unicode flub in GitHub API usage

[chadwhitacre]

Or even just in logging?

Traceback (most recent call last):
  File "aspen/website.py", line 76, in handle_safely
    response = self.handle(request)
  File "aspen/website.py", line 109, in handle
    response = request.resource.respond(request)
  File "aspen/resources/dynamic_resource.py", line 47, in respond
    exec self.pages[1] in context
  File "/app/www/on/github/%login/index.html.spt", line 18, in <module>
    user_info = github.get_user_info(path['login'])
  File "gittip/elsewhere/github.py", line 140, in get_user_info
    "GitHub identity '{0}' not found.".format(login))
UnicodeEncodeError: 'ascii' codec can't encode character u'\u200e' in position 4: ordinal not in ...

https://app.getsentry.com/gittip/gittip/group/6850474/

[hashar]

Example: https://www.gittip.com/on/github/atdt%E2%80%8E/

Obtained from the people search box by filling in the input box 'atdt' + something else I have no clue how I inserted it :/

[zbynekwinkler]

Could be fixed by #158. I remember going over the code yesterday and thinking it would blow with unicode 😄

[zbynekwinkler]

Let's block this on #158 and #1520.

[chadwhitacre]

Sounds right to me.

[seanlinsley]

How did this ever occur? We don't allow unicode in usernames, and neither does Github

[zbynekwinkler]

You can put anything in the url https://www.gittip.com/on/github/[username]/ and we are not sanitizing that.

[chadwhitacre]

Perhaps it was a security researcher?

[hashar]

@seanlinsley I just somehow entered a search for "atdt" and eventually that led to "atdt%E2%80%8E" because I added some additional unicode after my "atdt" search sentence. The server informed me of some error so I have pinged folks on irc and @whit537 grabbed the server side stack trace.

[Changaco]

This problem has been solved, probably by #1369.

[hashar]

https://www.gittip.com/on/github/atdt%E2%80%8E/ gives a nice error page now. Thanks!