Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #2541 (closed defect: migrated)

Opened 8 years ago

Last modified 8 years ago

NestedVariablesFilter interacts badly with identity.force_external_redirect=True

Reported by: dcallagh Owned by:
Priority: normal Milestone: __unclassified__
Component: TurboGears Version: 1.0.8
Severity: normal Keywords:
Cc:

Description

The constructor for turbogears.identity.IdentityFailure does not take into account the possibility that cherrypy.request.params might contain dicts or lists due to the NestedVariablesFilter. In a case like:

/jobs/mine?jobsearch-0.table=Status&jobsearch-0.operation=is+not&
jobsearch-0.value=Completed&jobsearch-1.table=Status&
jobsearch-1.operation=is+not&jobsearch-1.value=Cancelled&
jobsearch-2.table=Status&jobsearch-2.operation=is+not&
jobsearch-2.value=Aborted&Search=Search

the NestedVariablesFilter gives us params like:

{'jobsearch': [{'table': u'Status', 'operation': u'is not', 'value':
u'Completed'}, {'table': u'Status', 'operation': u'is not', 'value':
u'Cancelled'}, {'table': u'Status', 'operation': u'is not', 'value':
u'Aborted'}]}

which then ends up mangled when we redirect to /login:

/login?jobsearch={%27table%27%3A+u%27Status%27%2C+%27operation%27%3A+u%27is+not%27%2C+%27value%27%3A+u%27Completed%27}&
jobsearch={%27table%27%3A+u%27Status%27%2C+%27operation%27%3A+u%27is+not%27%2C+%27value%27%3A+u%27Cancelled%27}&
jobsearch={%27table%27%3A+u%27Status%27%2C+%27operation%27%3A+u%27is+not%27%2C+%27value%27%3A+u%27Aborted%27}&
Search=Search&forward_url=%2Fjobs%2Fmine

Original bug  description,  proposed patch

Change History

comment:1 Changed 8 years ago by chrisz

  • Status changed from new to closed
  • Resolution set to migrated
Note: See TracTickets for help on using tickets.