Mercurial > p > roundup > code
annotate website/issues/detectors/newissuecopy.py @ 4880:ca692423e401
Different approach to fix XSS in issue2550817
Encapsulate the error/ok message append method as add_ok_message and
add_error_message. The new approach escapes the messages when appending
-- at a point in the code where we still know where the message comes
from. Escaping is the default but can bei turned off. This also fixes
issue2550836 where certain messages may contain links.
Another advantage of the new fix is that users don't need to change
installed trackers and are secure by default.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Mon, 31 Mar 2014 18:19:23 +0200 |
| parents | b622e150c0ba |
| children | 198b6e810c67 |
| rev | line source |
|---|---|
|
4354
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1 from roundup import roundupdb |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3 def newissuecopy(db, cl, nodeid, oldvalues): |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 ''' Copy a message about new issues to a team address. |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
5 ''' |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
6 # so use all the messages in the create |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
7 change_note = cl.generateCreateNote(nodeid) |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
8 |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
9 # send a copy to the nosy list |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
10 for msgid in cl.get(nodeid, 'messages'): |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
11 try: |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
12 # note: last arg must be a list |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
13 cl.send_message(nodeid, msgid, change_note, |
|
4376
b622e150c0ba
issues: Adding roundup-devel@lists.sourceforge.net to the list of recipients
Bernhard Reiter <ber@users.sourceforge.net>
parents:
4354
diff
changeset
|
14 ['r1chardj0n3s@gmail.com', |
|
b622e150c0ba
issues: Adding roundup-devel@lists.sourceforge.net to the list of recipients
Bernhard Reiter <ber@users.sourceforge.net>
parents:
4354
diff
changeset
|
15 'roundup-devel@lists.sourceforge.net']) |
|
4354
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
16 except roundupdb.MessageSendError, message: |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
17 raise roundupdb.DetectorError, message |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
18 |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
19 def init(db): |
|
81a9eda2a798
I need to know when new issues are created
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
20 db.issue.react('create', newissuecopy) |