E-mail address and name can be saved in the Preferences .
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.