Bug 1933606 - Ctrl+C in a bugzilla comment breaks xmlrpc
Summary: Ctrl+C in a bugzilla comment breaks xmlrpc
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Bugzilla
Classification: Community
Component: WebService
Version: 5.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: Aitik Dandapat
QA Contact: Jeff Fearn 🐞
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-03-01 09:13 UTC by Karel Srot
Modified: 2025-10-16 23:59 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2022-02-09 00:23:54 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Mozilla Foundation 839023 0 -- RESOLVED xmlrpc interface doesn't correctly escape data in response, resulting in invalid xml 2021-04-07 05:43:00 UTC
Red Hat Bugzilla 650114 1 low CLOSED xml.parsers.expat.ExpatError: not well-formed (invalid token): line 26, column 13 2025-10-16 23:28:11 UTC

Description Karel Srot 2021-03-01 09:13:13 UTC 
Description of problem:

I have noticed the problem on this particular bug

>>> from bugzilla import Bugzilla
>>> BugzillaXmlrpc = 'https://bugzilla.redhat.com/xmlrpc.cgi'
>>> bugzilla = Bugzilla(url=BugzillaXmlrpc)
>>> bugzilla._proxy.Bug.history({'ids':[1614166]})
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.7/site-packages/bugzilla/_backendxmlrpc.py", line 138, in _ServerProxy__request
    ret = ServerProxy._ServerProxy__request(self, methodname, params)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1591, in __request
    verbose=self.__verbose
  File "/usr/lib/python2.7/site-packages/bugzilla/_backendxmlrpc.py", line 106, in request
    return self.__request_helper(url, request_body)
  File "/usr/lib/python2.7/site-packages/bugzilla/_backendxmlrpc.py", line 69, in __request_helper
    raise e
bugzilla.exceptions.BugzillaError: not well-formed (invalid token): line 6, column 0

Leos Pol did some debugging of the issue and identified that

the issue is in comment 13, specifically character right after the first "ll" command. There is a sequence of (0x0A) (0x03) (0x0A). 0x0As are \n, 0x03 Ctrl+C.
When the commenter copied the terminal output, he also copied it with ctrl+c. Something like this has to be escaped and not break XML traffic.


Version 5.0.4rh53
Comment 1 Petr Pisar 2021-03-01 09:22:24 UTC 
Technically it cannot be escaped in XML 1.0. The character is simply not allowed there.

It can either be replaced with a different character (e.g. U+FFFD) or a well-known textual representation (^C), or the XML version must be upgraded to XML 1.1.
Comment 2 Jeff Fearn 🐞 2021-08-24 06:11:05 UTC 
There is already a function to do this, it probably just needs to be added to another place.

e.g. if you call Bug.get and get all the comments it should not trigger this issue.
Comment 3 Jeff Fearn 🐞 2022-01-27 23:55:35 UTC 
1. fetch bug history for 1614166 using XMLRPC

$ perl bug_1933606.pl

...
[root@d shm]# pwd
/dev/shm
[root@d shm]# ll

[root@d
...
Comment 5 Jeff Fearn 🐞 2022-02-09 00:23:54 UTC 
This change is now live. If there are any issues, do not reopen this bug. Instead, you should create a new bug and reference this bug.
Note You need to log in before you can comment on or make changes to this bug.