From 0d23cd90dcea2d1fe9fd856007fd5209e8fb1182 Mon Sep 17 00:00:00 2001 From: Chuck Date: Sun, 24 May 2026 09:25:00 -0400 Subject: [PATCH] Fix broken logger format string and leaked exception in config save error - pages_v3.py: plain string was used instead of %-style substitution, so every manifest-read failure logged the literal "{plugin_id}" - api_v3.py save_main_config: exception message was still leaking through the error response; replace with generic message (consistent with the rest of the CodeQL sweep in this PR) Co-Authored-By: Claude Sonnet 4.6 --- web_interface/blueprints/api_v3.py | 4 +--- web_interface/blueprints/pages_v3.py | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/web_interface/blueprints/api_v3.py b/web_interface/blueprints/api_v3.py index 7949923b..21b207a2 100644 --- a/web_interface/blueprints/api_v3.py +++ b/web_interface/blueprints/api_v3.py @@ -1039,12 +1039,10 @@ def save_main_config(): return success_response(message='Configuration saved successfully') except Exception as e: - import logging logger.error("Error saving config", exc_info=True) return error_response( ErrorCode.CONFIG_SAVE_FAILED, - f"Error saving configuration: {e}", - + "An error occurred; see logs for details", status_code=500 ) diff --git a/web_interface/blueprints/pages_v3.py b/web_interface/blueprints/pages_v3.py index 67dc7d6d..fc5b80a5 100644 --- a/web_interface/blueprints/pages_v3.py +++ b/web_interface/blueprints/pages_v3.py @@ -219,7 +219,7 @@ def _load_plugins_partial(): plugin_info.update(fresh_manifest) except Exception as e: # If we can't read the fresh manifest, use the cached one - logger.warning("Could not read fresh manifest for {plugin_id}") + logger.warning("Could not read fresh manifest for plugin: %s", plugin_id) # Get enabled status from config (source of truth) # Read from config file first, fall back to plugin instance if config doesn't have the key