Django

Code

Ticket #7471 (closed: fixed)

Opened 6 months ago

Last modified 5 months ago

Django serves exception tracebacks from 404 handlers

Reported by: trevor Assigned to: leahculver
Milestone: 1.0 Component: Core framework
Version: SVN Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: 0 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

Django will serve an exception traceback if your 404 handler raises an exception. The relevant part of django.core.handlers.base follows: 

except http.Http404, e:
    if settings.DEBUG:
        from django.views import debug
        return debug.technical_404_response(request, e)
    else:
        callback, param_dict = resolver.resolve404()
        return callback(request, **param_dict)

If resolve404() raises any exception (such as an invalid block tag in the 404 template, or if the user has overriden handler404), Django does not suppress the exception and serve a 500 page; instead it simply serves the traceback. Note that this happens even if DEBUG is set to False.

This might catch someone by surprise if they launch their site without checking if 404 pages work with DEBUG turned off (i.e., they would see a traceback from this issue, but be expecting it).

Attachments

patch-7471-no-tests.diff (1.6 kB) - added by leahculver on 07/18/08 18:33:23.
return handle_uncaught_exception for errors with the 404 handler

Change History

06/17/08 12:27:10 changed by programmerq

  • stage changed from Unreviewed to Accepted.

(follow-up: ↓ 3 ) 06/18/08 10:02:12 changed by garcia_marc

  • milestone set to 1.0.

That's correct. And couldn't be difficult to fix. The problem that I found is what to do if the error exists in the 500 template.

(in reply to: ↑ 2 ) 07/11/08 16:36:47 changed by MihaiD

I think we need to define a hardcoded 500 template somewhere and use it as a last resort.

07/18/08 16:55:19 changed by leahculver

  • owner changed from nobody to leahculver.
  • status changed from new to assigned.

07/18/08 17:04:52 changed by Karen Tracey <kmtracey@gmail.com>

Possibly related: #6094. It has a pretty comprehensive patch to attempt to prevent exception tracebacks leaking out, but I don't know if it covered this case.

07/18/08 18:33:23 changed by leahculver

  • attachment patch-7471-no-tests.diff added.

return handle_uncaught_exception for errors with the 404 handler

07/18/08 18:37:25 changed by leahculver

  • stage changed from Accepted to Ready for checkin.

Modified get_response to handle 404 handler errors (handler404 view) with a generic 500 error. This displays the 500 page instead of a stack trace.

This is very difficult to write a stable test case for since it involves adding a custom handler404 that throws an exception in the root urls.py. This is easy to do by pointing handler404 to a view that does not exist. However, this is not a good thing to add to the test suite since it would mess up other test cases. I've tested this manually and Malcolm (mtreddinick) is okay with it not having a test case.

07/18/08 18:38:12 changed by leahculver

Karen - I think this falls in the general category of "exceptions that should be prettier" but isn't fixed by #6094.

07/19/08 13:49:49 changed by mtredinnick

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [7988]) Fixed #7471 -- If the 400 response handler raises an exception, pass control to the 500 handler (if that then raises an exception, it's just not your day).

Patch from Leah Culver.

Add/Change #7471 (Django serves exception tracebacks from 404 handlers)




Change Properties
Action