Mercurial > p > roundup > code
annotate doc/upgrading.txt @ 8478:ed4ef394d5d6
doc: initial attempt to document setup of pgp support for email.
Used an AI assistant to help write this. Basic gpg commands seem to
work, but I have not tested this totally. Docs basically follow the
setup used for pgp testing in the test suite.
It looks like roundup accepts signed emails as well as encrypted
and signed emails. But it does not generate signed emails.
Also it looks like there is no PGP support for alternate email
addresses. Only primary addresses can do PGP emails.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 15 Nov 2025 16:59:24 -0500 |
| parents | db435e272f26 |
| children | 00aec15117c0 |
| rev | line source |
|---|---|
|
6586
24e2eeb2ed9a
Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents:
6464
diff
changeset
|
1 .. meta:: |
|
6774
e7b4ad2c57ac
landmarks, skiplink, remove bad attrs, autocomplete search
John Rouillard <rouilj@ieee.org>
parents:
6768
diff
changeset
|
2 :description: |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3 Critical documentation for upgrading the Roundup Issue |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
4 Tracker. Actions that must be taken when upgrading from |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
5 one version to another are documented here. |
|
6586
24e2eeb2ed9a
Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents:
6464
diff
changeset
|
6 |
|
6168
de9d602c8ce6
more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents:
6128
diff
changeset
|
7 .. index:: Upgrading |
|
de9d602c8ce6
more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents:
6128
diff
changeset
|
8 |
|
782
6f6eb43d9d86
Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
9 ====================================== |
|
6f6eb43d9d86
Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
10 Upgrading to newer versions of Roundup |
|
6f6eb43d9d86
Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
11 ====================================== |
|
6f6eb43d9d86
Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
12 |
|
7296
c3b0fd62b0b8
Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents:
7281
diff
changeset
|
13 Please read each section carefully and edit the files in your tracker home |
|
2016
2112962f5bb1
Update documentation for the client.py split and add an upgrade notice.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2003
diff
changeset
|
14 accordingly. Note that there is information about upgrade procedures in the |
| 6781 | 15 `administration guide`_ in the `Software Upgrade`_ section. |
|
782
6f6eb43d9d86
Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
16 |
|
7321
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
17 If a specific version transition isn't mentioned here (e.g. 0.6.7 to |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
18 0.6.8) then you don't need to do anything. If you're upgrading from |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
19 0.5.6 to 0.6.8 though, you'll need to apply the "0.5 to 0.6" and |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
20 "0.6.x to 0.6.3" steps. |
|
2273
c77483d2cda4
merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents:
2263
diff
changeset
|
21 |
|
7047
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
22 General steps: |
|
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
23 |
|
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
24 1. Make note of your current Roundup version. |
|
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
25 2. Take your Roundup installation offline (web, email, |
|
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
26 cron scripts, roundup-admin etc.) |
|
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
27 3. Backup your Roundup instance |
|
7296
c3b0fd62b0b8
Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents:
7281
diff
changeset
|
28 4. Install the new version of Roundup (preferably in a new virtual |
|
c3b0fd62b0b8
Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents:
7281
diff
changeset
|
29 environment) |
|
7047
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
30 5. Make version specific changes as described below for |
|
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
31 each version transition. If you are starting at 1.5.0 |
|
7296
c3b0fd62b0b8
Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents:
7281
diff
changeset
|
32 and installing to 2.3.0, you need to make the changes for **all** |
|
7047
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
33 versions starting at 1.5 and ending at 2.3. E.G. |
|
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
34 1.5.0 -> 1.5.1, 1.5.1 -> 1.6.0, ..., 2.1.0 -> 2.2.0, |
|
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
35 2.2.0 -> 2.3.0. |
|
8047
a0876d16e299
doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents:
8046
diff
changeset
|
36 6. Run ``roundup-admin -i <tracker_home> migrate`` using |
|
a0876d16e299
doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents:
8046
diff
changeset
|
37 the newer version of Roundup for the instance you are |
|
a0876d16e299
doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents:
8046
diff
changeset
|
38 upgrading. This will update the database if it is |
|
a0876d16e299
doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents:
8046
diff
changeset
|
39 required. |
|
7047
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
40 7. Bring your Roundup instance back online |
|
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
41 8. Test |
|
d3593cbb8e6f
Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents:
6941
diff
changeset
|
42 |
|
8047
a0876d16e299
doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents:
8046
diff
changeset
|
43 Repeat for each tracker instance. |
|
a0876d16e299
doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents:
8046
diff
changeset
|
44 |
|
7321
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
45 .. note:: |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
46 The v1.5.x releases of Roundup were the last to support |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
47 Python v2.5 and v2.6. Starting with the v1.6 releases of Roundup |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
48 Python version 2.7 that is newer than 2.7.2 is required to run |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
49 Roundup. Starting with Roundup version 2.0.0 we also support Python 3 |
|
8315
3f43db05aa11
docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents:
8300
diff
changeset
|
50 versions newer than 3.6. Roundup version 2.5 supports Python |
|
3f43db05aa11
docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents:
8300
diff
changeset
|
51 3.7 and newer. |
|
4901
fa268ea457db
Add note about dropping support for Python v2.5
John Kristensen <john@jerrykan.com>
parents:
4890
diff
changeset
|
52 |
|
7217
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
53 Recent release notes have the following labels: |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
54 |
|
8045
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
55 * **required** - Roundup will not work properly if these steps are not done |
|
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
56 * **recommended** - Roundup will still work, but these steps can cause |
|
7343
955a4efe9cbc
Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents:
7341
diff
changeset
|
57 security or stability issues if not done. |
|
8045
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
58 * **optional** - new features or changes to existing features you might |
|
7343
955a4efe9cbc
Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents:
7341
diff
changeset
|
59 want to use |
|
8045
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
60 * **info** - important possibly visible changes in how things operate |
|
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
61 |
|
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
62 If you use virtual environments for your installation, you |
|
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
63 can run trackers with different versions of Roundup. So you |
|
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
64 can have one tracker using version 2.2.0 and another tracker |
|
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
65 using version 1.6.1. This allows you to upgrade trackers one |
|
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
66 at a time rather than having to upgrade all your trackers at |
|
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
67 once. Note that downgrading may require restoring your |
|
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
68 database to an earlier version, so make sure you backed up |
|
ab96dcb1beb4
doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents:
8030
diff
changeset
|
69 your database. |
|
7296
c3b0fd62b0b8
Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents:
7281
diff
changeset
|
70 |
|
7321
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
71 .. note:: |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
72 |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
73 This file only includes versions released in the last 10 |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
74 years. If you are upgrading from an older version, start with the |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
75 changes in the `historical migration <upgrading-history.html>`_ |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
76 document. |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
77 |
|
7438
116ea5ce06ab
issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents:
7400
diff
changeset
|
78 .. admonition:: Python 2 Support |
|
116ea5ce06ab
issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents:
7400
diff
changeset
|
79 |
|
116ea5ce06ab
issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents:
7400
diff
changeset
|
80 If you are running Roundup under Python 2, you should make plans to |
|
8071
a4cb4e75d4e9
final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
8064
diff
changeset
|
81 switch to Python 3. Release 2.4.0 (Jul 2024) is the last release to |
|
a4cb4e75d4e9
final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
8064
diff
changeset
|
82 officially support Python 2. The next non-patch release scheduled |
|
a4cb4e75d4e9
final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
8064
diff
changeset
|
83 for 2025 will mark 5 years since Roundup supported Python 3. |
|
7438
116ea5ce06ab
issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents:
7400
diff
changeset
|
84 |
|
7452
bed28b64c581
Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents:
7438
diff
changeset
|
85 .. admonition:: XHTML Support Deprecation Notice |
|
bed28b64c581
Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents:
7438
diff
changeset
|
86 |
|
bed28b64c581
Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents:
7438
diff
changeset
|
87 If you are running a tracker where the ``html_version`` setting in |
|
bed28b64c581
Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents:
7438
diff
changeset
|
88 ``config.ini`` is ``xhtml``, you should plan to change your |
|
bed28b64c581
Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents:
7438
diff
changeset
|
89 templates to use html (HTML5). If you are affected by this, please |
|
bed28b64c581
Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents:
7438
diff
changeset
|
90 send email to the roundup-users mailing list (roundup-users at |
|
8048
3ddc6a7d41de
doc: 2.3.0 is the last version to support xhtml
John Rouillard <rouilj@ieee.org>
parents:
8047
diff
changeset
|
91 lists.sourceforge.net). Version 2.3.0 is the last version to support |
|
3ddc6a7d41de
doc: 2.3.0 is the last version to support xhtml
John Rouillard <rouilj@ieee.org>
parents:
8047
diff
changeset
|
92 XHTML. |
|
7452
bed28b64c581
Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents:
7438
diff
changeset
|
93 |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
94 .. raw:: html |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
95 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
96 <details> |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
97 <summary>Contents:</summary> |
|
4890
609edf9de0a5
docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents:
4880
diff
changeset
|
98 |
|
782
6f6eb43d9d86
Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
99 .. contents:: |
|
4890
609edf9de0a5
docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents:
4880
diff
changeset
|
100 :local: |
|
782
6f6eb43d9d86
Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
101 |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
102 .. raw:: html |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
103 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
104 </details> |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
105 |
|
8411
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
106 .. index:: Upgrading; 2.5.0 to 2.6.0 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
107 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
108 Migrating from 2.5.0 to 2.6.0 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
109 ============================= |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
110 |
|
8446
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
111 Default Logs Include Unique Request Identifier (info) |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
112 ----------------------------------------------------- |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
113 |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
114 The default logging format has been changed from:: |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
115 |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
116 %(asctime)s %(levelname)s %(message)s |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
117 |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
118 to:: |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
119 |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
120 %(asctime)s %(trace_id)s %(levelname)s %(message)s |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
121 |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
122 So logs now look like:: |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
123 |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
124 2025-08-20 03:25:00,308 f6RPbT2s70vvJ2jFb9BQNF DEBUG get user1 cached |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
125 |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
126 which in the previous format would look like:: |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
127 |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
128 2025-08-20 03:25:00,308 DEBUG get user1 cached |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
129 |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
130 The new format includes ``trace_id`` which is a thread and process |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
131 unique identifier for a single request. So you can link together all |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
132 of the log lines and determine where a slow down or other |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
133 problem occurred. |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
134 |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
135 The logging format is now a ``config.ini`` parameter in the |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
136 ``logging`` section with the name ``format``. You can change it if you |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
137 would like the old logging format without having to create a logging |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
138 configuration file. See :ref:`rounduplogging` for details. |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8432
diff
changeset
|
139 |
|
8411
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
140 Support authorized changes in your tracker (optional) |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
141 ----------------------------------------------------- |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
142 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
143 An auditor can require change verification with user's password. |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
144 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
145 When changing sensitive information (e.g. passwords) it is |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
146 useful to ask for a validated authorization. This makes sure |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
147 that the user is present by typing their password. |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
148 |
|
8412
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
149 You can add this to your auditors using the example |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
150 :ref:`sensitive_changes`. |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
151 |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
152 To use this, you must copy ``_generic.reauth.html`` into your |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
153 tracker's html subdirectory. See the classic template directory for a |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
154 copy. If you are using jinja2, see the jinja2 template directory. |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
155 Then you can raise a Reauth exception and have the proper page |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
156 displayed. |
|
8411
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
157 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
158 Also javascript *MUST* be turned on if this is used with a file |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
159 input. If JavaScript is not turned on, attached files are lost during |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
160 the reauth step. Information from other types of inputs (password, |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
161 date, text etc.) do not need JavaScript to work. |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8371
diff
changeset
|
162 |
|
8412
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
163 See :ref:`Confirming the User` in the reference manual for details. |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
164 |
|
8423
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
165 Support for dictConfig Logging Configuration (optional) |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
166 ------------------------------------------------------- |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
167 |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
168 Roundup's basic log configuration via config.ini has always had the |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
169 ability to use an ini style logging configuration to set levels per |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
170 log channel, control output file rotation etc. |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
171 |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
172 With Roundup 2.6 you can use a JSON like file to configure logging |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
173 using `dictConfig |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
174 <https://docs.python.org/3/library/logging.config.html#logging.config.dictConfig>`_. The |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
175 JSON file format as been enhanced to support comments that are |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
176 stripped before being processed by the logging system. |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
177 |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
178 You can read about the details in the :ref:`admin manual <dictLogConfig>`. |
|
94eed885e958
feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
179 |
|
8459
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
180 Fix user.item.html template producing invalid Javascript (optional) |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
181 ------------------------------------------------------------------- |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
182 |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
183 The html template ``page.html`` in the classic, devel, minimal, and |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
184 responsive tracker templates define a ``user_src_input`` macro. This |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
185 macro produces invalid javascript for the ``onblur`` event when used |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
186 by ``user.item.html``. The only effect from this bug is a javascript |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
187 error reported in the user's browser when the user does not have edit |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
188 permissions on the page. It doesn't have any user visible impact. |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
189 |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
190 If you want to fix this, replace:: |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
191 |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
192 tal:attributes="onblur python:edit_ok and 'split_name(this)'; |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
193 |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
194 with:: |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
195 |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
196 tal:attributes="onblur python:'split_name(this)' if edit_ok else ''; |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
197 |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
198 in the ``html/page.html`` file in your tracker. |
|
db435e272f26
fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
199 |
|
8081
95f91b6f0386
issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents:
8071
diff
changeset
|
200 .. index:: Upgrading; 2.4.0 to 2.5.0 |
|
95f91b6f0386
issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents:
8071
diff
changeset
|
201 |
|
95f91b6f0386
issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents:
8071
diff
changeset
|
202 Migrating from 2.4.0 to 2.5.0 |
|
95f91b6f0386
issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents:
8071
diff
changeset
|
203 ============================= |
|
95f91b6f0386
issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents:
8071
diff
changeset
|
204 |
|
8365
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
205 .. _CVE-2025-53865: |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
206 |
|
8359
d98cb4730a4a
docs: relabel/label a couple of headers
John Rouillard <rouilj@ieee.org>
parents:
8357
diff
changeset
|
207 XSS security issue with devel and responsive templates (recommended) |
|
d98cb4730a4a
docs: relabel/label a couple of headers
John Rouillard <rouilj@ieee.org>
parents:
8357
diff
changeset
|
208 -------------------------------------------------------------------- |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
209 |
|
8365
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
210 There are actually two different issues under this heading. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
211 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
212 1. incorrect use of the ``structure`` keyword with |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
213 ``tal:content`` |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
214 2. use of ``tal:replace`` on unsafe input |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
215 |
|
8371
7d1b50c02835
doc: link to security page for link to formal CVE report.
