Mercurial > p > roundup > code
annotate test/test_mailer.py @ 5257:928512faf565
- issue2550864: Potential information leakage via journal/history
Original code didn't fully implement the security checks.
Users with only Edit access on a property were not able to view the
journal entry for the property. This patch fixes that.
Also had additional info leakage: the target object of a link or
multilink must be viewable or editable in order for the journal entry
to be shown. Otherwise the existance of the target is exposed via the
journal while it is blocked from searches, direct access etc.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 27 Aug 2017 00:19:48 -0400 |
| parents | 198b6e810c67 |
| children | bc2e682e0305 |
| rev | line source |
|---|---|
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5037
diff
changeset
|
1 #-*- encoding: utf-8 -*- |
|
4338
94ee533613ac
Attempt to generate more human-readable addresses in email
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 import unittest |
|
94ee533613ac
Attempt to generate more human-readable addresses in email
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3 |
|
94ee533613ac
Attempt to generate more human-readable addresses in email
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 from roundup import mailer |
|
94ee533613ac
Attempt to generate more human-readable addresses in email
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
5 |
|
94ee533613ac
Attempt to generate more human-readable addresses in email
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
6 class EncodingTestCase(unittest.TestCase): |
|
4520
182d8c41a3aa
Fix mailer encoding test:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4338
diff
changeset
|
7 def testEncoding(self): |
|
4338
94ee533613ac
Attempt to generate more human-readable addresses in email
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
8 a = lambda n, a, c, o: self.assertEquals(mailer.nice_sender_header(n, |
|
94ee533613ac
Attempt to generate more human-readable addresses in email
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
9 a, c), o) |
|
4520
182d8c41a3aa
Fix mailer encoding test:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4338
diff
changeset
|
10 a('ascii', 'ascii@test.com', 'iso8859-1', 'ascii <ascii@test.com>') |
|
182d8c41a3aa
Fix mailer encoding test:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4338
diff
changeset
|
11 a(u'café', 'ascii@test.com', 'iso8859-1', |
|
182d8c41a3aa
Fix mailer encoding test:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4338
diff
changeset
|
12 '=?iso8859-1?q?caf=E9?= <ascii@test.com>') |
|
182d8c41a3aa
Fix mailer encoding test:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4338
diff
changeset
|
13 a('as"ii', 'ascii@test.com', 'iso8859-1', '"as\\"ii" <ascii@test.com>') |
|
4338
94ee533613ac
Attempt to generate more human-readable addresses in email
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
14 |
|
94ee533613ac
Attempt to generate more human-readable addresses in email
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
15 # vim: set et sts=4 sw=4 : |