#30064: Inputting search-query with null character to browser URL field and
crash
-----------------------------------------+------------------------
Reporter: kenichi-cc | Owner: nobody
Type: Bug | Status: new
Component: contrib.admin | Version: 2.1
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
1. Input following URL to browser URL field and access.
http://localhost/admin/auth/user/?q=%00
2. Crash with following Error.
{{{
Environment:
Request Method: GET
Request URL: http://localhost/admin/auth/user/?q=%00
Django Version: 2.1.4
Python Version: 3.6.7
Installed Applications:
['django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django_extensions',
'rest_framework',
'select2',
'corsheaders',
.......]
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
Traceback:
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/core/handlers/exception.py" in inner
34. response = get_response(request)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/core/handlers/base.py" in _get_response
126. response = self.process_exception_by_middleware(e,
request)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/core/handlers/base.py" in _get_response
124. response = wrapped_callback(request,
*callback_args, **callback_kwargs)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/contrib/admin/options.py" in wrapper
604. return self.admin_site.admin_view(view)(*args,
**kwargs)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/utils/decorators.py" in _wrapped_view
142. response = view_func(request, *args, **kwargs)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/views/decorators/cache.py" in _wrapped_view_func
44. response = view_func(request, *args, **kwargs)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/contrib/admin/sites.py" in inner
223. return view(request, *args, **kwargs)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/utils/decorators.py" in _wrapper
45. return bound_method(*args, **kwargs)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/utils/decorators.py" in _wrapped_view
142. response = view_func(request, *args, **kwargs)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/contrib/admin/options.py" in changelist_view
1675. cl = self.get_changelist_instance(request)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/contrib/admin/options.py" in get_changelist_instance
742. sortable_by,
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/contrib/admin/views/main.py" in __init__
81. self.get_results(request)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/contrib/admin/views/main.py" in get_results
209. result_count = paginator.count
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/utils/functional.py" in __get__
37. res = instance.__dict__[self.name] = self.func(instance)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/core/paginator.py" in count
87. return self.object_list.count()
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/db/models/query.py" in count
383. return self.query.get_count(using=self.db)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/db/models/sql/query.py" in get_count
498. number = obj.get_aggregation(using, ['__count'])['__count']
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/db/models/sql/query.py" in get_aggregation
483. result = compiler.execute_sql(SINGLE)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/db/models/sql/compiler.py" in execute_sql
1065. cursor.execute(sql, params)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/db/backends/utils.py" in execute
100. return super().execute(sql, params)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/db/backends/utils.py" in execute
68. return self._execute_with_wrappers(sql, params, many=False,
executor=self._execute)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/db/backends/utils.py" in _execute_with_wrappers
77. return executor(sql, params, many, context)
File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site-
packages/django/db/backends/utils.py" in _execute
85. return self.cursor.execute(sql, params)
Exception Type: ValueError at /admin/auth/user/
Exception Value: A string literal cannot contain NUL (0x00) characters.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30064>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/053.96030f314b04c4ad98010d9e504c8fdc%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
