Code

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#15034 closed (duplicate)

Django's pretty error handling fails if there's a callable local var that generates an exception in the stack trace.

Reported by: mrmachine Owned by: nobody
Component: Core (Other) Version: master
Severity: Keywords: debug template 500 error exception hijacked
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

To reproduce, just add the following to any known working view:

from django.forms import BaseForm
raise Exception

Instead of getting Django's pretty error handling, you will get a raw traceback in your browser that has nothing to do with the Exception you raised.

The reason why is that TECHNICAL_500_TEMPLATE contains {{ var.1|pprint|force_escape }} which triggers a call to Variable().resolve() which tries calling var.1 (since it is callable) before passing it into the pprint filter.

If var.1 raises an exception when called, as BaseForm does (by design in this case as it's not meant to be called directly), the pretty error handling is hijacked and you have no idea what caused it.

The fix is to call pprint() and force_escape() on each frame's local vars before passing them to the template as context.

Attachments (1)

15034-technical-500-response-r15153.diff (2.0 KB) - added by mrmachine 3 years ago.

Download all attachments as: .zip

Change History (5)

Changed 3 years ago by mrmachine

comment:1 Changed 3 years ago by mrmachine

  • Has patch set
  • Needs documentation set
  • Needs tests unset
  • Patch needs improvement unset

Just added a patch with tests. I don't think this needs any documentation.

comment:2 Changed 3 years ago by mrmachine

  • Needs documentation unset

comment:3 Changed 3 years ago by kmtracey

  • Resolution set to duplicate
  • Status changed from new to closed

I believe this is #15025.

comment:4 Changed 3 years ago by jacob

  • milestone 1.3 deleted

Milestone 1.3 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.