Doesn't protect again invalid input

[Ryan J Ollos]

The following is frequently seen in the logs:

Traceback (most recent call last):
  File "/path/to/pve/lib/python2.6/site-packages/Trac-1.0.5-py2.6.egg/trac/web/main.py", line 251, in dispatch
    self._post_process_request(req)
  File "/path/to/pve/lib/python2.6/site-packages/Trac-1.0.5-py2.6.egg/trac/web/main.py", line 349, in _post_process_request
    f.post_process_request(req, *(None,)*extra_arg_count)
  File "/path/to/pve/lib/python2.6/site-packages/TracVote-0.3dev_r14352-py2.6.egg/tracvote/__init__.py", line 435, in post_process_request
    resource_from_path(self.env, req.path_info):
  File "/path/to/pve/lib/python2.6/site-packages/TracVote-0.3dev_r14352-py2.6.egg/tracvote/__init__.py", line 141, in resource_from_path
    elif resource_exists(env, resource) in (None, True):
  File "/path/to/pve/lib/python2.6/site-packages/Trac-1.0.5-py2.6.egg/trac/resource.py", line 454, in resource_exists
    return manager.resource_exists(resource)
  File "/path/to/pve/lib/python2.6/site-packages/Trac-1.0.5-py2.6.egg/trac/ticket/api.py", line 601, in resource_exists
    (resource.id,)):
  File "/path/to/pve/lib/python2.6/site-packages/Trac-1.0.5-py2.6.egg/trac/db/api.py", line 123, in execute
    return db.execute(query, params)
  File "/path/to/pve/lib/python2.6/site-packages/Trac-1.0.5-py2.6.egg/trac/db/util.py", line 128, in execute
    cursor.execute(query, params if params is not None else [])
  File "/path/to/pve/lib/python2.6/site-packages/Trac-1.0.5-py2.6.egg/trac/db/util.py", line 72, in execute
    return self.cursor.execute(sql_escape_percent(sql), args)
DataError: invalid input syntax for integer: ""
LINE 1: SELECT id FROM ticket WHERE id=E''
                                       ^
DataError: invalid input syntax for integer: ""
LINE 1: SELECT id FROM ticket WHERE id=E''

[Ryan J Ollos]

I'm considering fixing this in the Trac API: ​trac:#12076.

[Ryan J Ollos]

Even if fixed in ​trac:milestone:1.0.7, it is probably worth implementing a fix for Trac < 1.0.7. I'm considering a simple fix, such as:

def _resource_exists(env, resource):
    try:
        return resource_exists(env, resource)
    except env.db_exc.DatabaseError:
        return False

No exception is raised for SQLite or MySQL.

[Ryan J Ollos]

I'll make the change described in comment:3 now that refactoring has been done in [14591].

[Ryan J Ollos]

In 14592:

0.3dev: Trap exceptions from resource_exists.

This avoids a traceback in the logs from invalid ticket IDs (e.g. /ticket/a). Fixes #12253.