Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Built-in debugger malfunctions when url parameters are present #2918

Closed
0xC4DE opened this issue Jun 26, 2024 · 2 comments
Closed

Built-in debugger malfunctions when url parameters are present #2918

0xC4DE opened this issue Jun 26, 2024 · 2 comments
Milestone
3.0.4

Comments

@0xC4DE
Copy link

0xC4DE commented Jun 26, 2024

When using flask, with debug enabled, and attempting to debug a page with any URL parameter present, the debugger will malfunction and throw the error: "Error: Could not verify PIN. Network error?" it also does not print the debugger pin into the console, unless upon startup

To replicate this, make a simple Flask test app that throws an error like so:

from flask import Flask

app = Flask(__name__)
@app.route("/")
def hello_world():
    raise
    return "<p>Hello, World!</p>"

if __name__ == "__main__":

Now, navigate to localhost:5000. After which the debug terminal will appear and work as intended. This is what appears in the console:

27.0.0.1 - - [26/Jun/2024 12:37:39] "GET /?__debugger__=yes&cmd=resource&f=debugger.js HTTP/1.1" 304 -
127.0.0.1 - - [26/Jun/2024 12:37:39] "GET /?__debugger__=yes&cmd=resource&f=style.css HTTP/1.1" 304 -
127.0.0.1 - - [26/Jun/2024 12:37:39] "GET /?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 304 -
 * To enable the debugger you need to enter the security pin:
 * Debugger pin code: xxx-xxx-xxx
127.0.0.1 - - [26/Jun/2024 12:37:41] "GET /?__debugger__=yes&cmd=printpin&s=3WfWFdnDEWFY1zvWLTW3 HTTP/1.1" 200 -

Do not insert the debugger pin, instead navigate to localhost:5000?test=test (any url parameter will cause this). The debug console will appear, upon clicking the terminal button, to cause the PIN prompt, the prompt will appear; however, the error will appear a second time in the terminal, and no PIN will appear.

127.0.0.1 - - [26/Jun/2024 12:40:42] "GET /?__debugger__=yes&cmd=resource&f=style.css HTTP/1.1" 304 -
127.0.0.1 - - [26/Jun/2024 12:40:42] "GET /?__debugger__=yes&cmd=resource&f=debugger.js HTTP/1.1" 304 -
127.0.0.1 - - [26/Jun/2024 12:40:42] "GET /?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 304 -
127.0.0.1 - - [26/Jun/2024 12:40:51] "GET /?test=test?__debugger__=yes&cmd=printpin&s=LjqOQxjdwXsrbGPWHvJB HTTP/1.1" 500 -
Traceback (most recent call last):
...

Naturally, the debugger ping should exist anyway. I think the issue is that ?__debugger__... is inserted instead of &__debugger__... in circumstances where URL parameters are already present. I cannot verify as I'm not certain where this should live. It's possible this is a Werkzeug problem. Feel free to tell me, and I'll reopen over there.

Environment:

  • Python version: 3.11
  • Flask version: 3.0.3
    FWIW this still happened in 2.3.3
@davidism davidism transferred this issue from pallets/flask Jun 26, 2024
@fluffy-critter
Copy link

I am running into this with the same situation, trying to debug an application where there's already parameters in the query string.

@davidism
Copy link
Member

Happy to review a PR. Presumably it's an issue in the JavaScript where it's constructing the URLs.

@davidism davidism added this to the 3.0.4 milestone Jul 31, 2024
@davidism davidism mentioned this issue Aug 21, 2024
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 5, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0.4
Development

No branches or pull requests
3 participants
@fluffy-critter @davidism @0xC4DE