Context Navigation

Modify ↓

#13168 closed defect (fixed)

Query._get_constraints() should not modify a list in req.args

Reported by:	Jun Omae	Owned by:	Jun Omae
Priority:	normal	Milestone:	1.0.18
Component:	query system	Version:
Severity:	normal	Keywords:
Cc:		Branch:
Release Notes:	Avoid modification of a list in req.args in Query module.
API Changes:
Internal Changes:

Description (last modified by Jun Omae)

I sometimes encounter IndexErrors from Query._get_constraints() on our production environment with private plugin which calls Query._get_constraints().

ERROR: Internal Server Error: <RequestWithSession "POST '/query'">, referrer 'https://example.org/query'
Traceback (most recent call last):
  File "/venv/lib/python2.7/site-packages/trac/web/main.py", line 554, in _dispatch_request
    dispatcher.dispatch(req)
  File "/venv/lib/python2.7/site-packages/trac/web/main.py", line 257, in dispatch
    self._post_process_request(req, *resp)
  File "/venv/lib/python2.7/site-packages/trac/web/main.py", line 388, in _post_process_request
    resp = f.post_process_request(req, *resp)
  File "/vol/releases/20190322024230/share/plugins/XxxPlugin.egg/xxx/project/ticket/custom_field.py", line 626, in post_process_request
    if not mod._get_constraints(req) and 'order' not in req.args:
  File "/venv/lib/python2.7/site-packages/trac/ticket/query.py", line 1066, in _get_constraints
    del vals[idx]
IndexError: list assignment index out of range

Investigating the issue, it is caused by that Query._get_constraints() modifies a list in req.args and is called twice when a condition is removed.

I don't consider the method should modify a list in req.args.

[9f904f1df/jomae.git]:

trac/ticket/query.py

diff --git a/trac/ticket/query.py b/trac/ticket/query.py
index 3fbe171f1..80ca3c054 100644

                class QueryModule(Component):
             # requested for clients without JavaScript
             add_num = None
             constraints = {}
             for k, vals in req.args.iteritems():
+            for k in req.args:
                 match = self.add_re.match(k)
                 if match:
                     add_num = match.group(1)
-…
+               class QueryModule(Component):
                 clause_num = int(match.group('clause'))
                 if field not in fields:
                     continue
                 if not isinstance(vals, (list, tuple)):
                     vals = [vals]
+                # use list() to avoid modification of a list in req.args
+                vals = list(req.args.getlist(k))
                 if vals:
                     mode = req.args.get(k + '_mode')
                     if mode:

trac/ticket/tests/query.py

diff --git a/trac/ticket/tests/query.py b/trac/ticket/tests/query.py
index cb2d0fc6e..e8cce442c 100644

                ORDER BY COALESCE(c.%(ticket)s,'')='',c.%(ticket)s,t.id""" % quoted)
         prop = req.chrome['script_data']['properties']['milestone']
         self.assertEqual({'label': 'Milestone', 'type': 'text'}, prop)
+    def test_get_constraints_keep_req_args(self):
+        arg_list = (('0_type', 'defect'), ('0_type', 'task'),
+                    ('0_type', 'enhancement'), ('rm_filter_0_type_1', '-'),
+                    ('1_type', 'task'))
+        req = MockRequest(self.env, method='POST', path_info='/query',
+                          arg_list=arg_list)
+        orig_args = arg_list_to_args(arg_list)
+        mod = QueryModule(self.env)
+        self.assertTrue(mod.match_request(req))
+        template, data, content_type = mod.process_request(req)
+        self.assertEqual([{'type': ['defect', 'enhancement']},
+                          {'type': ['task']}],
+                         data['query'].constraints)
+        self.assertEqual(orig_args, req.args)
 class QueryLinksTestCase(unittest.TestCase):

Attachments (0)

Change History (4)

comment:1 by Jun Omae, 5 years ago

Description:	modified (diff)

comment:2 by Ryan J Ollos, 5 years ago

The change looks good to me.

comment:3 by Jun Omae, 5 years ago

Owner:	set to Jun Omae
Status:	new → assigned

Thanks for the reviewing. I'll push the change.

comment:4 by Jun Omae, 5 years ago

Release Notes:	modified (diff)
Resolution:	→ fixed
Status:	assigned → closed

Committed in [16922] and merged in [16923,16924].