John Rouillard <rouilj@ieee.org>
parents:
8365
diff
changeset
|
216 See the `security page for a link to CVE-2025-53865 |
|
7d1b50c02835
doc: link to security page for link to formal CVE report.
John Rouillard <rouilj@ieee.org>
parents:
8365
diff
changeset
|
217 <security.html#cve-announcements>`_. |
|
7d1b50c02835
doc: link to security page for link to formal CVE report.
John Rouillard <rouilj@ieee.org>
parents:
8365
diff
changeset
|
218 |
|
8365
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
219 In the discussion below, the :term:`html directory` means one or |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
220 more directories listed in the ``templates`` key of your |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
221 tracker's ``config.ini`` file. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
222 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
223 These directions can be used to solve the XSS security issue with |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
224 any version of Roundup. Even if you used a classic or minimal |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
225 template, you should check your trackers for these issues. The |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
226 classic template fixed most of these many years ago, but the |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
227 updates were not made to the devel and responsive templates. No |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
228 report of similar issues with the jinja template has been seen. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
229 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
230 Incorrect use of structure in templates |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
231 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
232 |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
233 The devel and responsive templates prior to Roundup 2.5 used this |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
234 construct:: |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
235 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
236 tal:content="structure context/MUMBLE/plain" |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
237 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
238 Where ``MUMBLE`` is a property of your issues (e.g. title). |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
239 |
|
8365
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
240 This construct allows a URL with a carefully crafted query |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
241 parameter to execute arbitrary JavaScript. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
242 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
243 You should check all your trackers. The classic template has not |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
244 used this construct since at least 2009, but your tracker's |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
245 templates may use the offending construct anyway. |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
246 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
247 This fix will apply if your tracker is based on the responsive or |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
248 devel template. Check the TEMPLATE-INFO.txt file in your tracker |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
249 home. The template name is the first component of the ``Name`` |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
250 field. For example a Name like:: |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
251 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
252 Name: responsive-bugtracker |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
253 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
254 Name: devel-bugtracker |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
255 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
256 shows that tracker is based on the responsive or devel templates. |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
257 |
|
8365
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
258 .. _cve-2025-53865-fixed: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
259 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
260 To fix this, remove the ``structure`` declaration when it is used |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
261 with a plain representation. So fixing the code by replacing the |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
262 example above with:: |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
263 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
264 tal:content="context/MUMBLE/plain" |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
265 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
266 prevents the attack. |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
267 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
268 To check for this issue, search for ``structure`` followed by |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
269 ``/plain`` in all your html templates. If you are on a Linux/Unix |
|
8365
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
270 system you can search the html subdirectory of your tracker with |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
271 the following:: |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
272 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
273 grep 'structure.*/plain' *.html |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
274 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
275 which should return any lines with issues. |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
276 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
277 .. warning:: |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
278 |
|
8365
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
279 Backup the files in the ``html`` subdirectory of your tracker |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
280 in case an edit goes wrong. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
281 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
282 As an example, you could fix this issue using the GNU sed |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
283 command:: |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
284 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
285 sed -i.bak -e '/structure.*\/plain/s/structure.//' *.html |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
286 |
|
8365
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
287 to edit the files in place and remove the structure keyword. It |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
288 will create a ``.bak`` file with the original contents of the |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
289 file. If your templates were changed, this might still miss some |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
290 entries. If you are on windows, some text editors support search |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
291 and replace using a regular expression. |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
292 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
293 If the construct is split across lines:: |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
294 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
295 tal:content="structure |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
296 context/MUMBLE/plain" |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
297 |
|
8365
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
298 the commands above will miss the construct. So you should also |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
299 search the html files using ``grep /plain *.html`` and verify |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
300 that all of the ``context/MUMBLE/plain`` include ``tal:content`` |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
301 as in the `fixed example above <#cve-2025-53865-fixed>`_. Any |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
302 lines that have ``context/MUMBLE/plain`` without ``tal:content=`` |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
303 before it need to be manually verified/fixed. |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
304 |
|
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
305 The distributed devel and responsive templates do not split the |
|
8365
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
306 construct across lines, but if you changed the files it may be |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
307 split. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
308 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
309 tal:replace used with unsafe input |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
310 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
311 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
312 The problem was caused by the following markup:: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
313 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
314 <span tal:replace="context/MUMBLE" /> |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
315 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
316 in the head of the ``bug.item.html``, ``task.item.html`` and |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
317 other files in the devel and responsive templates. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
318 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
319 This was fixed many years ago in the classic template's |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
320 ``index.item.html``. The classic template replaces the above |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
321 construct with:: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
322 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
323 <tal:x tal:content="context/MUMBLE" /> |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
324 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
325 ``tal:content`` explicitly escapes the result unless the |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
326 ``structure`` directive is used. ``tal:replace`` expects the |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
327 result to be safe and usable in an HTML context. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
328 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
329 TAL drops any tags that it doesn't know about from the output. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
330 ``<tal:x tal:content="..." />`` results in the value of the |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
331 content expression without a surrounding html tag. (Effectively |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
332 replacing the construct.) |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
333 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
334 The following diff for ``bug.item.html`` in the devel template |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
335 shows the change to make things safe (remove lines starting with |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
336 ``-`` and add lines staring with ``+``):: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
337 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
338 <tal:block metal:use-macro="templates/page/macros/frame"> |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
339 <title metal:fill-slot="head_title"> |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
340 <tal:block condition="context/id" i18n:translate="" |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
341 - >Bug <span tal:replace="context/id" i18n:name="id" |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
342 - />: <span tal:replace="context/title" i18n:name="title" |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
343 - /> - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker" |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
344 + >Bug <tal:x tal:content="context/id" i18n:name="id" |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
345 + />: <tal:x tal:content="context/title" i18n:name="title" |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
346 + /> - <tal:x tal:content="config/TRACKER_NAME" i18n:name="tracker" |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
347 /></tal:block> |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
348 <tal:block condition="not:context/id" i18n:translate="" |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
349 >New Bug report - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker" |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
350 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
351 A similar change was applied in the following html files in the |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
352 devel or responsive templates: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
353 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
354 .. rst-class:: multicol |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
355 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
356 * _generic.collision.html |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
357 * bug.item.html |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
358 * keyword.item.html |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
359 * milestone.item.html |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
360 * msg.item.html |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
361 * task.item.html |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
362 * user.item.html |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
363 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
364 Also ``page.html`` should be changed from:: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
365 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
366 <p class="label"><b tal:replace="request/user/username">username</b></p> |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
367 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
368 to:: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
369 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
370 <p class="label"><b tal:replace="python:request.user.username.plain(escape=1)">username</b></p> |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
371 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
372 The code audit found the ``tal:replace`` construct is used with |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
373 ``context/id`` and ``context/designator`` paths. The references |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
374 to these paths have been changed to use ``tal:x`` in the classic |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
375 template's ``msg.item.html`` file and the classic and minimal |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
376 template's ``_generic.collision.html`` file. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
377 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
378 These paths are critical to navigation in Roundup and are set |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
379 from the path part of the URL. Roundup's URL path validation |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
380 makes it unlikely that an attacker could exploit them. If you |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
381 wish you can change your templates or copy the corresponding |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
382 files from the template if you haven't made local changes. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
383 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
384 Also you may have used copies of these insecure templates |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
385 elsewhere in your tracker (e.g. to create a feature class). To |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
386 find other possible issues you can use the command:: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
387 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
388 grep -r "tal:replace=" *.html |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
389 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
390 in your tracker's :term:`html directory`. Check each occurrence |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
391 and if needed, change it to the safer form. You should consider |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
392 any reference to ``context`` to be under the user's (attacker's) |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
393 control. Also ``db`` (excluding ``db/config``) and ``request`` |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
394 references that use user supplied content |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
395 (e.g. ``request/user/username`` above) should be changed to |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
396 ``tal:x`` form |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
397 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
398 .. comment: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
399 As part of the analysis, the following command was used to find |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
400 potentially vulnerable stuff in the templates. Each grep -v was |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
401 removed to display items in that category and they were checked:: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
402 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
403 grep -r 'tal:replace' . | grep -v 'replace="batch' | \ |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
404 grep -v 'replace="config' | grep -v 'replace="db/config' | \ |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
405 grep -v 'replace="structure' | grep -v 'replace="python:' | \ |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
406 grep -v 'replace="request/' |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
407 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
408 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
409 context/id, context/designator: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
410 assume safe if used in an class.item.html page as the page |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
411 wouldn't be shown if they weren't valid numbers/designators. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
412 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
413 Might not be ok referenced in a _generic fallback page though. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
414 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
415 config, db/config, batch, nothing: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
416 should be safe as they are not under user control |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
417 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
418 request/classname (python:request._classname), request/template: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
