Fix issue2550843 (AttributeError: 'Unauthorised' object has no attribute 'replace')

ThomasAH · ThomasAH · commit 9ec099f10e12 · 2014-05-26T16:14:07.000+02:00
Pass text of Unauthorised and Login exceptions instead of the exception
instance to avoid traceback with string operations.

str() is used in most other places where the exception error message text is
needed. So far only roundup.cgi.actions.LoginAction.handle() iterates over the
exception args. Probably not needed here, so I decided to keep the code simple.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -96,6 +96,9 @@ Fixed:
 - Apply german translation fixes from Debian team in issue2550761,
   thanks to Kai Storbeck for taking the time to report these.
   (Ralf Schlatterbeck)
+- Fix issue2550843 Pass text of Unauthorised and Login exceptions instead
+  of the exception instance to avoid traceback with string operations.
+  (Thomas Arendsen Hein)
 
 Minor:
 - demo.py usage message improved: explains "nuke" now. (Bernhard Reiter)
diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
@@ -531,11 +531,11 @@ def inner_main(self):
                                "Basic realm=\"%s\"" % realm)
             else:
                 self.response_code = http_.client.FORBIDDEN
-            self.renderFrontPage(message)
+            self.renderFrontPage(str(message))
         except Unauthorised, message:
             # users may always see the front page
             self.response_code = 403
-            self.renderFrontPage(message)
+            self.renderFrontPage(str(message))
         except NotModified:
             # send the 304 response
             self.response_code = 304
