search

prayagverma / gdata-python-client

Automatically exported from code.google.com/p/gdata-python-client
1 stars 0 forks source link

Url quoted parameters that are non-strings cause errors. #580

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Passing innocent url parameters that are non-string such as 'max-results': 50 
will cause an error.

Original issue reported on code.google.com by afs...@google.com on 5 Jan 2012 at 6:39

GoogleCodeExporter commented 9 years ago 
This is not as straightforward as it looks, we do a lot of quoting:

$ rgrep . -e urllib.quote
./src/gdata/webmastertools/service.py:        uri % urllib.quote_plus(site_uri),
./src/gdata/webmastertools/service.py:        uri % urllib.quote_plus(site_uri),
./src/gdata/webmastertools/service.py:        uri % urllib.quote_plus(site_uri),
./src/gdata/webmastertools/service.py:        uri % urllib.quote_plus(site_uri),
./src/gdata/webmastertools/service.py:        uri % urllib.quote_plus(site_uri),
./src/gdata/webmastertools/service.py:        uri % urllib.quote_plus(site_uri),
./src/gdata/webmastertools/service.py:    return self.Get(uri % {'site_id': 
urllib.quote_plus(site_uri)},
./src/gdata/webmastertools/service.py:        uri % {'site_id': 
urllib.quote_plus(site_uri)},
./src/gdata/webmastertools/service.py:        uri % {'site_id': 
urllib.quote_plus(site_uri)},
./src/gdata/webmastertools/service.py:        uri % {'site_id': 
urllib.quote_plus(site_uri)},
./src/gdata/webmastertools/service.py:        uri % {'site_id': 
urllib.quote_plus(site_uri),
./src/gdata/webmastertools/service.py:            'sitemap_id': 
urllib.quote_plus(sitemap_uri)},
./src/gdata/service.py:        [urllib.quote_plus(c) for c in self.categories])
./src/gdata/marketplace/client.py:    uri = LICENSE_FEED_TEMPLATE + 
urllib.quote_plus(parameters)
./src/gdata/marketplace/client.py:    uri = LICENSE_NOTIFICATIONS_FEED_TEMPLATE 
+ urllib.quote_plus(parameters)
./src/gdata/oauth/__init__.py:    return urllib.quote(s, safe='~')
./src/gdata/apps/groups/service.py:          return GROUP_MEMBER_DIRECT_URL % 
(domain, urllib.quote_plus(member_id),
./src/gdata/apps/groups/service.py:          return GROUP_MEMBER_URL % (domain, 
urllib.quote_plus(member_id))
./src/gdata/apps/groups/service.py:        return MEMBER_ID_URL % (domain, 
group_id, urllib.quote_plus(member_id))
./src/gdata/apps/groups/service.py:        return OWNER_ID_URL % (domain, 
group_id, urllib.quote_plus(owner_email))
./src/gdata/apps/emailsettings/client.py:    uri = '/'.join([uri, 
urllib.quote_plus(label)])
./src/gdata/gauth.py:    pairs.append('%s=%s' % (urllib.quote(key, safe='~'),
./src/gdata/gauth.py:                            urllib.quote(params[key], 
safe='~')))
./src/gdata/gauth.py:  all_parameters = urllib.quote('&'.join(pairs), safe='~')
./src/gdata/gauth.py:    request_path = urllib.quote('%s://%s:%s%s' % (
./src/gdata/gauth.py:    request_path = urllib.quote('%s://%s%s' % (
./src/gdata/gauth.py:    hash_key = '%s&%s' % (urllib.quote(consumer_secret, 
safe='~'),
./src/gdata/gauth.py:                          urllib.quote(token_secret, 
safe='~'))
./src/gdata/gauth.py:    hash_key = '%s&' % urllib.quote(consumer_secret, 
safe='~')
./src/gdata/gauth.py:          k, urllib.quote(v, safe='~')) for k, v in 
params.iteritems()]
./src/gdata/gauth.py:  return '|'.join([urllib.quote_plus(a or '') for a in 
args])
./src/gdata/calendar/service.py:            urllib.quote(user), 
./src/gdata/calendar/service.py:            urllib.quote(visibility), 
./src/gdata/calendar/service.py:            urllib.quote(projection)),
./src/gdata/docs/client.py:            urllib.quote(entry.resource_id.text))
./src/atom/service.py:  transform_op = [str, 
urllib.quote_plus][bool(escape_params)]
./src/atom/url.py:      param_pairs.append('='.join((urllib.quote_plus(key), 
./src/atom/url.py:          urllib.quote_plus(str(value)))))
./src/atom/http_core.py:      
param_pairs.append('='.join((urllib.quote_plus(key),
./src/atom/http_core.py:          urllib.quote_plus(str(value)))))

Original comment by afs...@google.com on 5 Jan 2012 at 7:06

GoogleCodeExporter commented 9 years ago 
This affects gdata.spreadsheets.client.CellQuery. The min_row, max_row, 
min_col, max_col parameters all claim to accept int or str. The problematic 
urllib.quote call here is:

File "/Library/Python/2.7/site-packages/gdata/gauth.py", line 629, in 
build_oauth_base_string
    urllib.quote(params[key], safe='~')))

Either that should be urllib.quote(str(params[key]), safe='~'))) or the doc 
string for CellQuery should require str.

Original comment by kevin@ie.suberic.net on 13 Aug 2013 at 3:16

GoogleCodeExporter commented 9 years ago 
By the way, I think issue 313 is a subset of this bug. Though it's for the v1.0 
api so maybe it's obsolete by this point.

Original comment by kevin@ie.suberic.net on 13 Aug 2013 at 3:20