Code

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#3751 closed (wontfix)

Trac shows traceback on code.djangoproject.com

Reported by: frankie@… Owned by: jacob
Component: *.djangoproject.com Version: master
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

When there is a random error here on code.djangoproject.com traceback is shown. Obviously this is a security issue. Perhaps this can be configured away or a bug should be reported on trac.

Attachments (0)

Change History (4)

comment:1 Changed 7 years ago by Simon G. <dev@…>

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 7 years ago by ubernostrum

I'm not sure how it's a security issue -- what sort of sensitive information is revealed?

comment:3 Changed 7 years ago by frankie@…

  • Resolution set to wontfix
  • Status changed from new to closed

Yeah, I forgot to save the page of the error but I suppose the only sensitive data it contains is the full paths to the files involved (and the code, but that's open anyway and all password etc. are in non-python config files IIRC). So yeah, after thinking a bit more about this I suppose I'll close the ticket.

comment:4 Changed 7 years ago by Simon G. <dev@…>

Here's one that I just got:

Traceback (most recent call last):
  File "/home/trac/new-djangoproject-trac-test/trac/web/main.py", line 387, in dispatch_request
  File "/home/trac/new-djangoproject-trac-test/trac/web/main.py", line 183, in dispatch
  File "/home/trac/new-djangoproject-trac-test/trac/perm.py", line 263, in __init__
  File "/home/trac/new-djangoproject-trac-test/trac/perm.py", line 227, in get_user_permissions
  File "/home/trac/new-djangoproject-trac-test/trac/perm.py", line 112, in get_user_permissions
  File "/usr/lib/python2.3/site-packages/pyPgSQL/PgSQL.py", line 3261, in fetchall
    return self.__fetchManyRows(self._rows_, _list)
  File "/usr/lib/python2.3/site-packages/pyPgSQL/PgSQL.py", line 2838, in __fetchManyRows
    _j = self.__fetchOneRow()
  File "/usr/lib/python2.3/site-packages/pyPgSQL/PgSQL.py", line 2812, in __fetchOneRow
    for _i in range(self.res.nfields):
AttributeError: 'NoneType' object has no attribute 'nfields'

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.