Context Navigation

Modify ↓

#13702 closed defect (fixed)

Garbled username when the username has non-ascii characters on Trac serving with mod_wsgi and mod_fcgid

Reported by:	Jun Omae	Owned by:	Jun Omae
Priority:	normal	Milestone:	1.6.1
Component:	web frontend/tracd	Version:	1.6
Severity:	normal	Keywords:
Cc:		Branch:
Release Notes:	Fixed incorrect handling WSGI "bytes-as-unicode" string of the REMOTE_USER variable.
API Changes:
Internal Changes:

Description

After logging in as joé to Trac which serves with mod_wsgi/mod_fcgid, logged in as joÃ© is shown in the metanav. If Trac serves with tracd, logged in as joé is correctly shown.

Also, the username (via Request.check_modified) is used in ETag header from attachment view. The header value has garbled username. According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag#etag_value, ASCII strings should be used in the ETag. We should encode the header value (e.g. urlencode).

$ curl -s -D - -o /dev/null -H 'Cookie: trac_auth=c3a8d583f00d2818e3e442b0fb588f70' 'http://127.0.0.1:3000/trac/attachment/ticket/22/test.png'
HTTP/1.1 200 Ok
Date: Sun, 07 Jan 2024 03:51:37 GMT
Server: Apache/2.4.41 (Ubuntu) mod_wsgi/5.0.0 Python/3.11 SVN/1.13.0
ETag: W/"jo�/Sat, 06 Jan 2024 23:55:50 GMT/False"
Cache-Control: must-revalidate
Expires: Fri, 01 Jan 1999 00:00:00 GMT
Set-Cookie: trac_form_token=ee5889b2d87128f5977cce46; HttpOnly; Path=/trac
Transfer-Encoding: chunked
Content-Type: text/html;charset=utf-8

Attachments (0)

Change History (3)

comment:1 by Jun Omae, 2 weeks ago

Component:	web frontend/mod_wsgi → web frontend/tracd
Owner:	set to Jun Omae
Status:	new → assigned

According to Unicode Issues - PEP 3333 – Python Web Server Gateway Interface v1.0.1, values of the environ (e.g. REMOTE_USER) store str instance which decoded the bytes as latin-1 encoding. However, tracd stores str instance which decoded as utf-8 encoding. In other wsgi containers, latin-1 encoding is used according to the PEP 3333.

comment:2 by Jun Omae, 2 weeks ago

Proposed changes in [f0d7bb9b/jomae.git].

comment:3 by Jun Omae, 2 weeks ago

Release Notes:	modified (diff)
Resolution:	→ fixed
Status:	assigned → closed

Fixed in [17789] and merged in [17790].

Modify Ticket

Change Properties

Summary:
Description:	After logging in as `joé` to Trac which serves with mod_wsgi/mod_fcgid, `logged in as joÃ©` is shown in the metanav. If Trac serves with tracd, `logged in as joé` is correctly shown. Also, the username (via `Request.check_modified`) is used in ETag header from attachment view. The header value has garbled username. According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag#etag_value, ASCII strings should be used in the ETag. We should encode the header value (e.g. urlencode). {{{ $ curl -s -D - -o /dev/null -H 'Cookie: trac_auth=c3a8d583f00d2818e3e442b0fb588f70' 'http://127.0.0.1:3000/trac/attachment/ticket/22/test.png' HTTP/1.1 200 Ok Date: Sun, 07 Jan 2024 03:51:37 GMT Server: Apache/2.4.41 (Ubuntu) mod_wsgi/5.0.0 Python/3.11 SVN/1.13.0 ETag: W/"jo�/Sat, 06 Jan 2024 23:55:50 GMT/False" Cache-Control: must-revalidate Expires: Fri, 01 Jan 1999 00:00:00 GMT Set-Cookie: trac_form_token=ee5889b2d87128f5977cce46; HttpOnly; Path=/trac Transfer-Encoding: chunked Content-Type: text/html;charset=utf-8 }}} You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:	Fixed incorrect handling WSGI "bytes-as-unicode" string of the REMOTE_USER variable.
API Changes:
Internal Changes:

Action

leave as closed The owner will remain Jun Omae.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from Jun Omae to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: