Bug 170553 - RPC API doesn't excape strings propperly
RPC API doesn't excape strings propperly
Product: Red Hat Network
Classification: Red Hat
Component: RHN/Other (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jesus M. Rodriguez
Ken Ganong
Depends On:
Blocks: 171832
  Show dependency treegraph
Reported: 2005-10-12 16:27 EDT by Jack Neely
Modified: 2007-04-18 13:32 EDT (History)
3 users (show)

See Also:
Fixed In Version: rhn410
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-07-19 20:31:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
xmlrpclib in verbose mode (292.81 KB, text/plain)
2005-10-12 16:30 EDT, Jack Neely
no flags Details

  None (edit)
Description Jack Neely 2005-10-12 16:27:59 EDT
Description of problem:
I'm running a simple python XMLRPC client against the RHN API, which I do know
is experimental.

On calling system.list_groups() I get the following traceback:

xml.parsers.expat.ExpatError: not well-formed (invalid token): line 422, column 86

It appears that the RHN API doesn't propperly escape characters in group names
specifically.  As "<string>UNC-CH Center for Functional GI & Motility
Disorders</string>" is not valid.

Version-Release number of selected component (if applicable):
rhn.redhat.com 4.0.0

How reproducible:
Make a group with a & in it
Comment 1 Jack Neely 2005-10-12 16:30:09 EDT
Created attachment 119850 [details]
xmlrpclib in verbose mode

This is the output of my python script with xmlrpclib in verbose mode.	Note
the bad XML.
Comment 4 Jesus M. Rodriguez 2006-06-02 21:07:09 EDT
1) create a system group with an ampersand in its name (see original comment)
2) call system.list_groups with the user used to create the above system group.
3) verify the XML returned is properly escaped and that the client gets
   the proper value, that is system group returned to client must match that
   in web ui.
Comment 5 Todd Sanders 2006-06-08 10:32:05 EDT
Reassigning QA responsibility to Ken
Comment 7 Ken Ganong 2006-06-08 13:50:26 EDT
The API now escapes all kinds of crazy characters I threw at it.
However, the website doesn't seem to be as robust,  see bug #194515

This bug fix is now verified.
Comment 8 Beth Nackashi 2006-07-19 20:31:57 EDT
closing - currentrelease

Note You need to log in before you can comment on or make changes to this bug.