[Django] #30064: Inputting search-query with null character to browser URL field and crash

classic Classic list List threaded Threaded
29 messages Options
12
Reply | Threaded
Open this post in threaded view
|

[Django] #30064: Inputting search-query with null character to browser URL field and crash

Django
#30064: Inputting search-query with null character to browser URL field and crash
-----------------------------------------+------------------------
               Reporter:  kenichi-cc     |          Owner:  nobody
                   Type:  Bug            |         Status:  new
              Component:  contrib.admin  |        Version:  2.1
               Severity:  Normal         |       Keywords:
           Triage Stage:  Unreviewed     |      Has patch:  0
    Needs documentation:  0              |    Needs tests:  0
Patch needs improvement:  0              |  Easy pickings:  0
                  UI/UX:  0              |
-----------------------------------------+------------------------
 1. Input following URL to browser URL field and access.

 http://localhost/admin/auth/user/?q=%00

 2. Crash with following Error.

 {{{
 Environment:


 Request Method: GET
 Request URL: http://localhost/admin/auth/user/?q=%00

 Django Version: 2.1.4
 Python Version: 3.6.7
 Installed Applications:
 ['django.contrib.auth',
  'django.contrib.contenttypes',
  'django.contrib.sessions',
  'django.contrib.messages',
  'django.contrib.staticfiles',
  'django_extensions',
  'rest_framework',
  'select2',
  'corsheaders',
  .......]
 Installed Middleware:
 ['django.middleware.security.SecurityMiddleware',
  'django.contrib.sessions.middleware.SessionMiddleware',
  'corsheaders.middleware.CorsMiddleware',
  'django.middleware.common.CommonMiddleware',
  'django.middleware.csrf.CsrfViewMiddleware',
  'django.contrib.auth.middleware.AuthenticationMiddleware',
  'django.contrib.messages.middleware.MessageMiddleware',
  'django.middleware.clickjacking.XFrameOptionsMiddleware']



 Traceback:

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/core/handlers/exception.py" in inner
   34.             response = get_response(request)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/core/handlers/base.py" in _get_response
   126.                 response = self.process_exception_by_middleware(e,
 request)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/core/handlers/base.py" in _get_response
   124.                 response = wrapped_callback(request,
 *callback_args, **callback_kwargs)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/contrib/admin/options.py" in wrapper
   604.                 return self.admin_site.admin_view(view)(*args,
 **kwargs)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/utils/decorators.py" in _wrapped_view
   142.                     response = view_func(request, *args, **kwargs)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/views/decorators/cache.py" in _wrapped_view_func
   44.         response = view_func(request, *args, **kwargs)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/contrib/admin/sites.py" in inner
   223.             return view(request, *args, **kwargs)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/utils/decorators.py" in _wrapper
   45.         return bound_method(*args, **kwargs)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/utils/decorators.py" in _wrapped_view
   142.                     response = view_func(request, *args, **kwargs)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/contrib/admin/options.py" in changelist_view
   1675.             cl = self.get_changelist_instance(request)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/contrib/admin/options.py" in get_changelist_instance
   742.             sortable_by,

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/contrib/admin/views/main.py" in __init__
   81.         self.get_results(request)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/contrib/admin/views/main.py" in get_results
   209.         result_count = paginator.count

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/utils/functional.py" in __get__
   37.         res = instance.__dict__[self.name] = self.func(instance)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/core/paginator.py" in count
   87.             return self.object_list.count()

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/db/models/query.py" in count
   383.         return self.query.get_count(using=self.db)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/db/models/sql/query.py" in get_count
   498.         number = obj.get_aggregation(using, ['__count'])['__count']

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/db/models/sql/query.py" in get_aggregation
   483.         result = compiler.execute_sql(SINGLE)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/db/models/sql/compiler.py" in execute_sql
   1065.             cursor.execute(sql, params)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/db/backends/utils.py" in execute
   100.             return super().execute(sql, params)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/db/backends/utils.py" in execute
   68.         return self._execute_with_wrappers(sql, params, many=False,
 executor=self._execute)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/db/backends/utils.py" in _execute_with_wrappers
   77.         return executor(sql, params, many, context)

 File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
 packages/django/db/backends/utils.py" in _execute
   85.                 return self.cursor.execute(sql, params)

 Exception Type: ValueError at /admin/auth/user/
 Exception Value: A string literal cannot contain NUL (0x00) characters.

 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/30064>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/053.96030f314b04c4ad98010d9e504c8fdc%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL (was: Inputting search-query with null character to browser URL field and crash)

Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  0              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------
Changes (by Tim Graham):

 * stage:  Unreviewed => Accepted


Comment:

 This is related to #28201. The exception was
 [https://github.com/psycopg/psycopg2/issues/420 introduced in psycopg2
 2.7+].

