Coerce job name/passwd to ASCII

The job name/passwd columns in our database are latin1, so we will get an "Illegal mix of collations" error from MySQL if the user passes in random Unicode. Coerce to ASCII to be safe.
salilab · Jul 26, 2021 · 5f8eac5 · 5f8eac5
1 parent 7bad2c8
commit 5f8eac5
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/python/saliweb/frontend/__init__.py b/python/saliweb/frontend/__init__.py
@@ -397,9 +397,15 @@ def get_completed_job(name, passwd, still_running_template=None):
        :return: A new CompletedJob.
        :rtype: :class:`CompletedJob`
     """
+    def make_ascii(s):
+        # name/passwd columns in our DB are latin1, so we will get an
+        # "Illegal mix of collations" error if the user passes in random
+        # Unicode. Coerce to ASCII to be safe.
+        return bytes(s, encoding='ascii', errors='replace').decode('ascii')
     conn = get_db()
     c = MySQLdb.cursors.DictCursor(conn)
-    c.execute('SELECT * FROM jobs WHERE name=%s AND passwd=%s', (name, passwd))
+    c.execute('SELECT * FROM jobs WHERE name=%s AND passwd=%s',
+              (make_ascii(name), make_ascii(passwd)))
     job_row = c.fetchone()
     if not job_row:
         raise _ResultsBadJobError('Job does not exist, or wrong password')