Backslash in query using MySQL backend throws exception

24 views
Skip to first unread message

Adam Nelson

unread,
Oct 13, 2016, 4:14:18 PM10/13/16
to Django REST framework
Would somebody let me know if they think this is a bug in which case I'll open a ticket on Github or if I'm doing something wrong.

I'm getting the following exception on Python 3.5.2, Django 1.10.2, DRF 3.4.7, mysqlclient 1.3.9 (everything is the latest and greatest).  

I have a url (/sources) and when a user submits '\' (url is now /sources?q=\) this gets thrown:

OperationalError at /sources
(1139, "Got error 'trailing backslash (\\)' from regexp")

Request Method: GET
Django Version: 1.10.2
Python Executable: /var/virtualenvs/centr/bin/python
Python Version: 3.5.2
Python Path: ['/var/www/centr', '/var/virtualenvs/centr/src/newspaper3k', '/var/virtualenvs/centr/lib/python3.5', '/var/virtualenvs/centr/lib/python3.5/plat-x86_64-linux-gnu', '/var/virtualenvs/centr/lib/python3.5/lib-dynload', '/usr/lib/python3.5', '/usr/lib/python3.5/plat-x86_64-linux-gnu', '/var/virtualenvs/centr/lib/python3.5/site-packages', '/var/virtualenvs/centr/lib/python3.5/site-packages/newrelic-2.70.0.51', '/var/www/centr']
Server time: Thu, 13 Oct 2016 20:02:40 +0000
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'corsheaders',
 'notifications',
 'password_reset',
 'rest_framework',
 'rest_framework.authtoken',
 'rest_framework_cache',
 'storages',
 'apps.base',
 'apps.item',
 'apps.monitor',
 'apps.source',
 'apps.stream',
 'apps.user',
 'apps.geo',
 'apps.tag',
 'apps.oauth',
 'social.apps.django_app.default',
 'health_check',
 'health_check_cache',
 'health_check_storage']
Installed Middleware:
['apps.base.middleware.StripCookieForExtensionMiddleware',
 'corsheaders.middleware.CorsMiddleware',
 'django.middleware.security.SecurityMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware']


Traceback:  

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/db/backends/utils.py" in execute
  64.                 return self.cursor.execute(sql, params)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/db/backends/mysql/base.py" in execute
  110.             return self.cursor.execute(query, args)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/cursors.py" in execute
  250.             self.errorhandler(self, exc, value)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/connections.py" in defaulterrorhandler
  42.         raise errorvalue

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/cursors.py" in execute
  247.             res = self._query(query)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/cursors.py" in _query
  411.         rowcount = self._do_query(q)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/cursors.py" in _do_query
  374.         db.query(q)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/connections.py" in query
  270.             _mysql.connection.query(self, query)
  
    
      The above exception ((1139, "Got error 'trailing backslash (\\)' from regexp")) was the direct cause of the following exception:
    
  

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/core/handlers/exception.py" in inner
  39.             response = get_response(request)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/core/handlers/base.py" in _legacy_get_response
  249.             response = self._get_response(request)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/core/handlers/base.py" in _get_response
  187.                 response = self.process_exception_by_middleware(e, request)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/core/handlers/base.py" in _get_response
  185.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/views/decorators/csrf.py" in wrapped_view
  58.         return view_func(*args, **kwargs)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/rest_framework/viewsets.py" in view
  87.             return self.dispatch(request, *args, **kwargs)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/rest_framework/views.py" in dispatch
  474.             response = self.handle_exception(exc)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/rest_framework/views.py" in handle_exception
  434.             self.raise_uncaught_exception(exc)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/rest_framework/views.py" in dispatch
  471.             response = handler(request, *args, **kwargs)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/rest_framework/mixins.py" in list
  42.         page = self.paginate_queryset(queryset)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/rest_framework/generics.py" in paginate_queryset
  172.         return self.paginator.paginate_queryset(queryset, self.request, view=self)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/rest_framework/pagination.py" in paginate_queryset
  210.             self.page = paginator.page(page_number)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/core/paginator.py" in page
  50.         number = self.validate_number(number)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/core/paginator.py" in validate_number
  39.         if number > self.num_pages:

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/utils/functional.py" in __get__
  35.         res = instance.__dict__[self.name] = self.func(instance)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/core/paginator.py" in num_pages
  84.         if self.count == 0 and not self.allow_empty_first_page:

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/utils/functional.py" in __get__
  35.         res = instance.__dict__[self.name] = self.func(instance)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/core/paginator.py" in count
  72.             return self.object_list.count()

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/db/models/query.py" in count
  369.         return self.query.get_count(using=self.db)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/db/models/sql/query.py" in get_count
  476.         number = obj.get_aggregation(using, ['__count'])['__count']

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/db/models/sql/query.py" in get_aggregation
  457.         result = compiler.execute_sql(SINGLE)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/db/models/sql/compiler.py" in execute_sql
  835.             cursor.execute(sql, params)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/db/backends/utils.py" in execute
  79.             return super(CursorDebugWrapper, self).execute(sql, params)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/db/backends/utils.py" in execute
  64.                 return self.cursor.execute(sql, params)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/db/utils.py" in __exit__
  94.                 six.reraise(dj_exc_type, dj_exc_value, traceback)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/utils/six.py" in reraise
  685.             raise value.with_traceback(tb)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/db/backends/utils.py" in execute
  64.                 return self.cursor.execute(sql, params)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/django/db/backends/mysql/base.py" in execute
  110.             return self.cursor.execute(query, args)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/cursors.py" in execute
  250.             self.errorhandler(self, exc, value)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/connections.py" in defaulterrorhandler
  42.         raise errorvalue

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/cursors.py" in execute
  247.             res = self._query(query)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/cursors.py" in _query
  411.         rowcount = self._do_query(q)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/cursors.py" in _do_query
  374.         db.query(q)

File "/var/virtualenvs/centr/lib/python3.5/site-packages/MySQLdb/connections.py" in query
  270.             _mysql.connection.query(self, query)

Exception Type: OperationalError at /sources
Exception Value: (1139, "Got error 'trailing backslash (\\)' from regexp")

Here is the viewset (SourceSerializer is a serializers.HyperlinkedModelSerializer and Source is just a model)

class SourceViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows sources to be viewed or edited.
"""
filter_backends = (filters.SearchFilter, filters.OrderingFilter,)
search_fields = ('$name', '$url')
queryset = Source.objects.filter(active=True)
serializer_class = SourceSerializer


Reply all
Reply to author
Forward
0 new messages