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.f8c42fd4b16a5aeabbe02bbf5a57dd5f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------
Changes (by Can Sarıgöl):

 * has_patch:  0 => 1


--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.a62d32378ab96113d0093a2324800c9e%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------

Comment (by Simon Charette):

 I think this should be fixed at the admin layer just like #28201 was fixed
 at the form later; scanning each query string parameters for `'\x00'` as
 suggested in [https://github.com/django/django/pull/10884 this PR] will
 affect performance and is overkill IMO.

 In my opinion the issue is that the admin is relying on unsanitized
 `request.GET` passing to the ORM, that looks like the same class of issues
 as `Model.objects.get(int_field='foo')`. The admin should use a form to
 sanitize the input to rely on #28201 cleansing mechanism.

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.3d8c14e2be7fa44983df3eeb8095f7ce%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------
Changes (by Tim Graham):

 * needs_better_patch:  0 => 1


Comment:

 Agreed.

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.84364aa76c59b6b26f950e4f21decd57%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------

Comment (by Can Sarıgöl):

 I thought that the parameter of a single execution doesn't affect too
 much. when the validator is called, the same case about performance would
 happen here as well.
 Wouldn't it be better if a solution that also solves the raw query
 parameters? Users wouldn't have to check it out.

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.eaca2eaf3f73a71be7c3099e79c4429e%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------

Comment (by Simon Charette):

 > I thought that the parameter of a single execution doesn't affect too
 much. when the validator is called, the same case about performance would
 happen here as well.

 I think it's safe to assume every non-static or cached request handled by
 Django results in at least one database queries and that it isn't uncommon
 for queries to have at least one string parameter. Given these assumptions
 it's unlikely that performing a one time per admin changelist search
 request validation is ever going to have the same performance implications
 as performing a search and replace for every `'\x00'` string parameters
 provided to the ORM.

 > Wouldn't it be better if a solution that also solves the raw query
 parameters? Users wouldn't have to check it out.

 I don't think so. User input should be sanitized before feeding it to the
 ORM.

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.124da056e7d61f5792851b422b0a3ae1%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------

Comment (by Can Sarıgöl):

 ok Thanks for the detailed description, I will fix it as per your
 suggestion.

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.6811b18c8c4a75f69a7f3680de2fa1bb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------

Comment (by Can Sarıgöl):

 {{{
 diff --git a/django/contrib/admin/views/main.py
 b/django/contrib/admin/views/main.py
 index 298e18c57e..4724ccfa96 100644
 --- a/django/contrib/admin/views/main.py
 +++ b/django/contrib/admin/views/main.py
 @@ -1,6 +1,6 @@
  from collections import OrderedDict
  from datetime import datetime, timedelta
 -
 +from django import forms
  from django.conf import settings
  from django.contrib.admin import FieldListFilter
  from django.contrib.admin.exceptions import (
 @@ -35,6 +35,33 @@ IGNORED_PARAMS = (
      ALL_VAR, ORDER_VAR, ORDER_TYPE_VAR, SEARCH_VAR, IS_POPUP_VAR,
 TO_FIELD_VAR)


 +class ChangeListForm(forms.Form):
 +
 +    def __init__(self, *args, **kwargs):
 +        super(ChangeListForm, self).__init__(*args, **kwargs)
 +        for var in {SEARCH_VAR, PAGE_VAR, TO_FIELD_VAR}:
 +            field = forms.CharField()
 +            field.required = False
 +            self.fields[var] = field
 +
 +    def clean(self):
 +        query = self.data.get(SEARCH_VAR)
 +        if '\x00' in query:
 +            raise forms.ValidationError('Null characters are not
 allowed.')
 +
 +        page_num = self.cleaned_data.get(PAGE_VAR)
 +        if not page_num:
 +            page_num = 0
 +            self.cleaned_data[PAGE_VAR]  = page_num
 +
 +        to_field = self.cleaned_data.get(TO_FIELD_VAR)
 +        if to_field and not model_admin.to_field_allowed(request,
 to_field):
 +            raise DisallowedModelAdminToField("The field %s cannot be
 referenced." % to_field)
 +
 +        return self.cleaned_data
 +
 +
 +
  class ChangeList:
      def __init__(self, request, model, list_display, list_display_links,
                   list_filter, date_hierarchy, search_fields,
 list_select_related,
 @@ -46,7 +73,6 @@ class ChangeList:
          self.list_display = list_display
          self.list_display_links = list_display_links
          self.list_filter = list_filter
 -        self.has_filters = None
          self.date_hierarchy = date_hierarchy
          self.search_fields = search_fields
          self.list_select_related = list_select_related
 @@ -57,16 +83,18 @@ class ChangeList:
          self.sortable_by = sortable_by

