TypeError: coercing to Unicode: need string or buffer, NoneType found

[akash.verma]

How to Reproduce

While doing a GET operation on /wiki/TC_TT12_TT251_TT359_TC9763, Trac issued an internal error.

(please provide additional details here)

Request parameters:

{'page': u'TC_TT12_TT251_TT359_TC9763'}

User agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36

System Information

Trac	1.0.9
Babel	0.9.4
Docutils	0.6
Genshi	0.7 (without speedups)
mod_python	3.3.1
Pygments	1.1.1
pysqlite	2.4.1
Python	2.6.6 (r266:84292, Jul 23 2015, 15:22:56) [GCC 4.4.7 20120313 (Red Hat 4.4.7-11)]
pytz	2010h
RPC	1.1.4
setuptools	0.6
SQLite	3.6.20
Subversion	1.6.11 (r934486)
jQuery	1.7.2
jQuery UI	1.8.21
jQuery Timepicker	1.0.1

Enabled Plugins

AttachmentPolicyPlugin	0.1.0
DefaultCc	0.3.1dev
ExcelDownloadPlugin	0.12.0.5
nevernotifyupdaterplugin	1.0
TestManager	1.8.2
TicketGuidelinesPlugin	0.3dev
TracAccountManager	0.4.4
TracAnnouncer	1.0dev
TracAutoComplete	0.1
TracAutocompleteUsersPlugin	0.4.3dev
TracCustomFieldAdmin	0.2.12
TracDateField	1.1.0
TracDynamicFields	2.2.0
TracGenericClass	1.1.6
TracGenericWorkflow	1.0.5
TracMovieMacro	0.3
TracSubTicketsPlugin	0.2.0.dev-20160911
TracWysiwyg	0.11.0.5
TracXMLRPC	1.1.4

Python Traceback

Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/Trac-1.0.9-py2.6.egg/trac/web/main.py", line 554, in _dispatch_request
    dispatcher.dispatch(req)
  File "/usr/lib/python2.6/site-packages/Trac-1.0.9-py2.6.egg/trac/web/main.py", line 267, in dispatch
    iterable=chrome.use_chunked_encoding)
  File "/usr/lib/python2.6/site-packages/Trac-1.0.9-py2.6.egg/trac/web/chrome.py", line 1075, in render_template
    stream |= self._filter_stream(req, method, filename, stream, data)
  File "/usr/lib/python2.6/site-packages/Genshi-0.7-py2.6-linux-x86_64.egg/genshi/core.py", line 133, in __or__
    return Stream(_ensure(function(self)), serializer=self.serializer)
  File "/usr/lib/python2.6/site-packages/Trac-1.0.9-py2.6.egg/trac/web/chrome.py", line 1319, in inner
    data)
  File "build/bdist.linux-x86_64/egg/testmanager/wiki.py", line 159, in filter_stream
    return self._testcase_wiki_view(req, formatter, planid, page_name, stream)
  File "build/bdist.linux-x86_64/egg/testmanager/wiki.py", line 489, in _testcase_wiki_view
    tag.input(type='button', value=_("Open a Ticket on this Test Case"), onclick='creaTicket("'+tc_name+'", "", "", "'+summary+'")'),
TypeError: coercing to Unicode: need string or buffer, NoneType found

[Jun Omae]

Ad hoc patch (untested):

testman4trac/testmanager/wiki.py

@@ -448 +448 @@
 
         tc_id = tc_name.partition('_TC')[2]
         test_case = TestCase(self.env, tc_id, tc_name)
-        summary = test_case.title
+        summary = test_case.title or ''
 
         tcat = TestCatalog(self.env, cat_id)
 
@@ -515 +515 @@
         # the real status will override this value.
         tcip = TestCaseInPlan(self.env, tc_id, planid, tc_name, -1, TestManagerSystem(self.env).get_default_tc_status())
         test_case = TestCase(self.env, tc_id, tc_name)
-        summary = test_case.title
+        summary = test_case.title or ''
 
         tmmodelprovider = GenericClassModelProvider(self.env)
 

However, I think security issue exists in the code, onclick='creaTicket("'+tc_name+'", "", "", "'+summary+'")' has script injection.