Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 3618 by ke...@keithmoyer.com: Unprintable characters in change description causes page to crash
https://code.google.com/p/reviewboard/issues/detail?id=3618

What version are you running?
2.0.2 (still present in 2.1 alpha 0)

What's the URL of the page containing the problem?
/r/#

What steps will reproduce the problem?
1. Create a review request
2. Publish
3. Create a new revision, changing the description or summary to include unprintable characters
4. Publish

What is the expected output? What do you see instead?

I expect to see the page, not showing unprintable characters (or showing them specially). Instead, the whole review is inaccessible with a 500 error page.

I was able to reproduce this on the demo.reviewboard.org site with the following command for the second revision (the "%0C" is what causes the problem):

curl -X PUT -H "Authorization: Basic $(printf guest9121:demo | openssl base64)" -s -d "summary=Escaped%20character;description=This%20is%20a%20%0Cield" http://demo.reviewboard.org/api/review-requests/30/draft/

When I do this on my server, the following shows up in the error logs.

2014-10-13 20:42:20,334 - ERROR - - Exception thrown for user <redacted> at <redacted>

not well-formed (invalid token): line 1, column 28
Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/Django-1.6.7-py2.7.egg/django/core/handlers/base.py", line 112, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/accounts/decorators.py", line 23, in _check
    return view_func(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/site/decorators.py", line 35, in _check
    return view_func(request, local_site=local_site, *args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/reviews/views.py", line 662, in review_detail
    changedesc.fields_changed[field_id])
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/reviews/fields.py", line 159, in get_change_entry_sections_html
    'rendered_html': mark_safe(self.render_change_entry_html(info)),
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/reviews/fields.py", line 486, in render_change_entry_html
    old_lines = list(iter_markdown_lines(old_value))
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/reviews/markdown_utils.py", line 131, in iter_markdown_lines
    nodes = get_markdown_element_tree(markdown_html)
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/reviews/markdown_utils.py", line 184, in get_markdown_element_tree
    doc = parseString(b'<html>%s</html>' % markdown_html)
File "/usr/local/lib/python2.7/xml/dom/minidom.py", line 1928, in parseString
    return expatbuilder.parseString(string)
File "/usr/local/lib/python2.7/xml/dom/expatbuilder.py", line 940, in parseString
    return builder.parseString(string)
File "/usr/local/lib/python2.7/xml/dom/expatbuilder.py", line 223, in parseString
    parser.Parse(string, True)
ExpatError: not well-formed (invalid token): line 1, column 28

What operating system are you using? What browser?
Windows 7, Firefox

Please provide any additional information below.

The unprintable characters were due to a problem in one of my scripts (people had doxygen comments like "\brief" in their description, and the script passed it through "echo -ne" at one point).

The unprintable characters are handled fine in the review normally (not displayed in the description, shows up as a colored dot when editing), but as soon as it shows up in a change description, it's toast.

I can understand this is a "don't do that" situation, but it would be good if it was hardened to show _something_ besides a 505 page.


--
You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/d/optout.

Reply via email to