#30064: Inputting search-query with null character to browser URL field and crash -----------------------------------------+------------------------ Reporter: kenichi-cc | Owner: nobody Type: Bug | Status: new Component: contrib.admin | Version: 2.1 Severity: Normal | Keywords: Triage Stage: Unreviewed | Has patch: 0 Needs documentation: 0 | Needs tests: 0 Patch needs improvement: 0 | Easy pickings: 0 UI/UX: 0 | -----------------------------------------+------------------------ 1. Input following URL to browser URL field and access.
http://localhost/admin/auth/user/?q=%00 2. Crash with following Error. {{{ Environment: Request Method: GET Request URL: http://localhost/admin/auth/user/?q=%00 Django Version: 2.1.4 Python Version: 3.6.7 Installed Applications: ['django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'django_extensions', 'rest_framework', 'select2', 'corsheaders', .......] Installed Middleware: ['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware'] Traceback: File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/core/handlers/exception.py" in inner 34. response = get_response(request) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/core/handlers/base.py" in _get_response 126. response = self.process_exception_by_middleware(e, request) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/core/handlers/base.py" in _get_response 124. response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/contrib/admin/options.py" in wrapper 604. return self.admin_site.admin_view(view)(*args, **kwargs) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/utils/decorators.py" in _wrapped_view 142. response = view_func(request, *args, **kwargs) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/views/decorators/cache.py" in _wrapped_view_func 44. response = view_func(request, *args, **kwargs) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/contrib/admin/sites.py" in inner 223. return view(request, *args, **kwargs) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/utils/decorators.py" in _wrapper 45. return bound_method(*args, **kwargs) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/utils/decorators.py" in _wrapped_view 142. response = view_func(request, *args, **kwargs) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/contrib/admin/options.py" in changelist_view 1675. cl = self.get_changelist_instance(request) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/contrib/admin/options.py" in get_changelist_instance 742. sortable_by, File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/contrib/admin/views/main.py" in __init__ 81. self.get_results(request) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/contrib/admin/views/main.py" in get_results 209. result_count = paginator.count File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/utils/functional.py" in __get__ 37. res = instance.__dict__[self.name] = self.func(instance) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/core/paginator.py" in count 87. return self.object_list.count() File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/db/models/query.py" in count 383. return self.query.get_count(using=self.db) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/db/models/sql/query.py" in get_count 498. number = obj.get_aggregation(using, ['__count'])['__count'] File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/db/models/sql/query.py" in get_aggregation 483. result = compiler.execute_sql(SINGLE) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/db/models/sql/compiler.py" in execute_sql 1065. cursor.execute(sql, params) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/db/backends/utils.py" in execute 100. return super().execute(sql, params) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/db/backends/utils.py" in execute 68. return self._execute_with_wrappers(sql, params, many=False, executor=self._execute) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/db/backends/utils.py" in _execute_with_wrappers 77. return executor(sql, params, many, context) File "/root/.pyenv/versions/3.6.7/envs/app/lib/python3.6/site- packages/django/db/backends/utils.py" in _execute 85. return self.cursor.execute(sql, params) Exception Type: ValueError at /admin/auth/user/ Exception Value: A string literal cannot contain NUL (0x00) characters. }}} -- Ticket URL: <https://code.djangoproject.com/ticket/30064> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/053.96030f314b04c4ad98010d9e504c8fdc%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.