Modify ↓
Opened 6 months ago
Closed 6 months ago
#13758 closed defect (fixed)
ValueError raised when receiving non-strict query string for POST method if multipart package installed
Reported by: | Jun Omae | Owned by: | Jun Omae |
---|---|---|---|
Priority: | normal | Milestone: | 1.6.1 |
Component: | web frontend | Version: | 1.6 |
Severity: | normal | Keywords: | |
Cc: | Branch: | ||
Release Notes: |
Fixed |
||
API Changes: | |||
Internal Changes: |
Description
ValueError: bad query field: 'or'
raised if sending non-strict query string for POST method like the following:
$ curl -sv -o /dev/null -d 'type=defect&or&owner=john' http://localhost:3000/tracenv/wiki * Trying 127.0.0.1:3000... * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 3000 (#0) > POST /tracenv/wiki HTTP/1.1 > Host: localhost:3000 > User-Agent: curl/7.68.0 > Accept: */* > Content-Length: 25 > Content-Type: application/x-www-form-urlencoded > } [25 bytes data] * upload completely sent off: 25 out of 25 bytes
21:24:06 Trac[main] ERROR: [127.0.0.1] Internal Server Error: <RequestWithSession "POST '/wiki'">, referrer None Traceback (most recent call last): File "/home/jun66j5/venv/trac/1.6/lib/python3.11/site-packages/trac/web/main.py", line 609, in dispatch_request dispatcher.dispatch(req) File "/home/jun66j5/venv/trac/1.6/lib/python3.11/site-packages/trac/web/main.py", line 301, in dispatch raise e File "/home/jun66j5/venv/trac/1.6/lib/python3.11/site-packages/trac/web/main.py", line 237, in dispatch req.args.get('__FORM_TOKEN') != req.form_token: ^^^^^^^^ File "/home/jun66j5/venv/trac/1.6/lib/python3.11/site-packages/trac/web/api.py", line 661, in __getattr__ value = self.callbacks[name](self) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/jun66j5/venv/trac/1.6/lib/python3.11/site-packages/trac/web/api.py", line 643, in <lambda> 'args': lambda req: arg_list_to_args(req.arg_list), ^^^^^^^^^^^^ File "/home/jun66j5/venv/trac/1.6/lib/python3.11/site-packages/trac/web/api.py", line 661, in __getattr__ value = self.callbacks[name](self) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/jun66j5/venv/trac/1.6/lib/python3.11/site-packages/trac/web/api.py", line 1019, in _parse_arg_list return list(parse_form_data(self.environ)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/jun66j5/venv/trac/1.6/lib/python3.11/site-packages/trac/web/api.py", line 497, in parse_form_data pairs = urllib.parse.parse_qsl( ^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/urllib/parse.py", line 795, in parse_qsl raise ValueError("bad query field: %r" % (name_value,)) ValueError: bad query field: 'or' 127.0.0.1 - - [07/Jun/2024 21:24:07] "POST /tracenv/wiki HTTP/1.1" 500 -
If multipart
package not installed, cgi.FieldStorage
is used and no error is raised.
-
trac/web/api.py
diff --git a/trac/web/api.py b/trac/web/api.py index 80cf2ede8..383db0a06 100644
a b if multipart: 524 524 data = environ['wsgi.input'].read(length) 525 525 pairs = urllib.parse.parse_qsl( 526 526 str(data, 'utf-8'), keep_blank_values=True, 527 strict_parsing= True, encoding='utf-8', errors='strict')527 strict_parsing=False, encoding='utf-8', errors='strict') 528 528 for name, value in pairs: 529 529 _raise_if_null_bytes(name) 530 530 _raise_if_null_bytes(value)
Attachments (0)
Change History (1)
comment:1 by , 6 months ago
Release Notes: | modified (diff) |
---|---|
Resolution: | → fixed |
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed in [17820] and merged in [17821].