419 should be safe as they are needed to navigate to a display page, |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
420 so if they are invalid nothing will be displayed. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
421 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
422 utils, python: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
423 assume it's written correctly and is safe (could use some new |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
424 tests for the shipped utility functions). The intent of these |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
425 can be to deliver blocks of <script> or other html markup. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
426 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
427 db, request: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
428 might be dangerous when accessing user supplied values. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
429 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
430 request/user/username: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
431 Escape these. If the username is an XSS issue, an attacker could |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
432 use it to compromise a user. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
433 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
434 request/dispname: |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
435 should be quoted and is by the existing python: code. |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
436 |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
437 Open question: why does there have to be an error generated by the |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
438 url @sort=1. Without invalid sort param, the exploit url doesn't |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
439 work and the context appears to use the database's title not the one |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
440 in the url. Also its not positional @sort=1 can appear anywhere in |
|
4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents:
8361
diff
changeset
|
441 the url. |
|
8357
abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents:
8355
diff
changeset
|
442 |
|
8315
3f43db05aa11
docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents:
8300
diff
changeset
|
443 Deprecation Notices (required) |
|
3f43db05aa11
docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents:
8300
diff
changeset
|
444 ------------------------------ |
|
3f43db05aa11
docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents:
8300
diff
changeset
|
445 |
|
3f43db05aa11
docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents:
8300
diff
changeset
|
446 * Support for SQLite version 2 has been removed in 2.5.0. |
|
3f43db05aa11
docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents:
8300
diff
changeset
|
447 * Support for the `PySQLite <https://github.com/ghaering/pysqlite>`_ |
|
3f43db05aa11
docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents:
8300
diff
changeset
|
448 library has been removed in 2.5.0. Only the Python supplied |
|
3f43db05aa11
docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents:
8300
diff
changeset
|
449 sqlite3 library is supported. |
|
3f43db05aa11
docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents:
8300
diff
changeset
|
450 * Roundup 2.5.0 supports Python 3.7 or newer. (It is not tested |
| 8355 | 451 on Python 3.6. It may work but we don't support it.) |
|
8081
95f91b6f0386
issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents:
8071
diff
changeset
|
452 |
|
8124
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
453 Update responsive template _generic.404.html and query.item.html (recommended) |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
454 ------------------------------------------------------------------------------ |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
455 |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
456 This only applies if your tracker is based on the responsive |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
457 template. Check the TEMPLATE-INFO.txt file in your tracker |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
458 home. The template name is the first component of the ``Name`` |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
459 field. For example a Name like:: |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
460 |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
461 Name: responsive-bugtracker |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
462 |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
463 is based on the responsive template. If the Name doesn't start with |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
464 ``responsive`` no changes are needed. |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
465 |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
466 The ``_generic.404.html`` and ``query.item.html`` templates will crash |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
467 when displayed because a missing macro is called. Change:: |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
468 |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
469 <tal:block metal:use-macro="templates/page/macros/icing"> |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
470 |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
471 to:: |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
472 |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
473 <tal:block metal:use-macro="templates/page/macros/frame"> |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
474 |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
475 at the top of both files. The icing macro used in other tracker |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
476 templates was renamed to frame in this tracker template. |
|
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
477 |
|
8218
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
478 Update userauditor.py detector (recommended) |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
479 -------------------------------------------- |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
480 |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
481 When using the REST interface, setting the address property of the |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
482 user to the same value it currently has resulted in an error. |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
483 |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
484 If you have not changed your userauditor, you can copy one from any of |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
485 the supplied templates in the ``detectors/userauditor.py`` file. Use |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
486 ``roundup-admin templates`` to find a list of template directories. |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
487 |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
488 If you have changed your userauditor from the stock version, apply the |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
489 following diff:: |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
490 |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
491 raise ValueError('Email address syntax is invalid |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
492 "%s"'%address) |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
493 |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
494 check_main = db.user.stringFind(address=address) |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
495 + # allow user to set same address via rest |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
496 + if check_main: |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
497 + check_main = nodeid not in check_main |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
498 + |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
499 # make sure none of the alts are owned by anyone other than us (x!=nodeid) |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
500 |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
501 add the lines marked with ``+`` in the file in the location after |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
502 check_main is assigned. |
|
32aaf5dc562b
fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents:
8177
diff
changeset
|
503 |
|
8239
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
504 Modify config.ini password_pbkdf2_default_rounds setting (recommended) |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
505 ---------------------------------------------------------------------- |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
506 |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
507 The method for hashing and storing passwords has been updated to use |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
508 PBKDF2 with SHA512 hash. This change was first introduced in Roundup |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
509 2.3 and is now the standard. If you previously added code in |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
510 interfaces.py for a `PBKDF2 upgrade`_ to enable PBKDF2S5, you can |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
511 remove that code now. |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
512 |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
513 SHA512 is a more secure hash, it requires fewer rounds to ensure |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
514 safety. The older PBKDF2-SHA1 needed around 2 million rounds. |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
515 |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
516 You should update the ``password_pbkdf2_default_rounds`` setting in |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
517 ``config.ini`` to 250000. This value is higher than the OWASP |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
518 recommendation of 210000 from three years ago. If you don’t make this |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
519 change, logins will be slow, especially for REST or XMLRPC calls. |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
520 |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
521 See `PBKDF2 upgrade`_ for details on how to test the algorithm's |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
522 speed. We do not recommend reverting to the older SHA1 PBKDF2. If you |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
523 have to do so due to a slow CPU, you can add the following to your |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
524 tracker's ``interfaces.py``:: |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
525 |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
526 from roundup.password import Password |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
527 ## Use PBDKF2 (PBKDF2-SHA1) as default hash for passwords. |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
528 # That scheme is at the start of the deprecated_schemes list and ha |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
529 # to be removed. |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
530 Password.default_scheme = Password.deprecated_schemes.pop(0) |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
531 # Add PBKDF2S5 (PBKDF2-SHA512) as a valid scheme. Passwords |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
532 # using it will be rehashed to use PBDKF2. |
| 8361 | 533 Password.experimental_schemes.insert(0, "PBKDF2S5") |
|
8239
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
534 |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
535 If you proceed with this, you should set |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
536 ``password_pbkdf2_default_rounds`` to 2 million or more rounds to keep |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
537 your hashed password database secure in case it gets stolen. |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
538 |
|
8237
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
539 Defusedxml support improves XMLRPC security (optional) |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
540 ------------------------------------------------------ |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
541 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
542 This release adds support for the defusedxml_ module. If it is |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
543 installed it will be automatically used. The default xmlrpc module in |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
544 the standard library has known issues when parsing crafted XML. It can |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
545 take a lot of CPU time and consume large amounts of memory with small |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
546 payloads. |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
547 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
548 When the XMLRPC endpoint is used without defusedxml, it will log a |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
549 warning to the log file. The log entry can be disabled by adding:: |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
550 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
551 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
552 from roundup.cgi import client |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
553 client.WARN_FOR_MISSING_DEFUSEDXML = False |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
554 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
555 to the ``interfaces.py`` file in the tracker home. (Create the file if |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
556 it is missing.) |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
557 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
558 XMLRPC access is enabled by default in the classic and other trackers. |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
559 Upgrading to defusedxml is considered optional because the XMLRPC |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
560 endpoint can be disabled in the tracker's ``config.ini``. Also |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
561 ``Xmlrpc Access`` can be removed from the ``Users`` role by commenting |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
562 out a line in ``schema.py``. |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
563 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
564 If you have enabled the xmlrpc endpoint, you should install |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
565 defusedxml. |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
566 |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
567 .. _defusedxml: https://pypi.org/project/defusedxml/ |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8236
diff
changeset
|
568 |
|
8286
6445e63bb423
feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents:
8285
diff
changeset
|
569 Enable use of native date inputs (optional) |
|
6445e63bb423
feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents:
8285
diff
changeset
|
570 ------------------------------------------- |
|
8285
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
571 |
|
8300
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
572 Roundup now can use native ``date`` or ``datetime-local`` inputs for |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
573 ``Date()`` properties. These inputs take the place of the text input and |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
574 calendar popup from earlier Roundup versions. Modern browsers come with |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
575 a built-in calendar for date selection, so the ``(cal)`` calendar link |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
576 is no longer needed. These native inputs show the date based on the |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
577 browser's locale and translate terms into the local language. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
578 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
579 Note that the date format is tied to the language setting in most |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
580 browsers, with some browsers you need special configurations to make the |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
581 browser use the operating system date format. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
582 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
583 By default the old input mechanism (using type=text inputs) is used. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
584 To enable native date input you need to set the config variable :: |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
585 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
586 use_browser_date_input = yes |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
587 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
588 in section ``[web]`` in the ``config.ini`` file. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
589 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
590 If native date input is used, simple uses of the ``field()`` method will |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
591 generate ``datetime-local`` inputs to allow selection of a date and time. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
592 Input fields for ``Date()`` properties will not have the ``(cal)`` link |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
593 anymore. If fields should only use a date (without time) you can specify |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
594 the parameter ``display_time=no`` in ``schema.py`` for a ``Date()`` |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
595 property (the default is ``yes``). This will use ``date`` inputs in the |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
596 generated html to select a date only. If you need this only for a single |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
597 date, the ``field()`` method now has a boolean parameter |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
598 ``display_time`` (which by default is set to the ``display_time`` |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
599 parameter of ``Date()``) |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
600 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
601 Complex uses using a ``format`` specification in ``field()`` will not be |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
602 upgraded and will operate like earlier Roundup versions. In addition the |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
603 ``format`` can now also be specified in the ``Date()`` constructor. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
604 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
605 To upgrade all date properties, there are five changes to make: |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
