Red Hat Bugzilla – Bug 170553
RPC API doesn't excape strings propperly
Last modified: 2007-04-18 13:32:47 EDT
Description of problem:
I'm running a simple python XMLRPC client against the RHN API, which I do know
On calling system.list_groups() I get the following traceback:
xml.parsers.expat.ExpatError: not well-formed (invalid token): line 422, column 86
It appears that the RHN API doesn't propperly escape characters in group names
specifically. As "<string>UNC-CH Center for Functional GI & Motility
Disorders</string>" is not valid.
Version-Release number of selected component (if applicable):
Make a group with a & in it
Created attachment 119850 [details]
xmlrpclib in verbose mode
This is the output of my python script with xmlrpclib in verbose mode. Note
the bad XML.
1) create a system group with an ampersand in its name (see original comment)
2) call system.list_groups with the user used to create the above system group.
3) verify the XML returned is properly escaped and that the client gets
the proper value, that is system group returned to client must match that
in web ui.
Reassigning QA responsibility to Ken
The API now escapes all kinds of crazy characters I threw at it.
However, the website doesn't seem to be as robust, see bug #194515
This bug fix is now verified.
closing - currentrelease