Ticket #316 (closed defect: fixed)
Search URL escaping
| Reported by: | dread | Owned by: | rgrp |
|---|---|---|---|
| Priority: | awaiting triage | Milestone: | |
| Component: | ckan | Keywords: | |
| Cc: | Repository: | ||
| Theme: |
Description (last modified by dread) (diff)
If you search for unescaped characters such as '`' (backtick) in the URL in Chrome then you get a 500 error.
e.g. http://www.ckan.net/package/search?q=fjdkf2B%C2%B4gfhgfkgf{gpk fjdkf2B´gfhgfkgf{gpk
returns this exception:
URL: http://www.ckan.net/package/search?q=fjdkf%2B%C2%B4gfhgfkgf%7Bg%C2%B4pk&search=Search+Packages+%C2%BB
Module weberror.errormiddleware:162 in __call__
<< __traceback_supplement__ = Supplement, self, environ
sr_checker = ResponseStartChecker(start_response)
app_iter = self.application(environ, sr_checker)
return self.make_catching_iter(app_iter, environ, sr_checker)
except:
>> app_iter = self.application(environ, sr_checker)
Module repoze.who.middleware:107 in __call__
<< wrapper = StartResponseWrapper(start_response)
app_iter = app(environ, wrapper.wrap_start_response)
# The challenge decider almost(?) always needs information from the
>> app_iter = app(environ, wrapper.wrap_start_response)
Module beaker.middleware:73 in __call__
<< self.cache_manager)
environ[self.environ_key] = self.cache_manager
return self.app(environ, start_response)
>> return self.app(environ, start_response)
Module beaker.middleware:152 in __call__
<< headers.append(('Set-cookie', cookie))
return start_response(status, headers, exc_info)
return self.wrap_app(environ, session_start_response)
def _get_session(self):
>> return self.wrap_app(environ, session_start_response)
Module routes.middleware:130 in __call__
<< environ['SCRIPT_NAME'] = environ['SCRIPT_NAME'][:-1]
response = self.app(environ, start_response)
# Wrapped in try as in rare cases the attribute will be gone already
>> response = self.app(environ, start_response)
Module pylons.wsgiapp:125 in __call__
<<
controller = self.resolve(environ, start_response)
response = self.dispatch(controller, environ, start_response)
if 'paste.testing_variables' in environ and hasattr(response,
>> response = self.dispatch(controller, environ, start_response)
Module pylons.wsgiapp:324 in dispatch
<< if log_debug:
log.debug("Calling controller class with WSGI interface")
return controller(environ, start_response)
def load_test_env(self, environ):
>> return controller(environ, start_response)
Module ckan.lib.base:50 in __call__
<< # available in environ['pylons.routes_dict']
try:
return WSGIController.__call__(self, environ, start_response)
finally:
model.Session.remove()
>> return WSGIController.__call__(self, environ, start_response)
Module pylons.controllers.core:221 in __call__
<< return response(environ, self.start_response)
response = self._dispatch_call()
if not start_response_called:
self.start_response = start_response
>> response = self._dispatch_call()
Module pylons.controllers.core:172 in _dispatch_call
<< req.environ['pylons.action_method'] = func
response = self._inspect_call(func)
else:
if log_debug:
>> response = self._inspect_call(func)
Module pylons.controllers.core:107 in _inspect_call
<< func.__name__, args)
try:
result = self._perform_call(func, args)
except HTTPException, httpe:
if log_debug:
>> result = self._perform_call(func, args)
Module pylons.controllers.core:60 in _perform_call
<< """Hide the traceback for everything above this method"""
__traceback_hide__ = 'before_and_this'
return func(**args)
def _inspect_call(self, func):
>> return func(**args)
Module ckan.controllers.package:52 in search
<< collection=query,
page=request.params.get('page', 1),
items_per_page=50
)
# filter out ranks from the query result
>> items_per_page=50
Module webhelpers.paginate:333 in __init__
<< self.item_count = item_count
else:
self.item_count = len(self.collection)
# Compute the number of the first and last available page
>> self.item_count = len(self.collection)
Module webhelpers.paginate:204 in __len__