606 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
607 1. Configure ``use_browser_date_input = yes`` in section ``[web]`` in |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
608 ``config.ini`` |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
609 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
610 2. Optionally add ``display_time = no`` in the schema for Date() |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
611 properties that should have no time displayed |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
612 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
613 3. Remove the format argument from field() calls on Date() |
|
8285
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
614 properties. |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
615 |
|
8300
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
616 4. Remove popcal() calls. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
617 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
618 5. Include datecopy.js in page.html. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
619 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
620 The ``display_time`` option |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
621 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
622 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
623 Both the ``Date()`` constructor and the ``field`` call take a |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
624 ``display_time`` option which by default is ``yes`` in the ``Date()`` |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
625 constructor and ``True`` in ``field``. The ``display_time`` setting of |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
626 ``Date()`` is inherited by the html property, so it doesn't need to be |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
627 specified in each ``field()`` call for this property. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
628 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
629 When ``display_time`` is off, the date field does not include hours, |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
630 minutes or seconds. |
|
8285
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
631 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
632 Remove format argument |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
633 ~~~~~~~~~~~~~~~~~~~~~~ |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
634 |
|
8300
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
635 Speaking of arguments, avoid setting the date ``format`` if you want to |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
636 use native date inputs. If you include the `format` argument in the |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
637 `field` method, it should be removed. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
638 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
639 By default using a format argument will show the |
|
8285
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
640 popup calendar link. You can disable the link by setting |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
641 ``popcal=False`` in the field() call. If you have:: |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
642 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
643 tal:content="structure python:context.duedate.field( |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
644 placeholder='YYYY-MM, format='%Y-%m')" |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
645 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
646 changing it to:: |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
647 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
648 tal:content="structure python:context.duedate.field( |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
649 placeholder='YYYY-MM, format='%Y-%m', |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
650 popcal=False)" |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
651 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
652 will generate the input as in Roundup 2.4 or earlier without a |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
653 popcal link. |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
654 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
655 Remove popcal |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
656 ~~~~~~~~~~~~~ |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
657 |
|
8300
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
658 if you have enabled date input types in the configuration and you |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
659 use the ``popcal()`` method directly in your templates, you |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
660 should remove them. The browser's native date selection calendar should |
|
8285
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
661 be used instead. |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
662 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
663 Add copy/paste/edit on double-click using datecopy.js |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
664 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
665 |
|
8300
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
666 When using date input types, |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
667 there is no way to copy/paste using a native ``datetime-local`` or |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
668 ``date`` input. With the ``datecopy.js`` file installed, double-clicking |
|
8285
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
669 on the input turns it into a normal text input with the ability |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
670 to copy, paste, or manually edit the date. |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
671 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
672 To set this up, take either ``datecopy.js`` or the smaller |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
673 version, ``datecopy.min.js``, from the ``html`` folder of the |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
674 classic tracker template. Put the file in the ``html`` folder of |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
675 your tracker home. |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
676 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
677 After you install the datecopy file, you can add the script |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
678 directly to a page using:: |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
679 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
680 <script tal:attributes="nonce request/client/client_nonce" |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
681 tal:content="structure python:utils.readfile('datecopy.min.js')"> |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
682 </script> |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
683 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
684 or get the file in a separate download using a regular script |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
685 tag:: |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
686 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
687 <script type="text/javascript" src="@@file/datecopy.js"> |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
688 </script> |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
689 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
690 You can place these at the end of ``page.html`` just before the |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
691 close body ``</body>`` tag. This is the method used in the |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
692 classic template. This forces the file to be run for every page |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
693 even those that don't have any date inputs. However, it is cached |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
694 after the first download. |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
695 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
696 Alternatively you can inline or link to it using a script tag |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
697 only on pages that will have a date input. For example |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
698 ``issue.item.html``. |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
699 |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
700 There is no support for activating text mode using the |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
701 keyboard. Tablet/touch support is mixed. Chrome supports |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
702 double-tap to activate text mode input. Firefox does not. |
|
2bf0c4e7795e
fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents:
8277
diff
changeset
|
703 |
|
8346
107761be1e75
docs: issue2551398 document enabling native browser number/integer types
John Rouillard <rouilj@ieee.org>
parents:
8345
diff
changeset
|
704 Enable native number inputs for Number() and Integer() (optional) |
|
8286
6445e63bb423
feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents:
8285
diff
changeset
|
705 ----------------------------------------------------------------- |
|
6445e63bb423
feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents:
8285
diff
changeset
|
706 |
|
8300
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
707 Roundup's ``field()`` method for properties of type ``Number()`` or |
|
8346
107761be1e75
docs: issue2551398 document enabling native browser number/integer types
John Rouillard <rouilj@ieee.org>
parents:
8345
diff
changeset
|
708 ``Integer()`` can use a native browser number input by default. |
|
8300
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
709 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
710 This is configurable for *all* ``Number()`` and ``Integer()`` properties |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
711 with the config option ``use_browser_number_input`` in section ``[web]``. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
712 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
713 You can use the old style text inputs for individual fields |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
714 by calling the field method with ``type="text"``. |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
715 |
|
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
716 Note that the ``Integer()`` type also uses ``step="1"`` by default to |
|
8286
6445e63bb423
feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents:
8285
diff
changeset
|
717 add a stepper control and try to constrain the input to |
|
6445e63bb423
feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents:
8285
diff
changeset
|
718 integers. This can be overridden by passing a new step |
|
8300
b99e76e76496
Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
8286
diff
changeset
|
719 (e.g. ``step="50"``) to the ``field()`` method. |
|
8286
6445e63bb423
feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents:
8285
diff
changeset
|
720 |
|
8346
107761be1e75
docs: issue2551398 document enabling native browser number/integer types
John Rouillard <rouilj@ieee.org>
parents:
8345
diff
changeset
|
721 This is an experiment and maybe changed based on feedback. |
|
107761be1e75
docs: issue2551398 document enabling native browser number/integer types
John Rouillard <rouilj@ieee.org>
parents:
8345
diff
changeset
|
722 |
|
8265
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8262
diff
changeset
|
723 Change in REST response for invalid CORS requests (info) |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8262
diff
changeset
|
724 -------------------------------------------------------- |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8262
diff
changeset
|
725 |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8262
diff
changeset
|
726 CORS_ preflight requests that are missing required headers can |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8262
diff
changeset
|
727 now result in either a 403 or 400 error code. If you permit |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8262
diff
changeset
|
728 anonymous users to access the REST interface, a 400 error may |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8262
diff
changeset
|
729 still occur. Previously, only a 400 error was given. This change |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8262
diff
changeset
|
730 is not expected to create issues since the client will recognize |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8262
diff
changeset
|
731 both codes it as an error response, and the CORS request will |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8262
diff
changeset
|
732 still fail. |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8262
diff
changeset
|
733 |
|
8168
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
734 More secure session cookie handling (info) |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
735 ------------------------------------------ |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
736 |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
737 This affects you if you are accessing a tracker via https. The name |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
738 for the cookie that you get when logging into the web interface has a |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
739 new name. When upgrading to Roundup 2.5 all users will have to to log |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
740 in again. The cookie now has a ``__Secure-`` prefix to prevent it |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
741 from being exposed/used over http. |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
742 |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
743 If your tracker is using the unencrypted http protocol, nothing has |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
744 changed. |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
745 |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
746 See |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
747 https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#cookie_prefixes |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8124
diff
changeset
|
748 for details on this security measure. |
|
8124
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
749 |
|
8177
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
750 Invalid accept header now prevents operation (info) |
|
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
751 --------------------------------------------------- |
|
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
752 |
|
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
753 In earlier versions, the rest interface checked for an incorrect |
|
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
754 "Accept" header, "@apiver", or the ".json" mime type only after |
|
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
755 processing the request. This would lead to a 406 error, but the |
|
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
756 requested change would still be completed. |
|
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
757 |
|
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
758 In this release, the validation of the output format and version |
|
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
759 occurs before any database changes are made. Now, all errors related |
|
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
760 to the data format (mime type, API version) will return 406 errors, |
|
2967f37e73e4
refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents:
8168
diff
changeset
|
761 where some previously resulted in 400 errors. |
|
8124
800c8dd75051
- issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents:
8111
diff
changeset
|
762 |
|
8262
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
763 New method for registering templating utils (info) |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
764 -------------------------------------------------- |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
765 |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
766 If you are building a template utility function that needs access |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
767 to: |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
768 |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
769 * the database |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
770 * the client instance |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
771 * the form the user submitted |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
772 |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
773 you had to pass these objects from the template using the ``db``, |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
774 ``request.client`` or ``request.form`` arguments. |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
775 |
|
8352
6ea309c6d17c
docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents:
8346
diff
changeset
|
776 A new method for registering a template utility has been added. If you |
|
6ea309c6d17c
docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents:
8346
diff
changeset
|
777 use the ``instance`` object's ``registerUtilMethod()`` to register a |
|
6ea309c6d17c
docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents:
8346
diff
changeset
|
778 utility function, you do not need to pass these arguments. The |
|
6ea309c6d17c
docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents:
8346
diff
changeset
|
779 function is called as a method and the first argument is a |
|
6ea309c6d17c
docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents:
8346
diff
changeset
|
780 TemplatingUtils (tu) instance from which the client object |
|
6ea309c6d17c
docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents:
8346
diff
changeset
|
781 (tu.client), the database (tu.client.db), form (tu.client.form), |
|
6ea309c6d17c
docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents:
8346
diff
changeset
|
782 request (tu.client.request), the translator for the current language |
|
6ea309c6d17c
docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents:
8346
diff
changeset
|
783 (tu._) and any functions (tu.X) you registered using |
|
6ea309c6d17c
docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents:
8346
diff
changeset
|
784 ``registerUtil()`` are available. |
|
8262
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
785 |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
786 You can find an example in :ref:`dynamic_csp`. |
|
2a7c3eeaf167
feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents:
8239
diff
changeset
|
787 |
|
8478
ed4ef394d5d6
doc: initial attempt to document setup of pgp support for email.
John Rouillard <rouilj@ieee.org>
parents:
8459
diff
changeset
|
788 .. _gpginstall: |
|
ed4ef394d5d6
doc: initial attempt to document setup of pgp support for email.
