Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#15034 closed (duplicate)

Django's pretty error handling fails if there's a callable local var that generates an exception in the stack trace.

Reported by: Tai Lee Owned by: nobody
Component: Core (Other) Version: master
Severity: Keywords: debug template 500 error exception hijacked
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

To reproduce, just add the following to any known working view:

from django.forms import BaseForm
raise Exception

Instead of getting Django's pretty error handling, you will get a raw traceback in your browser that has nothing to do with the Exception you raised.

The reason why is that TECHNICAL_500_TEMPLATE contains {{ var.1|pprint|force_escape }} which triggers a call to Variable().resolve() which tries calling var.1 (since it is callable) before passing it into the pprint filter.

If var.1 raises an exception when called, as BaseForm does (by design in this case as it's not meant to be called directly), the pretty error handling is hijacked and you have no idea what caused it.

The fix is to call pprint() and force_escape() on each frame's local vars before passing them to the template as context.

Attachments (1)

15034-technical-500-response-r15153.diff (2.0 KB) - added by Tai Lee 6 years ago.

Download all attachments as: .zip

Change History (5)

Changed 6 years ago by Tai Lee

comment:1 Changed 6 years ago by Tai Lee

Has patch: set
Needs documentation: set
Needs tests: unset
Patch needs improvement: unset

Just added a patch with tests. I don't think this needs any documentation.

comment:2 Changed 6 years ago by Tai Lee

Needs documentation: unset

comment:3 Changed 6 years ago by Karen Tracey

Resolution: duplicate
Status: newclosed

I believe this is #15025.

comment:4 Changed 5 years ago by Jacob

milestone: 1.3

Milestone 1.3 deleted

Note: See TracTickets for help on using tickets.
Back to Top