Mercurial > p > roundup > code

annotate website/issues/html/query.item.html @ 6375:c4371ec7d1c0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Call verifyPassword even if user does not exist. Address timing attack caused by not doing the password check if the user doesn't exist. Can expose valid usernames. Really only useful for a tracker that doesn't allow anonymous access to issues. Issues usually show usernames as part of the message display.
author John Rouillard <rouilj@ieee.org>
date Tue, 06 Apr 2021 22:51:55 -0400
parents 578b5294e888
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4024
c2d0d3e9099d svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff changeset
1 <!-- query.item -->
5286
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
2 <span tal:condition="context/is_view_ok" tal:replace="structure
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
3 context/renderQueryForm" />
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
4 <tal:block tal:condition="not:context/is_view_ok">
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
5 <tal:block metal:use-macro="templates/page/macros/icing">
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
6 <title metal:fill-slot="head_title">You can not view query</title>
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
7 <tal:block metal:fill-slot="body_title">
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
8 You can not view query.
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
9 </tal:block>
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
10 <td class="content" metal:fill-slot="content">
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
11 You are not allowed to view <span tal:content="context/_classname"/>
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
12 with id <span tal:content="context/id"/>
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
13 </td>
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
14 </tal:block>
578b5294e888 Update to current classic config. Fixes issue with users being able to
John Rouillard <rouilj@ieee.org>
parents: 4024
diff changeset
15 </tal:block>
Roundup Issue Tracker: http://roundup-tracker.org/