where"请求中无效字符(&)
我在开发系统中发现了这个问题,并在Eve的演示中复现了它,演示可以在这里找到。
这是我运行的代码。
import requests
import json
import string
import random
def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
return ''.join(random.choice(chars) for _ in range(size))
name = "max and me"
data = {"lastname":id_generator(), "firstname":name}
print data
res = requests.post("http://127.0.0.1:5000/people", data = data)
print res.text
data = 'where={"firstname":"%s"}' % (name)
res = requests.get("http://127.0.0.1:5000/people", params = data)
print res.text
首先,我发送一个POST请求,里面包含一个变量,然后我用同样的变量做一个GET请求,带上一个条件。最开始我把这个变量设置为“max and me”,一切都运行得很好。然后我把变量设置为“max & me”,结果Eve就出错了:
127.0.0.1 - - [23/Apr/2014 20:22:07] "GET /people?where=%7B%22firstname%22:%22max%20&%20me%22%7D HTTP/1.1" 500 -
Traceback (most recent call last):
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/flask/app.py", line 1836, in __call__
return self.wsgi_app(environ, start_response)
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/flask/app.py", line 1820, in wsgi_app
response = self.make_response(self.handle_exception(e))
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/flask/app.py", line 1403, in handle_exception
reraise(exc_type, exc_value, tb)
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/eve/endpoints.py", line 53, in collections_endpoint
response = get(resource, lookup)
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/eve/methods/common.py", line 226, in rate_limited
return f(*args, **kwargs)
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/eve/auth.py", line 45, in decorated
return f(*args, **kwargs)
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/eve/methods/common.py", line 429, in decorated
r = f(*args, **kwargs)
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/eve/methods/get.py", line 104, in get
cursor = app.data.find(resource, req, lookup)
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/eve/io/mongo/mongo.py", line 145, in find
spec = parse(req.where)
File "/Users/hingem/Documents/python/venv/lib/python2.7/site-packages/eve/io/mongo/parser.py", line 26, in parse
v.visit(ast.parse(expression))
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ast.py", line 37, in parse
return compile(source, filename, mode, PyCF_ONLY_AST)
File "<unknown>", line 1
{"firstname":"max
^
SyntaxError: EOL while scanning string literal
可能是我没有正确处理<&>这个符号,但我觉得我尝试过各种编码方式……每次都卡住了。
2 个回答
1
我觉得在网址中不能直接使用“&”符号,因为它表示网址查询的下一部分。通常你需要把“&”符号编码成 %26。
我认为这部分是eve的一个bug,因为如果你在网址的查询部分放入未编码的“&”符号,Flask(eve的基础)会把它分成请求参数,然后eve会尝试把“where”部分转换成Python的语法树(这就是它处理查询格式的方式),结果在 max 后面就结束了,因此会出现错误,因为这显然不是一个正确的Python表达式。在这段代码 https://github.com/nicolaiarocci/eve/blob/develop/eve/io/mongo/mongo.py#L151 中,可能也应该捕获 SyntaxError。也许你可以在eve的GitHub上提交一个bug,建议eve应该返回400错误请求。
希望这篇文章能解释问题的核心。
3
试着把 & 替换成它的转义版本:%26。我刚刚对一个使用Eve的API进行了这样的GET请求。
?where={"name": "You %26 me"}
结果一切都正常。