Opened 4 years ago

Closed 4 years ago

#19088 closed Bug (fixed)

Blocktrans tag goes to infinite recursion if python dict string format is used

Reported by: vlinhart Owned by: Łukasz Rekucki
Component: Translations Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Wrongly formatted blocktrans content example:

{% blocktrans %}Enter SMS No. %(var_0)s{% endblocktrans %}

This will cause blocktrans tag to go to infinite recursion of death possibly leading to out of memory for the whole server.

Change History (7)

comment:1 Changed 4 years ago by Łukasz Rekucki

Needs documentation: unset
Needs tests: unset
Owner: changed from nobody to Łukasz Rekucki
Patch needs improvement: unset
Triage Stage: UnreviewedAccepted

It definitely should not crash that.

Just as a side note, Python has a fixed recursion limit (see sys.getrecursionlimit), so no, it won't use up all of your server's memory.

Version 0, edited 4 years ago by Łukasz Rekucki (next)

comment:2 Changed 4 years ago by Łukasz Rekucki

Related to #16721 and #4982 (too old to reopen).

comment:3 Changed 4 years ago by Łukasz Rekucki

Has patch: set

comment:4 Changed 4 years ago by Jan Bednařík

Patch needs improvement: set

comment:5 Changed 4 years ago by Łukasz Rekucki

Patch needs improvement: unset

Updated pull request.

comment:6 Changed 4 years ago by Jan Bednařík

Triage Stage: AcceptedReady for checkin

comment:7 Changed 4 years ago by Claude Paroz <claude@…>

Resolution: fixed
Status: newclosed

In 9fd2f9c5f3c008f524874fd7cf78237e65bf567e:

Fixed #19088 -- Always escape % inside blocktrans tag

Thanks vlinhart for the report and Łukasz Rekucki for the patch.

Note: See TracTickets for help on using tickets.
Back to Top