Mercurial > p > roundup > code
annotate website/www/code.txt @ 4880:ca692423e401
Different approach to fix XSS in issue2550817
Encapsulate the error/ok message append method as add_ok_message and
add_error_message. The new approach escapes the messages when appending
-- at a point in the code where we still know where the message comes
from. Escaping is the default but can bei turned off. This also fixes
issue2550836 where certain messages may contain links.
Another advantage of the new fix is that users don't need to change
installed trackers and are secure by default.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Mon, 31 Mar 2014 18:19:23 +0200 |
| parents | b77ef61a844e |
| children | 98344ba5e157 |
| rev | line source |
|---|---|
|
4035
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
1 Code |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
2 ==== |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
3 |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
4 Changelog |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
5 ---------- |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
6 |
|
4829
b77ef61a844e
Fix link to CHANGES.txt to avoid file download
anatoly techtonik <techtonik@gmail.com>
parents:
4775
diff
changeset
|
7 The changelog is available as `CHANGES.txt in the SCM repository <https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt>`_. |
|
4035
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
8 |
|
4596
087833b66c77
Adjusted web page "Code" to Mercurial SCM
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4555
diff
changeset
|
9 Browse |
|
4035
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
10 ------ |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
11 |
|
4775
d00a3ede67e4
Changing www/code.txt towards new SF paths.
Bernhard Reiter <bernhard@intevation.de>
parents:
4596
diff
changeset
|
12 `Browse the repository <https://sourceforge.net/p/roundup/code/>`_. |
|
4035
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
13 |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
14 Read-only Access |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
15 ---------------- |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
16 |
|
4596
087833b66c77
Adjusted web page "Code" to Mercurial SCM
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4555
diff
changeset
|
17 Read-only repository access is provided through :: |
|
4035
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
18 |
|
4775
d00a3ede67e4
Changing www/code.txt towards new SF paths.
Bernhard Reiter <bernhard@intevation.de>
parents:
4596
diff
changeset
|
19 hg clone http://hg.code.sf.net/p/roundup/code roundup-code |
|
4035
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
20 |
|
4596
087833b66c77
Adjusted web page "Code" to Mercurial SCM
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4555
diff
changeset
|
21 The URL for the webinterface works, too, but you will see messages about |
|
087833b66c77
Adjusted web page "Code" to Mercurial SCM
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4555
diff
changeset
|
22 redirects to the URL shown here. |
|
4035
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
23 |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
24 Read-write Access |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
25 ----------------- |
|
e4950073153f
Adjust to better sync with roundup docs.
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
26 |
|
4549
bba5b4ec2a63
update to git instructions, thanks John Kristensen
Richard Jones <richard@users.sourceforge.net>
parents:
4248
diff
changeset
|
27 The read/write access uses your SourceForge.net ssh password or ssh key |
|
4596
087833b66c77
Adjusted web page "Code" to Mercurial SCM
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4555
diff
changeset
|
28 to authorize your access. (See `SF's site documentation on Mercurial access |
|
4775
d00a3ede67e4
Changing www/code.txt towards new SF paths.
Bernhard Reiter <bernhard@intevation.de>
parents:
4596
diff
changeset
|
29 <https://sourceforge.net/p/forge/documentation/Mercurial/>`_) :: |
|
4552
68d647848ffc
nicer formatting
Richard Jones <richard@users.sourceforge.net>
parents:
4549
diff
changeset
|
30 |
|
4775
d00a3ede67e4
Changing www/code.txt towards new SF paths.
Bernhard Reiter <bernhard@intevation.de>
parents:
4596
diff
changeset
|
31 hg clone ssh://USERNAME@hg.code.sf.net/p/roundup/code roundup-code |
|
4552
68d647848ffc
nicer formatting
Richard Jones <richard@users.sourceforge.net>
parents:
4549
diff
changeset
|
32 |
|
4248
61241d5e2836
Improving the documentation for svn write access.
Bernhard Reiter <ber@users.sourceforge.net>
parents:
4137
diff
changeset
|
33 Of course a roundup developer must have granted |
|
61241d5e2836
Improving the documentation for svn write access.
Bernhard Reiter <ber@users.sourceforge.net>
parents:
4137
diff
changeset
|
34 you write access first - ask for it on the roundup-devel list. |