<< def __len__(self):
return self.obj.count()
# Since the items on a page are mainly a list we subclass the "list" type
>> return self.obj.count()
Module sqlalchemy.orm.query:1094 in count
<< q = q.params(params)
q = q._legacy_select_kwargs(**kwargs)
return q._count()
def _count(self):
>> return q._count()
Module sqlalchemy.orm.query:1103 in _count
<< """
return self._col_aggregate(sql.literal_column('1'), sql.func.count, nested_cols=list(self.mapper.primary_key))
def _col_aggregate(self, col, func, nested_cols=None):
>> return self._col_aggregate(sql.literal_column('1'), sql.func.count, nested_cols=list(self.mapper.primary_key))
Module sqlalchemy.orm.query:1125 in _col_aggregate
<< if self._autoflush and not self._populate_existing:
self.session._autoflush()
return self.session.scalar(s, params=self._params, mapper=self.mapper)
def compile(self):
>> return self.session.scalar(s, params=self._params, mapper=self.mapper)
Module sqlalchemy.orm.session:635 in scalar
<< engine = self.get_bind(mapper, clause=clause, instance=instance)
return self.__connection(engine, close_with_result=True).scalar(clause, params or {})
def close(self):
>> return self.__connection(engine, close_with_result=True).scalar(clause, params or {})
Module sqlalchemy.engine.base:834 in scalar
<< """
return self.execute(object, *multiparams, **params).scalar()
def statement_compiler(self, statement, **kwargs):
>> return self.execute(object, *multiparams, **params).scalar()
Module sqlalchemy.engine.base:844 in execute
<< for c in type(object).__mro__:
if c in Connection.executors:
return Connection.executors[c](self, object, multiparams, params)
else:
raise exceptions.InvalidRequestError("Unexecutable object type: " + str(type(object)))
>> return Connection.executors[c](self, object, multiparams, params)
Module sqlalchemy.engine.base:895 in execute_clauseelement
<< else:
keys = None
return self._execute_compiled(elem.compile(dialect=self.dialect, column_keys=keys, inline=len(params) > 1), distilled_params=params)
def _execute_compiled(self, compiled, multiparams=None, params=None, distilled_params=None):
>> return self._execute_compiled(elem.compile(dialect=self.dialect, column_keys=keys, inline=len(params) > 1), distilled_params=params)
Module sqlalchemy.engine.base:907 in _execute_compiled
<< context.pre_execution()
self.__execute_raw(context)
context.post_execution()
self._autocommit(context)
>> self.__execute_raw(context)
Module sqlalchemy.engine.base:916 in __execute_raw
<< self._cursor_executemany(context.cursor, context.statement, context.parameters, context=context)
else:
self._cursor_execute(context.cursor, context.statement, context.parameters[0], context=context)
def _execute_ddl(self, ddl, params, multiparams):
>> self._cursor_execute(context.cursor, context.statement, context.parameters[0], context=context)
Module sqlalchemy.engine.base:958 in _cursor_execute
<< self.engine.logger.info(repr(parameters))
try:
self.dialect.do_execute(cursor, statement, parameters, context=context)
except Exception, e:
self._handle_dbapi_exception(e, statement, parameters, cursor)
>> self.dialect.do_execute(cursor, statement, parameters, context=context)
Module sqlalchemy.engine.default:133 in do_execute
<< def do_execute(self, cursor, statement, parameters, context=None):
cursor.execute(statement, parameters)
def is_disconnect(self, e):
>> cursor.execute(statement, parameters)
UnicodeEncodeError: 'ascii' codec can't encode character u'\xb4' in position 6: ordinal not in range(128)
Change History
comment:1 Changed 4 years ago by dread
- Summary changed from Search URL encoding issue to Search URL escaping
comment:2 Changed 4 years ago by dread
- Description modified (diff)
This exception occurs for ckan.net with just this one character: http://ckan.net/package/search?q=%C2 (you can wget it)
But I can't recreate it on my machine. Maybe it's a version issue.
The client that is making all these crazy calls is googlebot.
Note: See
TracTickets for help on using
tickets.