John Rouillard <rouilj@ieee.org>
parents:
8459
diff
changeset
|
789 |
|
8359
d98cb4730a4a
docs: relabel/label a couple of headers
John Rouillard <rouilj@ieee.org>
parents:
8357
diff
changeset
|
790 Directions for installing gpg (optional) |
|
d98cb4730a4a
docs: relabel/label a couple of headers
John Rouillard <rouilj@ieee.org>
parents:
8357
diff
changeset
|
791 ---------------------------------------- |
|
8345
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
792 |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
793 In this release a new version of the gpg module was needed for Ubuntu |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
794 24.04 and python 3.13. Paul Schwabauer produced a new version of the |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
795 gpg module. However it is only on the test instance of pypi. If you |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
796 run into issues installing gpg with pip, you can use:: |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
797 |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
798 pip install --index-url https://test.pypi.org/simple/ \ |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
799 --extra-index-url https://pypi.org/simple gpg; |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
800 |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
801 to installed version 2.0 of gpg from test.pypi.org obtaining it's |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
802 requirements from pypi.org. |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
803 |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
804 When `issue2551368 <https://issues.roundup-tracker.org/issue2551368>`_ |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
805 is closed, you should be able to use ``pip install gpg`` again. |
|
35fab0db52f5
docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents:
8315
diff
changeset
|
806 |
|
8081
95f91b6f0386
issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents:
8071
diff
changeset
|
807 .. index:: Upgrading; 2.3.0 to 2.4.0 |
|
6804
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
808 |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
809 Migrating from 2.3.0 to 2.4.0 |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
810 ============================= |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
811 |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
812 Update your ``config.ini`` (required) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
813 ------------------------------------- |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
814 |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
815 Upgrade tracker's config.ini file. Use:: |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
816 |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
817 roundup-admin -i /path/to/tracker updateconfig newconfig.ini |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
818 |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
819 to generate a new ini file preserving all your settings. |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
820 You can then merge any local comments from the tracker's |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
821 ``config.ini`` to ``newconfig.ini`` and replace |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
822 ``config.ini`` with ``newconfig.ini``. |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
823 |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
824 ``updateconfig`` will tell you if it is changing old default |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
825 values or if a value must be changed manually. |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
826 |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
827 This will insert the bad API login rate limiting settings. |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
828 |
|
7964
791b61ed11c9
issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents:
7961
diff
changeset
|
829 Also if you have ``html_version`` set to ``xhtml``, you will get |
|
791b61ed11c9
issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents:
7961
diff
changeset
|
830 an error. |
|
791b61ed11c9
issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents:
7961
diff
changeset
|
831 |
|
8064
d6b447de4f59
docs: set up for release documentation.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
832 .. _CVE-2024-39124: |
|
8062
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
833 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
834 Fix for CVE-2024-39124 in help/calendar popups (recommended) |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
835 ------------------------------------------------------------ |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
836 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
837 Classhelper components accessed via URL using ``@template=help``, |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
838 ``@template=calendar`` or other template frame in the classhelper |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
839 can run JavaScript embedded in the URL. If user clicks on a |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
840 malicious URL that: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
841 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
842 * arrives in an email, |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
843 * is embedded in a note left on a ticket [#markdown-note]_, |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
844 * left on some other web page |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
845 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
846 the JavaScript code will be executed. This vulnerability seems to |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
847 be limited to manually crafted URL's. It has not been generated |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
848 by using Roundup's mechanism for generating classhelper URLs. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
849 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
850 The files that need to be changed to fix this depend on the |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
851 template used to create the tracker. Check the |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
852 TEMPLATE-INFO.txt file in your tracker home. The template |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
853 name is the first component of the ``Name`` field. For |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
854 example trackers with Names like:: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
855 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
856 Name: classic-bugtracker |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
857 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
858 Name: devel-mytracker |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
859 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
860 were derived from the ``classic`` and ``devel`` templates |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
861 respectively. If your tracker is derived from the jinja2 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
862 template, you may not be affected as it doesn't provide |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
863 classhelpers by default. If you aren't sure which tracker |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
864 template was used to create your tracker home, check the |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
865 ``html/help.html`` file for the word ``Javascript``. If your |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
866 help.html is missing the word ``Javascript``, follow the |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
867 directions for the classic template. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
868 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
869 If you have not modified the original tracker html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
870 templates, you can copy replacement files from the new |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
871 templates supplied with release 2.4.0. If you install 2.4.0 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
872 in a `new virtual environment |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
873 <installation.html#standard-installation>`_, you can use the |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
874 command ``roundup-admin templates`` to find the installation |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
875 path of the default templates. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
876 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
877 If your template was based on the classic template, replace the |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
878 following files in your tracker: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
879 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
880 * html/_generic.calendar.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
881 * html/_generic.help-list.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
882 * html/_generic.help-submit.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
883 * html/_generic.help.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
884 * html/user.help-search.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
885 * html/user.help.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
886 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
887 If your template was based on the minimal template, replace the |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
888 following files in your tracker: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
889 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
890 * html/_generic.calendar.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
891 * html/_generic.help.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
892 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
893 If your template was based on the responsive or devel templates, |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
894 replace the following files in your tracker: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
895 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
896 * html/_generic.calendar.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
897 * html/_generic.help-submit.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
898 * html/help.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
899 * html/user.help-search.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
900 * html/user.help.html |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
901 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
902 As an example, assume Roundup's virtual environment is |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
903 ``/tools/roundup``. The classic tracker's default template will |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
904 be in ``/tools/roundup/share/roundup/templates/classic``. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
905 Copy |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
906 ``/tools/roundup/share/roundup/templates/classic/html/_generic.calendar.html`` |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
907 to ``html/_generic.calendar.html`` in your tracker's home |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
908 directory. Repeat for every one of the files that needs to |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
909 be replaced. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
910 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
911 If you have made local changes to your popup/classhelper |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
912 files or have created new help templates based on the |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
913 existing ones, don't copy the default files. Instead, follow |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
914 the directions below to modify each file as needed for your |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
915 template. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
916 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
917 In the examples below, your script tag may differ. For |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
918 example it could include:: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
919 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
920 tal:attributes="nonce request/client/client_nonce" |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
921 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
922 If it does, keep the differences. You want to make changes |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
923 to remove the structure option but keep the rest of the |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
924 valid attributes. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
925 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
926 Most files have a small script that sets a few variables |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
927 from the settings in the URL. You should change:: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
928 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
929 <script language="Javascript" type="text/javascript" |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
930 tal:content="structure string: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
931 // this is the name of the field in the original form that we're working on |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
932 form = window.opener.document.${request/form/form/value}; |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
933 field = '${request/form/property/value}';"> |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
934 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
935 to:: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
936 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
937 <script language="Javascript" type="text/javascript" |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
938 tal:content="string: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
939 // this is the name of the field in the original form that we're working on |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
940 form = window.opener.document.${request/form/form/value}; |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
941 field = '${request/form/property/value}';"> |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
942 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
943 by removing the ``structure`` keyword from the tal:content |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
944 block. This will html escape the settings in the URL. This |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
945 neutralizes an attempt to execute JavaScript by manipulating |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
946 the URL. Most of the files use code similar to this. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
947 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
948 A few files have more extensive JavaScript embedded in the same |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
949 script tag. To handle this you should split it into two scripts |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
950 and encode the replaced strings. For example, change:: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
951 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
952 <script language="Javascript" type="text/javascript" |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
953 tal:content="structure string:<!-- |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
954 // this is the name of the field in the original form that we're working on |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
955 form = parent.opener.document.${request/form/form/value}; |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
956 callingform=form |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
957 field = '${request/form/property/value}'; |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
958 var listform = null |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
959 function listPresent() { |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
960 return document.frm_help.cb_listpresent.checked |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
961 [more code skipped] |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
962 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
963 to:: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
964 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
965 <script language="Javascript" type="text/javascript" |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
966 tal:content="string: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
967 // this is the name of the field in the original form that we're working on |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
968 form = parent.opener.document.${request/form/form/value}; |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
969 callingform=form |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
970 field = '${request/form/property/value}';"> |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
971 </script> |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
972 <script language="Javascript" type="text/javascript" |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
973 tal:content="string: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
974 var listform = null |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
975 function listPresent() { |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
976 return document.frm_help.cb_listpresent.checked |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
977 [...] |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
978 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
979 modifying the original by: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
980 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
981 1. removing the ``structure`` keyword and the HTML comment |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
982 marker ``<!--``. This encodes the replaced strings. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
983 2. adding ``">`` at the end of the line that sets ``field`` closes |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
984 the script tag. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
985 3. adding:: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
986 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
987 </script> |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
988 <script language="Javascript" type="text/javascript" |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
989 tal:content="string: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
990 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
991 after the line used in step 2, to ends the first script and |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
992 starts a new script. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
993 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
994 Just removing the ``structure`` directive is enough to fix the |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
995 bug. Splitting the large script into two parts: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
996 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
997 1. one that has replaced strings with values taken from the URL |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
998 2. one that has no replaced strings |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
999 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1000 allows use of ``structure`` on the script with no replaced |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1001 strings should it be required for your tracker. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1002 |
|
8431
a6c41651f553
doc: reformat markdown-note footnote
John Rouillard <rouilj@ieee.org>
parents:
8423
diff
changeset
|
1003 .. [#markdown-note] If you are using markdown formatting for your |
|
a6c41651f553
doc: reformat markdown-note footnote
John Rouillard <rouilj@ieee.org>
parents:
8423
diff
changeset
|
1004 tracker's notes, the user will see the markdown label rather than |
|
a6c41651f553
doc: reformat markdown-note footnote
John Rouillard <rouilj@ieee.org>
parents:
8423
diff
changeset
|
1005 the long (suspicious) URL. You may want to add something like:: |
|
8062
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1006 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1007 a[href*=\@template]::after { |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1008 content: ' [' attr(href) ']'; |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1009 } |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1010 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1011 to your css. This displays the URL inside square brackets if |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1012 the href has ``@template`` in it. It is placed after the link |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1013 label. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1014 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1015 Fix CVE in earlier versions of Roundup (recommended) |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1016 ---------------------------------------------------- |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1017 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1018 If you are upgrading to version 2.4.0, you can skip this |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1019 section. These fixes are already present in 2.4.0. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1020 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1021 This section is for people who can not upgrade yet, and want |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1022 to fix the issues. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1023 |
|
8064
d6b447de4f59
docs: set up for release documentation.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
1024 .. _CVE-2024-39125: |
|
8062
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1025 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1026 Referer value not escaped CVE-2024-39125 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1027 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1028 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1029 Malicious JavaScript inserted into a page can change the value of |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1030 the Referer header to include a script. If a link on that page |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1031 points to a Roundup tracker, that script will be executed. The |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1032 technique to change the header will result in a change of the URL |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1033 in the browser's address bar, but this is easily missed. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1034 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1035 Fix this by editing ``cgi/client.py``, and change:: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1036 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1037 except (UsageError, Unauthorised) as msg: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1038 csrf_ok = False |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1039 self.form_wins = True |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1040 self._error_message = msg.args |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1041 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1042 to:: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1043 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1044 except (UsageError, Unauthorised) as msg: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1045 csrf_ok = False |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1046 self.form_wins = True |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1047 self.add_error_message(' '.join(msg.args)) |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1048 |
| 8277 | 1049 This escapes the Referer value and prevents it from being |
|
8062
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1050 executed. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1051 |
|
8064
d6b447de4f59
docs: set up for release documentation.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
