Opened 3 years ago

Closed 3 years ago

#19088 closed Bug (fixed)

Blocktrans tag goes to infinite recursion if python dict string format is used

Reported by: vlinhart Owned by: lrekucki
Component: Translations Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Wrongly formatted blocktrans content example:

{% blocktrans %}Enter SMS No. %(var_0)s{% endblocktrans %}

This will cause blocktrans tag to go to infinite recursion of death possibly leading to out of memory for the whole server.

Change History (7)

comment:1 Changed 3 years ago by lrekucki

  • Needs documentation unset
  • Needs tests unset
  • Owner changed from nobody to lrekucki
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

It definitely should not crash that.

Just as a side note, Python has a fixed recursion limit (see sys.getrecursionlimit), so no, it won't use up all of your server's memory.

Version 0, edited 3 years ago by lrekucki (next)

comment:2 Changed 3 years ago by lrekucki

Related to #16721 and #4982 (too old to reopen).

comment:4 Changed 3 years ago by Architekt

  • Patch needs improvement set

comment:5 Changed 3 years ago by lrekucki

  • Patch needs improvement unset

Updated pull request.

comment:6 Changed 3 years ago by Architekt

  • Triage Stage changed from Accepted to Ready for checkin

comment:7 Changed 3 years ago by Claude Paroz <claude@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 9fd2f9c5f3c008f524874fd7cf78237e65bf567e:

Fixed #19088 -- Always escape % inside blocktrans tag

Thanks vlinhart for the report and Łukasz Rekucki for the patch.

Note: See TracTickets for help on using tickets.
Back to Top