Edgewall Software
Modify

Opened 14 years ago

Last modified 14 years ago

#9653 new defect

tracd --base-path matches any string of the same length

Reported by: kamil@… Owned by:
Priority: normal Milestone: next-major-releases
Component: web frontend/tracd Version: 0.12
Severity: minor Keywords: bitesized
Cc: lists@… Branch:
Release Notes:
API Changes:
Internal Changes:

Description

Say I start tracd with a a script that looks like: 

#!/bin/bash
export ENV=/srv/trac-alpha
tracd -r -p 8081 -s --basic-auth=trac-alpha,$ENV/htpasswd,example.com --base-path=trac/ $ENV

Then any 4-character URL works as the base path. For example visiting http://example.com:8081/trac/timeline shows the timeline, as does http://example.com:8081/1234/timeline or any other 4-character string.

Visiting http://example.com:8081/123/timeline gives an error page with "No handler matched request to timeline" and visiting http://example.com:8081/123/timeline gives an error page with "No handler matched request to 5/timeline"

Attachments (0)

Change History (3)

comment:1 by Remy Blank, 14 years ago

Component: generalweb frontend/tracd
Keywords: bitesized added
Milestone: next-major-0.1X

Not very elegant indeed. And probably relatively easy to fix. PatchWelcome.

comment:2 by Thijs Triemstra <lists@…>, 14 years ago

This patch reveals the issue:

  • trac/web/standalone.py

     
    6565
    6666    def __call__(self, environ, start_response):
    6767        path = environ['SCRIPT_NAME'] + environ.get('PATH_INFO', '')
     68        real_path = path[:len(self.base_path)]
     69        if real_path != self.base_path:
     70            print "this shouldn't be possible? real path: %s, base_path: %s" % (real_path, self.base_path)
     71            return []
    6872        environ['PATH_INFO'] = path[len(self.base_path):]
    6973        environ['SCRIPT_NAME'] = self.base_path
    7074        return self.application(environ, start_response)

This is the output: 

this shouldn't be possible? real path: /1234, base_path: /trac
----------------------------------------
Exception happened during processing of request from ('127.0.0.1', 51106)
Traceback (most recent call last):
  File "/usr/local/lib/python2.6/SocketServer.py", line 558, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/local/lib/python2.6/SocketServer.py", line 320, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/local/lib/python2.6/SocketServer.py", line 615, in __init__
    self.handle()
  File "/usr/local/lib/python2.6/BaseHTTPServer.py", line 329, in handle
    self.handle_one_request()
  File "/Users/thijstriemstra/Sites/trac-0.12-stable/trac/web/wsgi.py", line 189, in handle_one_request
    gateway.run(self.server.application)
  File "/Users/thijstriemstra/Sites/trac-0.12-stable/trac/web/wsgi.py", line 100, in run
    self._write('')
  File "/Users/thijstriemstra/Sites/trac-0.12-stable/trac/web/wsgi.py", line 207, in _write
    assert self.headers_set, 'Response not started'
AssertionError: Response not started

So instead of the AssertionError it should return a 404. Not sure how to do this yet.

comment:3 by Thijs Triemstra <lists@…>, 14 years ago

Cc: lists@… added

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The ticket will remain with no owner.
The ticket will be disowned.
as The resolution will be set. Next status will be 'closed'.
The owner will be changed from (none) to anonymous. Next status will be 'assigned'.

Add Comment
E-mail address and name can be saved in the Preferences .
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.