1052 .. _CVE-2024-39126: |
|
8062
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1053 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1054 Stop JavaScript execution from attached files CVE-2024-39126 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1055 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1056 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1057 If an SVG, XML or PDF file that includes malicious JavaScript is |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1058 attached to an issue, downloading the file will cause the |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1059 JavaScript to run. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1060 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1061 In ``cgi/client.py`` add the Content-Security-Policy line |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1062 after the existing ``nosniff`` line so it looks like:: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1063 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1064 # exception handlers. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1065 self.determine_language() |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1066 self.db.i18n = self.translator |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1067 self.setHeader("X-Content-Type-Options", "nosniff") |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1068 self.setHeader("Content-Security-Policy", "script-src 'none'") |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1069 self.serve_file(designator) |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1070 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1071 (the example is reindented for display). |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1072 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1073 This should prevent SVG and XML files with embedded scripts |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1074 from running. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1075 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1076 If your version of Roundup is old enough that the ``nosniff`` |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1077 line is missing, search for ``serve_file(designator)`` and add |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1078 both setHeader lines. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1079 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1080 .. warning:: |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1081 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1082 If your users use older browsers that don't support Content |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1083 Security Policies (e.g. Internet Explorer), you must |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1084 remove ``text/xml`` and ``image/svg`` from |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1085 ``mime_type_allowlist`` as explained below for |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1086 ``application/pdf``. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1087 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1088 PDF files can also embed JavaScript. Many browsers include |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1089 PDF viewers that may not support disabling scripting. The |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1090 safest way to handle this is to force a download of the PDF |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1091 file and use a PDF viewer with scripting disabled. To force |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1092 downloading, look in ``cgi/client.py`` for |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1093 ``mime_type_allowlist`` and remove the line for |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1094 ``application/pdf``. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1095 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1096 Version 2.4.0 allows you to `modify the mime_type_allowlist |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1097 using interfaces.py |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1098 <admin_guide.html#controlling-browser-handling-of-attached-files>`_. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1099 This will allow you to enable in-browser reading of PDF |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1100 files when you upgrade to 2.4.0 if you wish. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1101 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1102 Note that a `Content Security Policy as documented in the admin |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1103 guide |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1104 <admin_guide.html#adding-a-web-content-security-policy-csp>`_ is |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1105 not applied it to a direct download. This requires adding an |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1106 explicit CSP header as above. |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1107 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1108 .. comment: end of CVE include marker |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1109 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1110 XHTML no longer supported (required) |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1111 ------------------------------------ |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1112 |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1113 If your ``config.ini`` sets ``html_version`` to ``xhtml``, |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1114 you need to change it to ``html``. Then you need to change |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8058
diff
changeset
|
1115 your tracker's templates to html from xhtml. |
|
7964
791b61ed11c9
issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents:
7961
diff
changeset
|
1116 |
|
791b61ed11c9
issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents:
7961
diff
changeset
|
1117 Note that the default Roundup templates use html4 so it is |
|
791b61ed11c9
issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents:
7961
diff
changeset
|
1118 unlikely that your templates are xhtml based. See |
|
791b61ed11c9
issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents:
7961
diff
changeset
|
1119 `issue2551323 |
|
791b61ed11c9
issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents:
7961
diff
changeset
|
1120 <https://issues.roundup-tracker.org/issue2551323>`_ for |
|
791b61ed11c9
issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents:
7961
diff
changeset
|
1121 details on the deprecation of xhtml. |
|
791b61ed11c9
issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents:
7961
diff
changeset
|
1122 |
|
7860
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1123 Update MySQL character set/collations (required) |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1124 ------------------------------------------------ |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1125 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1126 issue2551282_ and issue2551115_ discuss issues with MySQL's utf8 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1127 support. MySQL has variations on utf8 character support. This |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1128 version of Roundup expects to use utf8mb4 which is a version of |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1129 utf8 that covers all characters, not just the ones in the basic |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1130 multilingual plane. Previous versions of Roundup used latin1 or |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1131 utf8mb3 (also known as just utf8). Newer versions of MySQL are |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1132 supposed to make utf8mb4 and not utf8mb3 the default. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1133 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1134 To convert your database, you need to have MySQL 8.0.11 or newer |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1135 (April 2018) and a mysql client. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1136 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1137 .. warning:: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1138 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1139 This conversion can damage your database. Back up your |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1140 database using mysqldump or other tools. Preferably on a quiet |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1141 database. Verify that your database can be restored (or at |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1142 least look up directions for restoring it). This is very |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1143 important. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1144 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1145 We suggest shutting down Roundup's interfaces: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1146 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1147 * web |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1148 * email |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1149 * cron jobs that use Python or roundup-admin |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1150 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1151 then make your backup. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1152 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1153 Then connect to your mysql instance using ``mysql`` with the |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1154 information in ``config.ini``. If your tracker's ``config.ini`` |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1155 includes:: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1156 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1157 name = roundupdb |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1158 host = localhost |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1159 user = roundupuser |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1160 password = rounduppw |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1161 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1162 you would run some version of:: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1163 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1164 mysql -u roundupuser --host localhost -p roundupdb |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1165 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1166 and supply ``rounduppw`` when prompted. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1167 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1168 With the Roundup database quiet, convert the character set for the |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1169 database and then for all the tables. To convert the tables you |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1170 need a list of them. To get this run:: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1171 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1172 mysql -sN -u roundupuser --host localhost -p \ |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1173 -e 'show tables;' roundupdb > /tmp/tracker.tables |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1174 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1175 The ``-sN`` removes line drawing characters and column headers |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1176 from the output. For each table ``<t>`` in the file, run:: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1177 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1178 ALTER TABLE `<t>` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1179 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1180 You can automate this conversion using sed:: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1181 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1182 sed -e 's/^/ALTER TABLE `/' \ |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1183 -e 's/$/` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;/'\ |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1184 /tmp/tracker.tables> /tmp/tracker.tables.sql |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1185 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1186 The backticks "`" are required as some of the table names became |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1187 MySQL reserved words during Roundup's lifetime. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1188 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1189 Inspect ``tracker.tables.sql`` to see if all the lines look |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1190 correct. If so then we can start the conversion. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1191 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1192 First convert the character set for the database by running:: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1193 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1194 mysql -u roundupuser --host localhost -p roundupdb |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1195 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1196 Then at the ``mysql>`` prompt run:: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1197 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1198 ALTER DATABASE roundupdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1199 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1200 you should see: ``Query OK, 1 row affected (0.01 sec)``. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1201 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1202 Now to modify all the tables run: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1203 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1204 \. /tmp/tracker.tables.sql |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1205 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1206 You will see output similar to:: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1207 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1208 Query OK, 5 rows affected (0.01 sec) |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1209 Records: 5 Duplicates: 0 Warnings: 0 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1210 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1211 for each table. The rows/records will depend on the number of |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1212 entries in the table. This can take a while. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1213 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1214 Once you have successfully completed this, copy your tracker's |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1215 config.ini to a backup file. Edit ``config.ini`` to use the defaults: |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1216 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1217 * mysql_charset = utf8mb4 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1218 * mysql_collation = utf8mb4_unicode_ci |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1219 * mysql_binary_collation = utf8mb4_0900_bin |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1220 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1221 Also look for a ``~/.my.cnf`` for the roundup user and make sure |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1222 that the settings for character set (charset) are utf8mb4 compatible. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1223 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1224 To test, run ``roundup-admin -i tracker_home`` and display an |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1225 issue designator: e.g. ``display issue10``. Check that the text |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1226 fields are properly displayed (e.g. title). Start the web |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1227 interface and browse some issues. Again, check that the text |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1228 fields display correctly, that the history at the bottom of the |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1229 issues displays correctly and if you are using the default full |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1230 text search, make sure that that works. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1231 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1232 If this works, bring email cron jobs etc. back online. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1233 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1234 If this fails, take down the web interface, restore the database |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1235 from backup, restore the old config.ini. Then test again and |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1236 reach out to the mailing list for help. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1237 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1238 We can use assistance in getting these directions corrected or |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1239 enhanced. The core Roundup developers don't use MySQL for their |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1240 production workloads so we count on users to help us with this. |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1241 |
|
8030
6d1b62ffbb5d
docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents:
7995
diff
changeset
|
1242 References: |
|
6d1b62ffbb5d
docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents:
7995
diff
changeset
|
1243 |
|
6d1b62ffbb5d
docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents:
7995
diff
changeset
|
1244 * https://mathiasbynens.be/notes/mysql-utf8mb4#utf8-to-utf8mb4 |
|
6d1b62ffbb5d
docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents:
7995
diff
changeset
|
1245 * https://adamhooper.medium.com/in-mysql-never-use-utf8-use-utf8mb4-11761243e434 |
|
6d1b62ffbb5d
docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents:
7995
diff
changeset
|
1246 |
|
7860
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1247 .. _issue2551282: https://issues.roundup-tracker.org/issue2551282 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1248 .. _issue2551115: https://issues.roundup-tracker.org/issue2551115 |
|
8b31893f5930
issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents:
7819
diff
changeset
|
1249 |
|
8058
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1250 Disable spellcheck on all password fields (recommended) |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1251 ------------------------------------------------------- |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1252 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1253 All tracker templates have been updated to disable spell checking on |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1254 password input fields. This can help prevent exposing the password to |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1255 an external server that provides spell checking for a browser. Since |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1256 passwords should not be real words in any language, spell checking |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1257 serves no purpose. |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1258 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1259 If you have modified your template with a "show password" option you |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1260 should disable spell check. |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1261 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1262 To implement this in your deployed trackers, add:: |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1263 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1264 spellcheck="false" |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1265 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1266 to make your password inputs look like:: |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1267 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1268 <input type="password" spellcheck="false" name=....> |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1269 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1270 The changed files in the classic/devel/responsive templates are: |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1271 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1272 .. code-block:: text |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1273 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1274 html/page.html |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1275 html/user.item.html |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1276 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1277 and in the jinja2 template the following files were changed: |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1278 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1279 .. code-block:: text |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1280 |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1281 html/user.item.html |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1282 html/user.register.html |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1283 html/layout/navigation.html |
|
0e382e97f0e3
fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents:
8048
diff
changeset
|
1284 |
|
7971
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1285 Add new classhelper to your templates (optional) |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1286 ------------------------------------------------ |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1287 |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1288 The classic classhelper invoked by the ``(list)`` link in your |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1289 issue.item.html template can be greatly improved by wrapping the |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1290 links with the new web-component based ``roundup-classhelper``. |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1291 |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1292 The new classhelper: |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1293 |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1294 * allows you to select items from multiple pages |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1295 * is usable with a content security policy |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1296 * is more easily styled |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1297 |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1298 To deploy it, install the required files and wrap classhelp calls |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1299 in the new ``<roundup-classhelper>`` component. For example, |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1300 wrap:: |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1301 |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1302 <span tal:condition="context/is_edit_ok" tal:replace="structure |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1303 python:db.user.classhelp('username,realname,address', |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1304 property='nosy', width='600'" /> |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1305 |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1306 so it looks like:: |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1307 |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1308 <roundup-classhelper |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1309 data-search-with="username,phone,roles[]"> |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1310 |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1311 <span tal:condition="context/is_edit_ok" tal:replace="structure |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1312 python:db.user.classhelp('username,realname,address', |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1313 property='nosy', width='600')" /> |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1314 |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1315 </roundup-classhelper> |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1316 |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1317 to allow the user to search by: username, phone number and use a |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1318 select/dropdown to search by role. Full details about the |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1319 attributes and installation instructions can be found in the |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1320 `classhelper documentation`_ in the admin guide. |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1321 |
