Ticket #316 (new defect) — at Version 2
Search URL escaping
Reported by: | dread | Owned by: | rgrp |
---|---|---|---|
Priority: | awaiting triage | Milestone: | |
Component: | ckan | Keywords: | |
Cc: | Repository: | ||
Theme: |
Description (last modified by dread) (diff)
If you search for unescaped characters such as '`' (backtick) in the URL in Chrome then you get a 500 error.
e.g. http://www.ckan.net/package/search?q=fjdkf2B%C2%B4gfhgfkgf{gpk fjdkf2B´gfhgfkgf{gpk
returns this exception:
URL: http://www.ckan.net/package/search?q=fjdkf%2B%C2%B4gfhgfkgf%7Bg%C2%B4pk&search=Search+Packages+%C2%BB Module weberror.errormiddleware:162 in __call__ << __traceback_supplement__ = Supplement, self, environ sr_checker = ResponseStartChecker(start_response) app_iter = self.application(environ, sr_checker) return self.make_catching_iter(app_iter, environ, sr_checker) except: >> app_iter = self.application(environ, sr_checker) Module repoze.who.middleware:107 in __call__ << wrapper = StartResponseWrapper(start_response) app_iter = app(environ, wrapper.wrap_start_response) # The challenge decider almost(?) always needs information from the >> app_iter = app(environ, wrapper.wrap_start_response) Module beaker.middleware:73 in __call__ << self.cache_manager) environ[self.environ_key] = self.cache_manager return self.app(environ, start_response) >> return self.app(environ, start_response) Module beaker.middleware:152 in __call__ << headers.append(('Set-cookie', cookie)) return start_response(status, headers, exc_info) return self.wrap_app(environ, session_start_response) def _get_session(self): >> return self.wrap_app(environ, session_start_response) Module routes.middleware:130 in __call__ << environ['SCRIPT_NAME'] = environ['SCRIPT_NAME'][:-1] response = self.app(environ, start_response) # Wrapped in try as in rare cases the attribute will be gone already >> response = self.app(environ, start_response) Module pylons.wsgiapp:125 in __call__ << controller = self.resolve(environ, start_response) response = self.dispatch(controller, environ, start_response) if 'paste.testing_variables' in environ and hasattr(response, >> response = self.dispatch(controller, environ, start_response) Module pylons.wsgiapp:324 in dispatch << if log_debug: log.debug("Calling controller class with WSGI interface") return controller(environ, start_response) def load_test_env(self, environ): >> return controller(environ, start_response) Module ckan.lib.base:50 in __call__ << # available in environ['pylons.routes_dict'] try: return WSGIController.__call__(self, environ, start_response) finally: model.Session.remove() >> return WSGIController.__call__(self, environ, start_response) Module pylons.controllers.core:221 in __call__ << return response(environ, self.start_response) response = self._dispatch_call() if not start_response_called: self.start_response = start_response >> response = self._dispatch_call() Module pylons.controllers.core:172 in _dispatch_call << req.environ['pylons.action_method'] = func response = self._inspect_call(func) else: if log_debug: >> response = self._inspect_call(func) Module pylons.controllers.core:107 in _inspect_call << func.__name__, args) try: result = self._perform_call(func, args) except HTTPException, httpe: if log_debug: >> result = self._perform_call(func, args) Module pylons.controllers.core:60 in _perform_call << """Hide the traceback for everything above this method""" __traceback_hide__ = 'before_and_this' return func(**args) def _inspect_call(self, func): >> return func(**args) Module ckan.controllers.package:52 in search << collection=query, page=request.params.get('page', 1), items_per_page=50 ) # filter out ranks from the query result >> items_per_page=50 Module webhelpers.paginate:333 in __init__ << self.item_count = item_count else: self.item_count = len(self.collection) # Compute the number of the first and last available page >> self.item_count = len(self.collection) Module webhelpers.paginate:204 in __len__ << def __len__(self): return self.obj.count() # Since the items on a page are mainly a list we subclass the "list" type >> return self.obj.count() Module sqlalchemy.orm.query:1094 in count << q = q.params(params) q = q._legacy_select_kwargs(**kwargs) return q._count() def _count(self): >> return q._count() Module sqlalchemy.orm.query:1103 in _count << """ return self._col_aggregate(sql.literal_column('1'), sql.func.count, nested_cols=list(self.mapper.primary_key)) def _col_aggregate(self, col, func, nested_cols=None): >> return self._col_aggregate(sql.literal_column('1'), sql.func.count, nested_cols=list(self.mapper.primary_key)) Module sqlalchemy.orm.query:1125 in _col_aggregate << if self._autoflush and not self._populate_existing: self.session._autoflush() return self.session.scalar(s, params=self._params, mapper=self.mapper) def compile(self): >> return self.session.scalar(s, params=self._params, mapper=self.mapper) Module sqlalchemy.orm.session:635 in scalar << engine = self.get_bind(mapper, clause=clause, instance=instance) return self.__connection(engine, close_with_result=True).scalar(clause, params or {}) def close(self): >> return self.__connection(engine, close_with_result=True).scalar(clause, params or {}) Module sqlalchemy.engine.base:834 in scalar << """ return self.execute(object, *multiparams, **params).scalar() def statement_compiler(self, statement, **kwargs): >> return self.execute(object, *multiparams, **params).scalar() Module sqlalchemy.engine.base:844 in execute << for c in type(object).__mro__: if c in Connection.executors: return Connection.executors[c](self, object, multiparams, params) else: raise exceptions.InvalidRequestError("Unexecutable object type: " + str(type(object))) >> return Connection.executors[c](self, object, multiparams, params) Module sqlalchemy.engine.base:895 in execute_clauseelement << else: keys = None return self._execute_compiled(elem.compile(dialect=self.dialect, column_keys=keys, inline=len(params) > 1), distilled_params=params) def _execute_compiled(self, compiled, multiparams=None, params=None, distilled_params=None): >> return self._execute_compiled(elem.compile(dialect=self.dialect, column_keys=keys, inline=len(params) > 1), distilled_params=params) Module sqlalchemy.engine.base:907 in _execute_compiled << context.pre_execution() self.__execute_raw(context) context.post_execution() self._autocommit(context) >> self.__execute_raw(context) Module sqlalchemy.engine.base:916 in __execute_raw << self._cursor_executemany(context.cursor, context.statement, context.parameters, context=context) else: self._cursor_execute(context.cursor, context.statement, context.parameters[0], context=context) def _execute_ddl(self, ddl, params, multiparams): >> self._cursor_execute(context.cursor, context.statement, context.parameters[0], context=context) Module sqlalchemy.engine.base:958 in _cursor_execute << self.engine.logger.info(repr(parameters)) try: self.dialect.do_execute(cursor, statement, parameters, context=context) except Exception, e: self._handle_dbapi_exception(e, statement, parameters, cursor) >> self.dialect.do_execute(cursor, statement, parameters, context=context) Module sqlalchemy.engine.default:133 in do_execute << def do_execute(self, cursor, statement, parameters, context=None): cursor.execute(statement, parameters) def is_disconnect(self, e): >> cursor.execute(statement, parameters) UnicodeEncodeError: 'ascii' codec can't encode character u'\xb4' in position 6: ordinal not in range(128)
Change History
comment:1 Changed 4 years ago by dread
- Summary changed from Search URL encoding issue to Search URL escaping
comment:2 Changed 4 years ago by dread
- Description modified (diff)
This exception occurs for ckan.net with just this one character: http://ckan.net/package/search?q=%C2 (you can wget it)
But I can't recreate it on my machine. Maybe it's a version issue.
The client that is making all these crazy calls is googlebot.
Note: See
TracTickets for help on using
tickets.