          # Get search parameters from the query string.
 -        try:
 -            self.page_num = int(request.GET.get(PAGE_VAR, 0))
 -        except ValueError:
 -            self.page_num = 0
 +        change_list_form = ChangeListForm(request.GET)
 +        if not change_list_form.is_valid():
 +            raise forms.ValidationError(change_list_form.errors)
 +
 +        change_list_form_cleaned = change_list_form.clean()
 +        self.page_num = change_list_form_cleaned.get(PAGE_VAR)
 +        self.query = change_list_form_cleaned.get(SEARCH_VAR)
 +        self.to_field = change_list_form_cleaned.get(TO_FIELD_VAR)
 +
          self.show_all = ALL_VAR in request.GET
          self.is_popup = IS_POPUP_VAR in request.GET
 -        to_field = request.GET.get(TO_FIELD_VAR)
 -        if to_field and not model_admin.to_field_allowed(request,
 to_field):
 -            raise DisallowedModelAdminToField("The field %s cannot be
 referenced." % to_field)
 -        self.to_field = to_field
 +
          self.params = dict(request.GET.items())
          if PAGE_VAR in self.params:
              del self.params[PAGE_VAR]
 @@ -77,7 +105,6 @@ class ChangeList:
              self.list_editable = ()
          else:
              self.list_editable = list_editable
 -        self.query = request.GET.get(SEARCH_VAR, '')
          self.queryset = self.get_queryset(request)
          self.get_results(request)
          if self.is_popup:
 @@ -95,6 +122,7 @@ class ChangeList:
 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.953343ecb49ca999256e21a58e5af281%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------

Comment (by Can Sarıgöl):

 I thought like this, is it correct route?

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:9>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.820fdc4b1a27a0fc8c8a845d4a403020%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------

Comment (by Simon Charette):

 Hello Carl, it does look more appropriate. The page field should probably
 be a `forms.IntegerField` and you shouldn't have to perform any form of
 manual check for `'\x00'` as `forms.CharField` already has a
 `ProhibitNullCharactersValidator`. We'll have to find a way to surface the
 exception appropriately because raising it at `ChangeList` initialization
 will just result in a different crash.

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:10>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.f4e2dc39e689bc2a9fdd1506ca02e0d1%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------

Comment (by Can Sarıgöl):

 Thanks again   ı will apply these within few hours

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:11>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.4c3cce60825efe49a7dfacaabb70456f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  nobody
         Type:  Bug            |                   Status:  new
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+------------------------------------
Changes (by Can Sarıgöl):

 * needs_better_patch:  1 => 0


Comment:

 [https://github.com/django/django/pull/10895 new PR]

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:12>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.9cba80571faf08ee48a4313649a66023%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+---------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  Can Sarıgöl
         Type:  Bug            |                   Status:  assigned
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+---------------------------------------
Changes (by Can Sarıgöl):

 * owner:  nobody => Can Sarıgöl
 * status:  new => assigned


--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:13>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.9c7aa223d68623c9f6577d6cd14a6120%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+---------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  Can Sarıgöl
         Type:  Bug            |                   Status:  assigned
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+---------------------------------------
Changes (by Tim Graham):

 * needs_better_patch:  0 => 1


--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:14>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.1e27fdf5f806785b5366157ddb82376b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+---------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  Can Sarıgöl
         Type:  Bug            |                   Status:  assigned
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+---------------------------------------
Changes (by Can Sarıgöl):

 * needs_better_patch:  1 => 0


--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:15>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.c1b62e0b0951edf821d4c815f8a8b294%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+---------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  Can Sarıgöl
         Type:  Bug            |                   Status:  assigned
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+---------------------------------------
Changes (by Carlton Gibson):

 * needs_better_patch:  0 => 1


--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:16>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.b42b844a913352e626b281a33b1733b5%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+---------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  Can Sarıgöl
         Type:  Bug            |                   Status:  assigned
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  0              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+---------------------------------------
Changes (by Can Sarıgöl):

 * has_patch:  1 => 0


--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:17>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.75d7b2d879605f431f74fe437dbbc404%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+---------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  Can Sarıgöl
         Type:  Bug            |                   Status:  assigned
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+---------------------------------------
Changes (by Can Sarıgöl):

 * needs_better_patch:  1 => 0
 * has_patch:  0 => 1


--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:18>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.070d1281a6485896617d606034e0d3ce%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30064: Admin search with a null character crashes with "A string literal cannot contain NUL (0x00) characters." on PostgreSQL

Django
In reply to this post by Django
#30064: Admin search with a null character crashes with "A string literal cannot
contain NUL (0x00) characters." on PostgreSQL
-------------------------------+---------------------------------------
     Reporter:  kenichi-cc     |                    Owner:  Can Sarıgöl
         Type:  Bug            |                   Status:  assigned
    Component:  contrib.admin  |                  Version:  2.1
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  1
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+---------------------------------------
Changes (by Carlton Gibson):

 * needs_better_patch:  0 => 1


Comment:

 As per comment on PR, testcases are not correct: we can't fix the test by
 adjusting the expected exception to be the exception raised by the missing
 `MessageMiddleware`. (That's an error.)

--
Ticket URL: <https://code.djangoproject.com/ticket/30064#comment:19>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/068.523f615f16dfbbea3a2b1aa2aaeadc94%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
12