Mercurial > p > roundup > code
annotate roundup/__init__.py @ 4088:34434785f308
Plug a number of security holes:
- EditCSV and ExportCSV altered to include permission checks
- HTTP POST required on actions which alter data
- HTML file uploads served as application/octet-stream
- New item action reject creation of new users
- Item retirement was not being controlled
Additionally include documentation of the changes and modify affected tests.
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Thu, 12 Mar 2009 02:25:03 +0000 |
| parents | 5bf05d2b3cf8 |
| children | 4d1fa6e1fe8c |
| rev | line source |
|---|---|
|
213
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
1 # |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
2 # Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/) |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
3 # This module is free software, and you may redistribute it and/or modify |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
4 # under the same terms as Python, so long as this copyright message and |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
5 # disclaimer are retained in their original form. |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
6 # |
| 214 | 7 # IN NO EVENT SHALL BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR |
|
213
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
8 # DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
9 # OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
10 # POSSIBILITY OF SUCH DAMAGE. |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
11 # |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
12 # BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
13 # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
14 # FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS" |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
15 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, |
|
d45384bc6420
Added the copyright/license notice to (nearly) all files...
Richard Jones <richard@users.sourceforge.net>
parents:
127
diff
changeset
|
16 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. |
|
3938
083e280165a8
Pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
3819
diff
changeset
|
17 # |
|
4012
5bf05d2b3cf8
pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
4007
diff
changeset
|
18 # $Id: __init__.py,v 1.54 2008-09-01 01:58:32 richard Exp $ |
|
106
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
19 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
1980
diff
changeset
|
20 '''Roundup - issue tracking for knowledge workers. |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
21 |
|
106
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
22 This is a simple-to-use and -install issue-tracking system with |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
23 command-line, web and e-mail interfaces. |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
24 |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
25 Roundup manages a number of issues (with properties such as |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
26 "description", "priority", and so on) and provides the ability to (a) submit |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
27 new issues, (b) find and edit existing issues, and (c) discuss issues with |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
28 other participants. The system will facilitate communication among the |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
29 participants by managing discussions and notifying interested parties when |
|
3938
083e280165a8
Pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
3819
diff
changeset
|
30 issues are edited. |
|
106
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
31 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
32 Roundup's structure is that of a cake:: |
|
26
c7c14960f413
Final commit of Grande Splite
Richard Jones <richard@users.sourceforge.net>
parents:
25
diff
changeset
|
33 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
34 _________________________________________________________________________ |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
35 | E-mail Client | Web Browser | Detector Scripts | Shell | |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
36 |------------------+-----------------+----------------------+-------------| |
|
3938
083e280165a8
Pre-release stuff
Richard Jones <richard@users.sourceforge.net>
parents:
3819
diff
changeset
|
37 | E-mail User | Web User | Detector | Command | |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
38 |-------------------------------------------------------------------------| |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
39 | Roundup Database Layer | |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
40 |-------------------------------------------------------------------------| |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
41 | Hyperdatabase Layer | |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
42 |-------------------------------------------------------------------------| |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
43 | Storage Layer | |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
44 ------------------------------------------------------------------------- |
|
106
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
45 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
1980
diff
changeset
|
46 1. The first layer represents the users (chocolate). |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
1980
diff
changeset
|
47 2. The second layer is the Roundup interface to the users (vanilla). |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
1980
diff
changeset
|
48 3. The third and fourth layers are the internal Roundup database storage |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
1980
diff
changeset
|
49 mechanisms (strawberry). |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
1980
diff
changeset
|
50 4. The final, lowest layer is the underlying database storage (rum). |
|
106
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
51 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
52 These are implemented in the code in the following manner:: |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
53 |
|
106
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
54 E-mail User: roundup-mailgw and roundup.mailgw |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
55 Web User: cgi-bin/roundup.cgi or roundup-server over |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1227
diff
changeset
|
56 roundup.cgi.client and roundup.cgi.template |
|
106
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
57 Detector: roundup.roundupdb and templates/<template>/detectors |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
58 Command: roundup-admin |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
59 Roundup DB: roundup.roundupdb |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
60 Hyper DB: roundup.hyperdb, roundup.date |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
61 Storage: roundup.backends.* |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
62 |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
63 Additionally, there is a directory of unit tests in "test". |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
64 |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
65 For more information, see the original overview and specification documents |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
66 written by Ka-Ping Yee in the "doc" directory. If nothing else, it has a |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
67 much prettier cake :) |
|
25216cb3ff79
Added some documentation to the roundup package.
Richard Jones <richard@users.sourceforge.net>
parents:
26
diff
changeset
|
68 ''' |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
1980
diff
changeset
|
69 __docformat__ = 'restructuredtext' |
|
26
c7c14960f413
Final commit of Grande Splite
Richard Jones <richard@users.sourceforge.net>
parents:
25
diff
changeset
|
70 |
|
4088
34434785f308
Plug a number of security holes:
Richard Jones <richard@users.sourceforge.net>
parents:
4012
diff
changeset
|
71 __version__ = '1.4.7' |
|
773
6e6c63a57df9
[SF#569415] {version]]
Richard Jones <richard@users.sourceforge.net>
parents:
214
diff
changeset
|
72 |
|
127
0791d13baea7
Added vim command to all source so that we don't get no steenkin' tabs :)
Richard Jones <richard@users.sourceforge.net>
parents:
106
diff
changeset
|
73 # vim: set filetype=python ts=4 sw=4 et si |