Mercurial > p > roundup > code
annotate roundup/version_check.py @ 8356:63390dcfcfe9
bug: fix template use of structure with untrusted data
Looks like an xSS bug with an early version of the template that was
fixed in the code but never in the deployed tracker. It has been a
while since this particular construct has been in the classic template
which is the base for the tracker.
This has been fixed on the deployed tracker as well.
reported by 4bug of ChaMd5 Security Team H1 Group
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 08 Jul 2025 10:23:09 -0400 |
| parents | 9223ed67af05 |
| children | f72381d300a4 |
| rev | line source |
|---|---|
|
449
141aacfdb34f
Centralised the python version check code, bumped version to 2.1.1
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1 #!/usr/bin/env python |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
1090
diff
changeset
|
2 |
|
5321
4566360871dc
Raises python requirement to 2.7.
Bernhard Reiter <bernhard@intevation.de>
parents:
4682
diff
changeset
|
3 # Roundup requires Python 2.7+ as mentioned in doc\installation.txt |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5321
diff
changeset
|
4 from __future__ import print_function |
|
6016
9223ed67af05
flake8 cleanup: move module import before statement.
John Rouillard <rouilj@ieee.org>
parents:
5376
diff
changeset
|
5 import sys |
|
449
141aacfdb34f
Centralised the python version check code, bumped version to 2.1.1
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
6 |
|
6016
9223ed67af05
flake8 cleanup: move module import before statement.
John Rouillard <rouilj@ieee.org>
parents:
5376
diff
changeset
|
7 VERSION_NEEDED = (2, 7) |
|
9223ed67af05
flake8 cleanup: move module import before statement.
John Rouillard <rouilj@ieee.org>
parents:
5376
diff
changeset
|
8 |
|
4682
0c2cad65ebba
version_check.py: Bump required Python version from 2.1.1+ to 2.5+
anatoly techtonik <techtonik@gmail.com>
parents:
4570
diff
changeset
|
9 if sys.version_info < VERSION_NEEDED: |
|
5376
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5321
diff
changeset
|
10 print("Content-Type: text/plain\n") |
|
64b05e24dbd8
Python 3 preparation: convert print to a function.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5321
diff
changeset
|
11 print("Roundup requires Python %s.%s or newer." % VERSION_NEEDED) |
|
449
141aacfdb34f
Centralised the python version check code, bumped version to 2.1.1
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
12 sys.exit(0) |