Modify Ticket

Change Properties

Summary:
Description:	I sometimes encounter `IndexError`s from `Query._get_constraints()` on our production environment with private plugin which calls `Query._get_constraints()`. {{{ ERROR: Internal Server Error: <RequestWithSession "POST '/query'">, referrer 'https://example.org/query' Traceback (most recent call last): File "/venv/lib/python2.7/site-packages/trac/web/main.py", line 554, in _dispatch_request dispatcher.dispatch(req) File "/venv/lib/python2.7/site-packages/trac/web/main.py", line 257, in dispatch self._post_process_request(req, resp) File "/venv/lib/python2.7/site-packages/trac/web/main.py", line 388, in _post_process_request resp = f.post_process_request(req, resp) File "/vol/releases/20190322024230/share/plugins/XxxPlugin.egg/xxx/project/ticket/custom_field.py", line 626, in post_process_request if not mod._get_constraints(req) and 'order' not in req.args: File "/venv/lib/python2.7/site-packages/trac/ticket/query.py", line 1066, in _get_constraints del vals[idx] IndexError: list assignment index out of range }}} Investigating the issue, it is caused by that `Query._get_constraints()` modifies a list in `req.args` and is called twice when a condition is removed. I don't consider the method should modify a list in `req.args`. [9f904f1df/jomae.git]: {{{#!diff diff --git a/trac/ticket/query.py b/trac/ticket/query.py index 3fbe171f1..80ca3c054 100644 --- a/trac/ticket/query.py +++ b/trac/ticket/query.py @@ -1044,7 +1044,7 @@ class QueryModule(Component): # requested for clients without JavaScript add_num = None constraints = {} - for k, vals in req.args.iteritems(): + for k in req.args: match = self.add_re.match(k) if match: add_num = match.group(1) @@ -1056,8 +1056,8 @@ class QueryModule(Component): clause_num = int(match.group('clause')) if field not in fields: continue - if not isinstance(vals, (list, tuple)): - vals = [vals] + # use list() to avoid modification of a list in req.args + vals = list(req.args.getlist(k)) if vals: mode = req.args.get(k + '_mode') if mode: diff --git a/trac/ticket/tests/query.py b/trac/ticket/tests/query.py index cb2d0fc6e..e8cce442c 100644 --- a/trac/ticket/tests/query.py +++ b/trac/ticket/tests/query.py @@ -1108,6 +1108,21 @@ ORDER BY COALESCE(c.%(ticket)s,'')='',c.%(ticket)s,t.id""" % quoted) prop = req.chrome['script_data']['properties']['milestone'] self.assertEqual({'label': 'Milestone', 'type': 'text'}, prop) + def test_get_constraints_keep_req_args(self): + arg_list = (('0_type', 'defect'), ('0_type', 'task'), + ('0_type', 'enhancement'), ('rm_filter_0_type_1', '-'), + ('1_type', 'task')) + req = MockRequest(self.env, method='POST', path_info='/query', + arg_list=arg_list) + orig_args = arg_list_to_args(arg_list) + mod = QueryModule(self.env) + self.assertTrue(mod.match_request(req)) + template, data, content_type = mod.process_request(req) + self.assertEqual([{'type': ['defect', 'enhancement']}, + {'type': ['task']}], + data['query'].constraints) + self.assertEqual(orig_args, req.args) + class QueryLinksTestCase(unittest.TestCase): }}} You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:	Avoid modification of a list in req.args in Query module.
API Changes:
Internal Changes:

Action

leave as closed The owner will remain Jun Omae.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from Jun Omae to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: