Edgewall Software

Ticket #5636 (new defect)

Opened 19 months ago

Last modified 15 months ago

unicode encoding error in cookie

Reported by: Dave Abrahams <dave@…> Owned by: cboos
Priority: normal Milestone: 0.11-retriage
Component: general Version: devel
Severity: normal Keywords: unicode cookie
Cc:

Description

I ran into a situation where the cookie was unicode but the rest of the code expected a str; the following made it go away:

  • trac/web/api.py

     
    505505                                                                                                                                                                                                     
    506506        cookies = self.outcookie.output(header='')                                                                                                                                                   
    507507        for cookie in cookies.splitlines():                                                                                                                                                          
    508             self._outheaders.append(('Set-Cookie', cookie.strip()))                                                                                                                                  
     508            self._outheaders.append(('Set-Cookie', str(cookie.strip())))                                                                                                                             
    509509                                                                                                                                                                                                     
    510510                                                                                                                                                                                                     
    511511class IAuthenticator(Interface):                                                                                                                                                                     

Attachments

assertion.html (6.6 KB) - added by Dave Abrahams <dave@…> 15 months ago.
Assertion error screen produced by fastcgi when this patch is needed
assertion.2.html (20.3 KB) - added by Dave Abrahams <dave@…> 15 months ago.
Correction: Assertion error screen produced by fastcgi when this patch is needed
login.html (20.4 KB) - added by Dave Abrahams <dave@…> 15 months ago.
more assertion errors
logout.html (20.1 KB) - added by Dave Abrahams <dave@…> 15 months ago.
still more assertion errors

Change History

  Changed 19 months ago by Dave Abrahams <dave@…>

The specific error was:

AssertionError?: Header values must be strings

follow-up: ↓ 3   Changed 19 months ago by cboos

  • keywords unicode cookie added
  • owner changed from jonas to cboos

It would probably be worth investigating how a unicode value could get in. Also, str() conversion is not robust in case that unicode value contains anything else than 'ascii' characters, on most systems.

in reply to: ↑ 2 ; follow-up: ↓ 4   Changed 19 months ago by Dave Abrahams <dave@…>

Replying to cboos:

It would probably be worth investigating how a unicode value could get in.

Definitely. But I don't know where to start. Frankly I'm not even 100% positive that it was unicode and not, say, an int. If you have specific tests you'd like me to run, I can try to do that.

Also, str() conversion is not robust in case that unicode value contains anything else than 'ascii' characters, on most systems.

I know. Maybe I should be using something from urlencode?

in reply to: ↑ 3   Changed 19 months ago by cboos

Replying to Dave Abrahams <dave@boost-consulting.com>:

Replying to cboos:

It would probably be worth investigating how a unicode value could get in.

Definitely. But I don't know where to start. Frankly I'm not even 100% positive that it was unicode and not, say, an int. If you have specific tests you'd like me to run, I can try to do that.

Me neither ;-) Add some more debugging info?

Also, str() conversion is not robust in case that unicode value contains anything else than 'ascii' characters, on most systems.

I know. Maybe I should be using something from urlencode?

The brute force way would be to_unicode(...).encode('utf-8').

  Changed 17 months ago by ThurnerRupert

  • milestone changed from 0.11 to 0.11.1

nobody else noticed it ... maybe its save to leave it until 0.11.1 ... also seems to be no degression.

Changed 15 months ago by Dave Abrahams <dave@…>

Assertion error screen produced by fastcgi when this patch is needed

Changed 15 months ago by Dave Abrahams <dave@…>

Correction: Assertion error screen produced by fastcgi when this patch is needed

follow-up: ↓ 7   Changed 15 months ago by cboos

Can you try this patch?

  • trac/web/api.py

     
    122122            self._strict_set(key, real_value, coded_value) 
    123123        except CookieError: 
    124124            self.bad_cookies.append(key) 
    125             dict.__setitem__(self, key, None) 
     125            dict.__setitem__(self, key, '') 
    126126 
    127127 
    128128class Request(object): 

in reply to: ↑ 6 ; follow-up: ↓ 8   Changed 15 months ago by Dave Abrahams <dave@…>

Replying to cboos:

Can you try this patch?

Seems to work!

in reply to: ↑ 7   Changed 15 months ago by Dave Abrahams <dave@…>

Replying to Dave Abrahams <dave@boost-consulting.com>:

Replying to cboos:

Can you try this patch?

Seems to work!

I take it back; still broken. See login.html and logout.html

Changed 15 months ago by Dave Abrahams <dave@…>

more assertion errors

Changed 15 months ago by Dave Abrahams <dave@…>

still more assertion errors

follow-up: ↓ 10   Changed 15 months ago by cboos

Well, perhaps could you add some tracing in that Cookie class in order to see what's really going on?

in reply to: ↑ 9   Changed 15 months ago by Dave Abrahams <dave@…>

Replying to cboos:

Well, perhaps could you add some tracing in that Cookie class in order to see what's really going on?

I'm happy to try specific patches you suggest and let you know the output, but I can't afford to try to figure out what to trace by myself.

Add/Change #5636 (unicode encoding error in cookie)

Author



Change Properties
<Author field>
Action
as new
as The resolution will be set. Next status will be 'closed'
to The owner will change from cboos. Next status will be 'new'
The owner will change from cboos to anonymous. Next status will be 'assigned'
 
Note: See TracTickets for help on using tickets.