|
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
1322 |
|
7819
0fe2b9f6e19f
issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents:
7801
diff
changeset
|
1323 Disable performance improvement for wsgi mode (optional) |
|
0fe2b9f6e19f
issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents:
7801
diff
changeset
|
1324 -------------------------------------------------------- |
|
0fe2b9f6e19f
issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents:
7801
diff
changeset
|
1325 |
|
7961
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1326 In Roundup version 2.2.0, an experimental feature was introduced to |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1327 enhance performance while operating in wsgi mode. Initially, this |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1328 feature was disabled. Over the past two years, it has been used at a |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1329 few sites without any reported problems. |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1330 |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1331 As a result, the default setting now enables this performance |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1332 improvement, encouraging a wider adoption of the feature. In the |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1333 event that an undiscovered bug arises, it can still be disabled |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1334 if you experience problems. To disable it, modify your wsgi |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1335 startup script and add the feature_flags to the RequestDispatcher |
|
8360
f6e58615a998
doc: put example in callout using ::
John Rouillard <rouilj@ieee.org>
parents:
8359
diff
changeset
|
1336 as below:: |
|
7819
0fe2b9f6e19f
issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents:
7801
diff
changeset
|
1337 |
|
0fe2b9f6e19f
issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents:
7801
diff
changeset
|
1338 feature_flags = { "cache_tracker": False } |
|
0fe2b9f6e19f
issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents:
7801
diff
changeset
|
1339 app = RequestDispatcher(tracker_home, feature_flags=feature_flags) |
|
0fe2b9f6e19f
issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents:
7801
diff
changeset
|
1340 |
|
7961
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1341 Then restart your wsgi instance. If you have to disable this |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1342 feature, send email to the roundup-users mailing list |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1343 (roundup-users at lists.sourceforge.net) so we can help you |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1344 diagnose the cause and fix it for everybody. |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1345 |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1346 In the future, support for disabling this improvement will be removed. |
|
7819
0fe2b9f6e19f
issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents:
7801
diff
changeset
|
1347 |
|
7686
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1348 Fix duplicate id for confirm password in user.item.html (optional) |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1349 ------------------------------------------------------------------ |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1350 |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1351 The TAL macro ``user_confirm_input`` at the end of ``html/page.html`` |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1352 for all templates except ``jinja2`` sets the ``id`` of the ``Confirm |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1353 password`` input the same as the ``Login Password`` input. This |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1354 creates an HTML error. Two items must not have the same id. |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1355 |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1356 However browsers ignore the error and things still work. If you were |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1357 to use css or javascript to target the ``password`` id, it would not |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1358 work as expected. |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1359 |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1360 To fix this, change the line near the end of your tracker's |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1361 ``html/page.html`` from:: |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1362 |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1363 tal:attributes="id name; name string:@confirm@$name; readonly not:edit_ok" value=""> |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1364 |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1365 to:: |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1366 |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1367 tal:attributes="id string:confirm_$name; name string:@confirm@$name; readonly not:edit_ok" value=""> |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1368 |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1369 This will change the id to ``confirm_password``. |
|
a27f30709d46
fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents:
7668
diff
changeset
|
1370 |
|
7694
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1371 Merge changes from devel template task.index.html (optional) |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1372 ------------------------------------------------------------ |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1373 |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1374 The devel template's ``task.index.html`` has some fields that are not |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1375 defined in the schema. It looks like it was originally copied from the |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1376 ``bug.index.html``. If the task index is requested without specifying |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1377 the columns/fields, the template will crash trying to display |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1378 ``severity`` and other fields that don't exist in the task schema. |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1379 |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1380 In normal use, the left hand menu for tasks always specifies valid |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1381 columns so you may not see this issue. However if you remove the |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1382 ``@columns`` query parameter, you can see the error. |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1383 |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1384 The removed columns are: severity, versions, keywords, dependencies. |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1385 |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1386 It is also missing the ``solves`` field which is added to match the |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1387 schema. |
|
54eb12cd3be1
fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents:
7686
diff
changeset
|
1388 |
|
7961
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1389 `You can see the diff in the Sourceforge web interface <https://sourceforge.net/p/roundup/code/ci/54eb12cd3be143b079809795dcb2f813f75a691c/tree/share/roundup/templates/devel/html/task.index.html?diff=c95870b2bbab822def6066498a4ef8634e76e0b3>`_. |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1390 |
|
7992
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1391 Make group headers span all columns (optional) |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1392 ---------------------------------------------- |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1393 |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1394 In a number of index pages a version of the following TAL command |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1395 appears:: |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1396 |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1397 <th tal:attributes="colspan python:len(request.columns)" class="group"> |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1398 |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1399 If the ``@columns`` parameter (aka request.columns) is not set, |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1400 all columns are shown. However the group header only spans the |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1401 first column. Changing this to read:: |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1402 |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1403 <th tal:attributes="colspan python:len(request.columns) or 100" class="group"> |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1404 |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1405 makes the group header span all the columns (if you have fewer |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1406 than 100 columns). All of the supplied templates hae been |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1407 upgraded with this change. `See issue 2551341 for details |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1408 <https://issues.roundup-tracker.org/issue2551341>`_. |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1409 |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1410 Note the jinja2 template has the same issue, but the development |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1411 team hasn't devised a solution. |
|
1e9c16b079fa
fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents:
7971
diff
changeset
|
1412 |
|
7936
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1413 Use @current_user in Searches (optional) |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1414 ---------------------------------------- |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1415 |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1416 You can create queries like: "My issues" by searching the ``creator`` |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1417 property of issues for your id number. Similarly you can search for |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1418 "Issues assigned to me" by searching on the ``assignedto`` property. |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1419 |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1420 Queries in Roundup can be shared between users. However queries like |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1421 these can be shared. However for any user but they will only find |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1422 issues created by/assigned to the user who created the query. |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1423 |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1424 This release allows you to search Links to the User class by |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1425 specifying ``@current_user``. This token searches for the currently |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1426 log in user. It makes searches like the above usable when shared. |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1427 |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1428 This only works for properties that are a Link to the user |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1429 class. E.G. creator, actor, assignedto. It does not yet work for |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1430 MultiLink properties (like nosy). |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1431 |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1432 As an example this can be deployed to the classic tracker's issue |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1433 search template (issue.search.html), by replacing:: |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1434 |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1435 <option metal:fill-slot="extra_options" i18n:translate="" |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1436 tal:attributes="value request/user/id">created by |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1437 me</option> |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1438 |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1439 with:: |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1440 |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1441 <option metal:fill-slot="extra_options" value="@current_user" |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1442 tal:attributes="selected python:value == '@current_user'" |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1443 i18n:translate="">created by me</option> |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1444 |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1445 There are three places where ``value request/user/id`` is used in the |
|
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1446 classic template. Your template may have more. |
|
7938
ce5a554b2f88
doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7936
diff
changeset
|
1447 |
|
ce5a554b2f88
doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7936
diff
changeset
|
1448 If you have a user with the exact username of `@current_user` they |
|
ce5a554b2f88
doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7936
diff
changeset
|
1449 should change it. `Details can be found in issue1525113 |
|
ce5a554b2f88
doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7936
diff
changeset
|
1450 <https://issues.roundup-tracker.org/issue1525113>`_. |
|
7936
a9b136565838
feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents:
7928
diff
changeset
|
1451 |
|
7719
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1452 New PostgreSQL Settings (optional) |
|
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1453 ---------------------------------- |
|
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1454 |
|
7961
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1455 With this release, you can specify a Postgresql database schema |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1456 to use. By default Roundup creates a database when using |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1457 ``roundup-admin init``. Setting the rdbms ``name`` keyword to |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1458 ``roundup_database.roundup_schema`` will create and use the |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1459 ``roundup_schema`` in the pre-created ``roundup_database``. See |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1460 the `Roundup PostgreSQL documentation`_ for details on how to set |
|
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
1461 up the roles. |
|
7719
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1462 |
|
7723
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1463 Also there is a new configuration keyword in the rdbms |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1464 section of ``config.ini``. The ``service`` keyword allows |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1465 you to define the service name for Postgres that will be |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1466 looked up in the `Connection Service File`_. Any of the |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1467 methods of specifying the file including by using the |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1468 ``PGSERVICEFILE`` environment variable are supported. |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1469 |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1470 This is similar to the existing support for MySQL |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1471 option/config files and groups. |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1472 |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1473 If you use services, any settings for the same properties |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1474 (user, name, password ...) that are in the tracker's |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1475 ``config.ini`` will override the service settings. So you |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1476 want to leave the ``config.ini`` settings blank. E.G.:: |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1477 |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1478 [rdbms] |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
1479 name = |
|
7723
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1480 host = |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
1481 port = |
|
7723
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1482 user = |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1483 password = |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
1484 service = roundup_roundup |
|
7723
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1485 |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1486 Setting ``service`` to ``roundup_roundup`` with |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1487 the following in the service file:: |
|
7719
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1488 |
|
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1489 [roundup_roundup] |
|
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1490 host=127.0.0.1 |
|
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1491 port=5432 |
|
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1492 user=roundup |
|
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1493 password=roundup |
|
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1494 dbname=roundup |
|
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1495 |
|
7723
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1496 would use the roundup database with the specified |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1497 credentials. It is possible to define a service that |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1498 connects to a specific schema using:: |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1499 |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1500 options=-c search_path=roundup_service_dev |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1501 |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1502 Note that the first schema specified after ``search_path=`` |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1503 is created and populated. The schema name |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1504 (``roundup_service_dev``) must be terminated by: a comma, |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1505 whitespace or end of line. |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1506 |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1507 You can use the command ``psql "service=db_service_name"`` |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1508 to verify the settings in the connection file. Inside of |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1509 ``psql`` you can verify the ``search_path`` using ``show |
|
8147f6deac9f
fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents:
7719
diff
changeset
|
1510 search_path;``. |
|
7719
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1511 |
|
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1512 .. _`Connection Service File`: https://www.postgresql.org/docs/current/libpq-pgservice.html |
|
3071db43bfb6
feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents:
7711
diff
changeset
|
1513 |
|
7749
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1514 Update for user.help-search.html (optional) |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1515 ------------------------------------------- |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1516 |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1517 There is a bug in the template used as a search helper for the user |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1518 fields (e.g. the nosy list). The ``properties`` url query argument was |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1519 ignored. You can not select the displayed fields using the |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1520 ``properties`` argument. This is fixed in 2.4.0. You can probably just |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1521 copy the ``user.help-search.html`` from the classic tracker template. |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1522 |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1523 If you have modified that template, you can follow the analysis in |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1524 `issue2551320 <https://issues.roundup-tracker.org/issue2551320>`_ |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1525 to fix your template. |
|
79344ea780ea
doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents:
7724
diff
changeset
|
1526 |
|
7928
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1527 Update for _generic.help.html (optional) |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1528 ---------------------------------------- |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1529 |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1530 Using the ``_generic.help.html`` template with ``classhelper()`` to |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1531 provide information on a property without selecting a property caused |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1532 an error when processing the template. Using the help template with |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1533 Link properties can provide description or other information that the |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1534 user can use to determine the right setting. |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1535 |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1536 If your tracker is based on the minimal or classic tracker and you have |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1537 not changed the _generic.help.html file, you can copy it into place |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1538 from the template directory. |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1539 |
|
c05ea62b4c7a
fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents:
7923
diff
changeset
|
1540 |
|
7905
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7860
diff
changeset
|
1541 Fix static_files use of '-' directory (info) |
|
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7860
diff
changeset
|
1542 -------------------------------------------- |
|
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7860
diff
changeset
|
1543 |
|
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7860
diff
changeset
|
1544 Use of the '-' directory in ``static_files`` config.ini setting now |
|
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7860
diff
changeset
|
1545 works. So it will prevent access to the html directory when using |
|
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7860
diff
changeset
|
1546 ``@@file/`` based url's. |
|
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7860
diff
changeset
|
1547 |
|
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7860
diff
changeset
|
1548 |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1549 Bad Login Rate Limiting and Locking (info) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1550 ------------------------------------------ |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1551 |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1552 Brute force logins have been rate limited in the HTML web interface |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1553 for a while. This was not the case with the API interfaces. |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1554 |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1555 This release introduces rate limiting for invalid REST or XMLRPC API |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1556 logins. As with the web interface, users who have hit the rate limit |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1557 have their accounts locked until after the recommended delay time has |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1558 passed. See `information on configuring the API rate limits`_ for |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1559 details. |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1560 |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1561 .. _`information on configuring the API rate limits`: rest.html#rate-limiting-api-failed-logins |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1562 |
