HTTP_ACCEPT_CHARSET parsing fragile
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Fix Released
|
Low
|
Unassigned | ||
Zope 3 |
Fix Released
|
Low
|
Unassigned |
Bug Description
Received a malformed HTTP_ACCEPT_CHARSET which raised a ValueError instead
of trying its best. The header was from a bot, which I reported the issue
to. But seems like Zope could be a bit more resilient when dealing with a
broken HTTP_ACCEPT_
Here is the malformed header.
'HTTP_
The issue is a missing comma in that last bit, between the '0.2' and the
asterisk (*).
Below is the full traceback from Zope-2.10.5. I checked and the issue
remains in 2.11.1, though the lines numbers are a bit different.
Error Type: ValueError
Error Value: too many values to unpack
Traceback (innermost last):
* Module ZPublisher.Publish, line 119, in publish
* Module ZPublisher.mapply, line 88, in mapply
* Module ZPublisher.Publish, line 42, in call_object
* Module OFS.DTMLMethod, line 144, in __call__
&
URL: http://
Physical Path:/www_
* Module DocumentTemplat
* Module Products.
* Module Products.
* Module Products.
* Module OFS.DTMLMethod, line 144, in __call__
<KContent at /www_org/
URL: http://
Physical Path:/www_
* Module DocumentTemplat
* Module Shared.
* Module Shared.
* Module App.special_dtml, line 178, in _exec
* Module DocumentTemplat
* Module DocumentTemplat
* Module Products.
* Module Products.
* Module Products.
* Module Shared.
* Module Shared.
* Module Products.
* Module Products.
* Module zope.pagetempla
* Module zope.tal.
* Module zope.tal.
* Module zope.tal.
* Module zope.tal.
* Module Products.
* Module Products.
* Module Products.
* Module zope.publisher.
ValueError: too many values to unpack
Changed in zope2: | |
importance: | Undecided → Low |
The general question is how to treat malformed headers:
- ignoring them and using some default
- treating them like an error and answering with some HTTP error code
?