Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accidentally added %0A ( \n newline) at the end of some tags #669

Open
nocrcl opened this issue Jul 8, 2024 · 2 comments
Open

Accidentally added %0A ( \n newline) at the end of some tags #669

nocrcl opened this issue Jul 8, 2024 · 2 comments

Comments

@nocrcl
Copy link

nocrcl commented Jul 8, 2024
edited
Loading

I made a bash script to mass upload images using the API and tag them by using a string containing the tags inside the metadata of the image. very hacky but it kinda works.

While working out how to trim whitespace characters, i accidentally created some tags with a newline character at the end. e.g. myszuruip/tag/cheese%0A
When trying to click the tag in the tags view, it says "Requested path /tag/cheese was not found."
Which makes it impossible to rename or delete such tags using the client.
I tried to use curl to GET and on success PUT edit or deletethe tag, it converts the %0A into \n

curl -X GET -H "Authorization: Token blablabla=" \
    -H "Content-Type: application/json" \
    -H "Accept: application/json" \
    myszuruip/api/tag/cheese%0A
{
  "name": "ValidationError",
  "title": "Not Found",
  "description": "Requested path /tag/cheese\n was not found."
}

BTW: Is this considered a bug, if it is possible to add invalid characters through API?
@BloodyRain2k
Copy link

I'm not familiar poking at the API this way, but have you tried encoding the %0A so that the % is URI encoded?
Aka myszuruip/api/tag/cheese%250A instead?

And I'd agree, there should be a sanity check for characters before adding tags.
From a quick look, it seems like

szurubooru/server/szurubooru/func/tags.py

Line 182 in d102578

existing_tags = get_tags_by_names(names)

would be a good start to implement one.

Currently I'm in the process of bending other parts of my instance into shape, but eventually this is something I'd want to have too.
Because until now, I too wouldn't have expected illegal characters to go through uncaught.

@G1org1owo
Copy link

This is already addressed in

szurubooru/server/szurubooru/func/tags.py

Lines 39 to 44 in d102578

def _verify_name_validity(name: str) -> None:
if util.value_exceeds_column_size(name, model.TagName.name):
raise InvalidTagNameError("Name is too long.")
name_regex = config.config["tag_name_regex"]
if not re.match(name_regex, name):
raise InvalidTagNameError("Name must satisfy regex %r." % name_regex)
which is called in the process of creating a new tag.

Assuming the tag regex was not modified, I am lead to believe that the illegal character in question was in fact not a newline, as it would have negated the expression ^[^\s%+#/]+$ and thus returned an error.

If you try to interrogate the API for the tag list e.g.

curl -X GET
       -H 'Accept: application/json' \
       -H 'Authorization: Token blablabla='
       myszuruip/api/tags?query=cheese*'

what name does it return?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BloodyRain2k @G1org1owo @nocrcl