Modify

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#13564 closed defect (fixed)

Edited file contents not properly encoded in Trac 1.2.x

Reported by: baweaver@… Owned by: Ryan J Ollos
Priority: normal Component: FineGrainedPageAuthzEditorPlugin
Severity: normal Keywords:
Cc: Trac Release:

Description

When an edited authz policy file is POSTed to the plugin, it gets processed via: 

            if req.args.get('authz_file_contents'):
                # The data needs to be validated, otherwise duplicate
                # entries can break things.
                edited_contents = req.args.get('authz_file_contents')
                edited_contents_stringio = StringIO(edited_contents)
                try:
                    test_authz_policy_dict = \
                        ConfigObj(edited_contents_stringio)
                except:
                    raise TracError(_("Error in edited file. Re-edit and "
                                      "check for duplicate entries."))
                with open(authz_policy_file_name, 'w') as f:
                    test_authz_policy_dict.write(f)

The problem is the bare except clause does not distinguish between configobj.DuplicateError and other types of errors.

In Trac 1.2.x req.args.get('authz_file_contents') apparently returns unicode() not str(). Even though edited_contents_stringio = StringIO(edited_contents) still works, ConfigObj(edited_contents_stringio) raises UnicodeDecodeError. Again, because of the bare except clause, this is interpreted as a duplication, rather than a problem with the data type.

This can be fixed by adding: 

                if isinstance(edited_contents, unicode):
                    edited_contents = edited_contents.encode('utf-8')

before line 70 of pape_admin.py. Although if the req object supplies some other encoding for the data, that should be used.

Attachments (0)

Change History (7)

comment:1 Changed 5 years ago by anonymous

Also, the except clause should be except DuplicateError:, assuming you have done from configobj import ConfigObj, DuplicateError.

comment:2 Changed 5 years ago by Ryan J Ollos

Status: newaccepted

comment:3 in reply to:  1 Changed 5 years ago by Ryan J Ollos

Replying to anonymous:

Also, the except clause should be except DuplicateError:, assuming you have done from configobj import ConfigObj, DuplicateError.

I see ConfigObjError with duplicate sections.

comment:4 Changed 5 years ago by Ryan J Ollos

In 17377:

0.12.1dev: Trap ConfigObjError exception

Refs #13564.

comment:5 Changed 5 years ago by Ryan J Ollos

In 17378:

0.12.1dev: Encode unicode content

Refs #13564.

comment:6 Changed 5 years ago by Ryan J Ollos

Resolution: fixed
Status: acceptedclosed

comment:7 Changed 5 years ago by Ryan J Ollos

In 17398:

0.12.1dev: Fix decoding error

Refs #13564.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Ryan J Ollos.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment

E-mail address and name can be saved in the Preferences.

AttachmentsDescription
 
Note: See TracTickets for help on using tickets.