Modify

Opened 9 years ago

Closed 9 years ago

#12734 closed defect (fixed)

AttributeError: 'list' object has no attribute 'strip'

Reported by: Ryan J Ollos Owned by: Ryan J Ollos
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Steffen Hoffmann Trac Release: 1.0

Description

From the logs: 

2016-04-09 09:32:23,823 Trac[main] ERROR: Internal Server Error: <RequestWithSession "GET '/register?__FORM_TOKEN=3e85b91934f824c6fd15affc&action=create&username=RochelleKirkpatr&password=dRJIKJ12&password_confirm=dRJIKJ12&email=evelinxkosanovicqjiy%40yahoo.com&basic_token=I%27m%20no%20bot%2C%20let%20me%20in%2C%20please.&sentinel=&name=Rochelle%20Kirkpatrick&spf_homepage=http%3A%2F%2Fwww.dailymotion.com%2Fvideo%2Fx37cm2j&sfp_email=&sfph_mail=&__FORM_TOKEN=747877c2cff29be086a7279c&action=create&username=RochelleKirkpatr&password=dRJIKJ12&password_confirm=dRJIKJ12&email=evelinxkosanovicqjiy%40yahoo.com&basic_token=I%27m%20no%20bot%2C%20let%20me%20in%2C%20please.&sentinel=&name=RochelleKirkpatr&spf_homepage=http%3A%2F%2Fwww.dailymotion.com%2Fvideo%2Fx37cm2j&sfp_email=&sfph_mail='">, referrer 'http://trac-hacks.org/register?__FORM_TOKEN=3e85b91934f824c6fd15affc&action=create&username=RochelleKirkpatr&password=dRJIKJ12&password_confirm=dRJIKJ12&email=evelinxkosanovicqjiy%40yahoo.com&basic_token=I%27m%20no%20bot%2C%20let%20me%20in%2C%20please.&sentinel=&name=Rochelle%20Kirkpatrick&spf_homepage=http%3A%2F%2Fwww.dailymotion.com%2Fvideo%2Fx37cm2j&sfp_email=&sfph_mail=&__FORM_TOKEN=747877c2cff29be086a7279c&action=create&username=RochelleKirkpatr&password=dRJIKJ12&password_confirm=dRJIKJ12&email=evelinxkosanovicqjiy%40yahoo.com&basic_token=I%27m%20no%20bot%2C%20let%20me%20in%2C%20please.&sentinel=&name=RochelleKirkpatr&spf_homepage=http%3A%2F%2Fwww.dailymotion.com%2Fvideo%2Fx37cm2j&sfp_email=&sfph_mail='
Traceback (most recent call last):
  File "/srv/trac-hacks.org/pve/lib/python2.7/site-packages/trac/web/main.py", line 554, in _dispatch_request
    dispatcher.dispatch(req)
  File "/srv/trac-hacks.org/pve/lib/python2.7/site-packages/trac/web/main.py", line 247, in dispatch
    resp = chosen_handler.process_request(req)
  File "/srv/trac-hacks.org/pve/lib/python2.7/site-packages/acct_mgr/register.py", line 430, in process_request
    name = req.args.get('name', '').strip()
AttributeError: 'list' object has no attribute 'strip'

Attachments (0)

Change History (2)

comment:1 Changed 9 years ago by Ryan J Ollos

I considered using getfirst, as in trac:#12349, however since this is the registration page perhaps we are better off just raising an HTTPBadRequest. That may stop more spam registration attempts before they can be submitted.

  • acct_mgr/register.py

     
    2020from trac.core import Component, TracError, implements
    2121from trac.config import BoolOption, Option
    2222from trac.web import auth, chrome
     23from trac.web.api import HTTPBadRequest
    2324from trac.web.main import IRequestHandler, IRequestFilter
    2425
    2526from acct_mgr.api import AccountManager, CommonTemplateProvider
     
    425426        if req.authname != 'anonymous':
    426427            req.redirect(req.href.prefs('account'))
    427428        action = req.args.get('action')
    428         name = req.args.get('name', '').strip()
    429         username = acctmgr.handle_username_casing(req.args.get('username',
    430                                                                '').strip())
     429        name = req.args.get('name', '')
     430        if isinstance(name, list):
     431            raise HTTPBadRequest(_("Invalid request arguments."))
     432        name = name.strip()
     433        username = req.args.get('username', '')
     434        if isinstance(username, list):
     435            raise HTTPBadRequest(_("Invalid request arguments."))
     436        username = acctmgr.handle_username_casing(username.strip())
    431437        data = {
    432438            '_dgettext': dgettext,
    433439            'acctmgr': {'name': name, 'username': username},

comment:2 Changed 9 years ago by Ryan J Ollos

Resolution: fixed
Status: newclosed

In 15481:

0.5dev: Raise HTTPBadRequest for list arguments in request

Fixes #12734.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Ryan J Ollos.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment

E-mail address and name can be saved in the Preferences.

AttachmentsDescription
 
Note: See TracTickets for help on using tickets.