|
7582
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1563 Removal of cgi.py from Python (info) |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1564 ------------------------------------ |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1565 |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1566 The ``cgi.py`` module will be `removed starting with Python 3.13 |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1567 <https://peps.python.org/pep-0594/#cgi>`_. Roundup now `vendors a copy |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1568 <https://pypi.org/project/legacy-cgi/>`_ of ``cgi.py`` and makes it |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1569 and its storage objects available by importing from:: |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1570 |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1571 from roundup.anypy.cgi_ import cgi |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1572 from roundup.anypy.cgi_ import FieldStorage, MiniFieldStorage |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1573 |
| 7959 | 1574 It is unlikely that you will care unless you have done some expert |
|
7582
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1575 level Roundup customization. If you have, use one of the imports above |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1576 if you plan on running on Python 3.13 (expected in 2024) or newer. |
|
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1577 |
|
7668
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1578 Fixing PostgreSQL Out of Memory Errors when Importing Tracker (info) |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1579 -------------------------------------------------------------------- |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1580 |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1581 Importing a tracker into PostgreSQL can run out of memory with the |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1582 error:: |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1583 |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1584 psycopg2.errors.OutOfMemory: out of shared memory |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1585 HINT: You might need to increase max_locks_per_transaction. |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1586 |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1587 before changing your PostgreSQL configuration, try changing the pragma |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1588 ``savepoint_limit`` to a lower value. By default it is set to |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1589 ``10000``. In some cases this may be too high. See the `administration |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1590 guide`_ for further details. |
|
5b41018617f2
fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1591 |
|
7905
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7860
diff
changeset
|
1592 roundup-admin's History Command Produces Readable Output (info) |
|
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7860
diff
changeset
|
1593 --------------------------------------------------------------- |
|
7797
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1594 |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1595 The history command of roundup-admin used to print the raw journal |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1596 data. In this release the default is to produce more human readable |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1597 data. The original output (not pretty printed as below) was:: |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1598 |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1599 [('1', <Date 2013-02-18.20:30:34.125>, '1', 'create', {}), |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1600 ('1', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1601 <Date 2013-02-19.21:24:20.391>, |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1602 '1', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1603 'set', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1604 {'messages': (('+', ['3']),)}), |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1605 ('1', <Date 2013-02-19.21:24:24.797>, '1', 'set', {'priority': '1'}), |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1606 ('1', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1607 <Date 2013-02-20.03:16:52.000>, |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1608 '1', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1609 'link', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1610 ('issue', '2', 'dependson')), |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1611 ('1', <Date 2013-02-21.20:51:40.750>, '1', 'link', ('issue', '2', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1612 'seealso')), |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1613 ('1', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1614 <Date 2013-02-22.05:33:08.875>, |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1615 '1', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1616 'set', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1617 {'dependson': (('+', ['3']),), 'private': None, 'queue': None}), |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1618 ('1', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1619 <Date 2013-02-22.05:33:19.406>, |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1620 '1', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1621 'set', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1622 {'dependson': (('+', ['2']),)}), |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1623 ('1', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1624 <Date 2013-02-27.03:24:42.844>, |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1625 '1', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1626 'unlink', |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1627 ('issue', '2', 'seealso')), |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1628 ... |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1629 |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1630 Now it produces (Each entry is on one line, lines wrapped |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1631 and indented for display):: |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1632 |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1633 admin(2013-02-18.20:30:34) create issue |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1634 admin(2013-02-19.21:24:20) set modified messages: added: msg3 |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1635 admin(2013-02-19.21:24:24) set priority was critical(1) |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1636 admin(2013-02-20.03:16:52) link added issue2 to dependson |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1637 admin(2013-02-21.20:51:40) link added issue2 to seealso |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1638 admin(2013-02-22.05:33:08) set modified dependson: added: issue3; |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1639 private was None; queue was None |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1640 admin(2013-02-22.05:33:19) set modified dependson: added: issue2 |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1641 admin(2013-02-27.03:24:42) unlink removed issue2 from seealso |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1642 ... |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1643 |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1644 |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1645 A few things to note: set operations can either assign a property or |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1646 report a modification of a multilink property. If an assignment |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1647 occurs, the value reported is the **old value** that was there before |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1648 the assignment. It is **not** the value that is assigned. In the |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1649 example above I don't know what the current value of priority is. All |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1650 I know it was set to critical when the issue was created. |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1651 |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1652 Modifications to multilink properties work differently. I know that |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1653 ``msg3`` was present in the messages property after 2013-02-19 at |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1654 21:24:20 UTC. |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1655 |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1656 The history command gets a new optional argument ``raw`` that produces |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1657 the old style output. The old style is (marginally) more useful for |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1658 script automation. |
|
8bdf0484215c
Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents:
7793
diff
changeset
|
1659 |
|
7921
e3975f679bf1
issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents:
7905
diff
changeset
|
1660 Deprecation Notices (info) |
|
e3975f679bf1
issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents:
7905
diff
changeset
|
1661 -------------------------- |
|
e3975f679bf1
issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents:
7905
diff
changeset
|
1662 |
|
e3975f679bf1
issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents:
7905
diff
changeset
|
1663 Support for SQLite version 1 has been removed in 2.4.0. |
|
e3975f679bf1
issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents:
7905
diff
changeset
|
1664 |
| 8046 | 1665 Support for SQLite version 2 will be removed in 2.5.0. |
| 1666 | |
|
7923
29a666d8a70d
issue2551285 - Remove StructuredText support
John Rouillard <rouilj@ieee.org>
parents:
7922
diff
changeset
|
1667 Support for StructuredText has been removed in 2.4.0. Support for |
|
29a666d8a70d
issue2551285 - Remove StructuredText support
John Rouillard <rouilj@ieee.org>
parents:
7922
diff
changeset
|
1668 reStructuredText remains. |
|
29a666d8a70d
issue2551285 - Remove StructuredText support
John Rouillard <rouilj@ieee.org>
parents:
7922
diff
changeset
|
1669 |
|
7922
ded9f1c3f112
announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents:
7921
diff
changeset
|
1670 Support for the `PySQLite <https://github.com/ghaering/pysqlite>`_ |
|
ded9f1c3f112
announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents:
7921
diff
changeset
|
1671 library will be removed in 2.5.0. Only the Python supplied sqlite3 |
|
ded9f1c3f112
announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents:
7921
diff
changeset
|
1672 library will be supported. |
|
ded9f1c3f112
announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents:
7921
diff
changeset
|
1673 |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1674 .. index:: Upgrading; 2.2.0 to 2.3.0 |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7507
diff
changeset
|
1675 |
|
6804
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1676 Migrating from 2.2.0 to 2.3.0 |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1677 ============================= |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1678 |
|
6814
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1679 Update your ``config.ini`` (required) |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1680 ------------------------------------- |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1681 |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1682 Upgrade tracker's config.ini file. Use:: |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1683 |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1684 roundup-admin -i /path/to/tracker updateconfig newconfig.ini |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1685 |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1686 to generate a new ini file preserving all your settings. |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1687 You can then merge any local comments from the tracker's |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1688 ``config.ini`` to ``newconfig.ini`` and replace |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1689 ``config.ini`` with ``newconfig.ini``. |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1690 |
|
7203
12a3cd86668f
auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents:
7166
diff
changeset
|
1691 ``updateconfig`` will tell you if it is changing old default |
|
12a3cd86668f
auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents:
7166
diff
changeset
|
1692 values or if a value must be changed manually. |
|
12a3cd86668f
auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents:
7166
diff
changeset
|
1693 |
|
7132
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1694 Using the roundup-mailgw script (required) |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1695 ------------------------------------------ |
|
7064
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1696 |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1697 In previous versions the roundup-mailgw script had a ``-C`` (or |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1698 ``--class``) option for specifying a class to be used with ``-S`` (or |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1699 ``--set``) option(s). In the latest version the ``-C`` option is gone, |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1700 the class for this option is specified as a prefix, e.g. instead of :: |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1701 |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1702 roundup-mailgw -C issue -S issueprop=value |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1703 |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1704 You now specify :: |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1705 |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1706 roundup-mailgw -S issue.issueprop=value |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1707 |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1708 If multiple values need to be set, this can be achieved with multiple |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1709 ``-S`` options or with delimiting multiple values with a semicolon (in |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1710 that case the string needs to be quoted because semicolon is a shell |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1711 special character):: |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1712 |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1713 roundup-mailgw -S 'issue.issueprop1=value1;issueprop2=value2' |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1714 roundup-mailgw -S issue.issueprop1=value1 -S issue.issueprop2=value2 |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1715 |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1716 are equivalent. Note that the class is provided as a prefix for the |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1717 set-string, not for each property. The class can be omitted altogether |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1718 in which case it defaults to ``msg`` (this default existed in previous |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1719 versions). |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1720 |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1721 If you do not use the ``-C`` (or ``--class``) option in your current |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1722 setup of mailgw you don't need to change anything. |
|
3359dc1dabb0
Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents:
7047
diff
changeset
|
1723 |
|
7132
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1724 Replace Create User permission for Anonymous with Register (required) |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1725 --------------------------------------------------------------------- |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1726 |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1727 Check your trackers schema.py. If you have the following code:: |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1728 |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1729 db.security.addPermissionToRole('Anonymous', 'Create', 'user') |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1730 |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1731 after the permission for Anonymous 'Email Access', change it to:: |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1732 |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1733 db.security.addPermissionToRole('Anonymous', 'Register', 'user') |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1734 |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1735 The comment for Anonymous 'Email Access' may refer to Create. Change |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1736 it to refer to Register. |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1737 |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1738 This will be an issue if you used the devel or responsive tracker |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1739 templates. If you used a classic, minimal or jinja2 template the |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1740 permission change (but not the comment change) should be done already. |
|
c087ad45bf4d
update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents:
7091
diff
changeset
|
1741 |
|
6806
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1742 Rdbms version change from 7 to 8 (required) |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1743 ------------------------------------------- |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1744 |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1745 This release includes a change that requires updates to the |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1746 database schema. |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1747 |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1748 Sessions and one time key (otks) tables in the Mysql and |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1749 PostgreSQL database use a numeric type that |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1750 truncates/rounds expiration timestamps. This results in |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1751 entries being purged early or late (depending on whether |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1752 it rounds up or down). The discrepancy is a couple of |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1753 days for Mysql or a couple of minutes for PostgreSQL. |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
1754 |
|
6806
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1755 Session keys stay for a week or more and CSRF keys are |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1756 two weeks by default. As a result, this isn't usually a |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1757 visible issue. This migration updates the numeric types |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1758 to ones that supports more significant figures. |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1759 |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1760 You should backup your instance and run the |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1761 ``roundup-admin -i <tracker_home> migrate`` |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1762 command for all your trackers once you've |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1763 installed the latest code base. |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1764 |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1765 Do this before you use the web, command-line or mail |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1766 interface and before any users access the tracker. |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1767 |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1768 If successful, this command will respond with either |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1769 "Tracker updated" (if you've not previously run it on an |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1770 RDBMS backend) or "No migration action required" (if you |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1771 have run it, or have used another interface to the tracker, |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1772 or are using anydbm). |
|
bdd28b244839
- issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents:
6804
diff
changeset
|
1773 |
|
6814
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1774 Session/OTK data storage for SQLite backend changed (required) |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1775 -------------------------------------------------------------- |
|
6804
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1776 |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1777 Roundup stores a lot of ephemeral data: |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1778 |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1779 * login session tokens, |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1780 * rate limits |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1781 * password reset attempt tokens |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1782 * one time keys |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1783 * and anti CSRF keys. |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1784 |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1785 These were stored using dbm style files while the main data |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1786 is stored in a SQLite db. Using both dbm and sqlite style |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1787 files is surprising and due to how we lock dbm files can be |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1788 a performance issue. |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1789 |
|
6814
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1790 However you can continue to use the dbm files by setting the |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1791 ``backend`` option in the ``[sessiondb]`` section of |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1792 ``config.ini`` to ``anydbm``. |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1793 |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1794 If you do not change the setting, two sqlite databases |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1795 called ``db-otk`` and ``db-session`` replace the dbm |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1796 databases. Once you make the change the old ``otks`` and |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1797 ``sessions`` dbm databases can be removed. |
|
6804
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1798 |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1799 Note this replacement will require users to log in again and |
|
6814
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1800 refresh web pages to save data. It is best if people save |
|
6804
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1801 all their changes and log out of Roundup before the upgrade |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1802 is done to minimize confusion. Because the data is |
|
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1803 ephemeral, there is no plan to migrate this data to the new |
|
6814
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1804 SQLite databases. If you want to keep using the data set the |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1805 ``sessiondb`` ``backend`` option as described above. |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1806 |
|
7166
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1807 Update ``config.ini``'s ``password_pbkdf2_default_rounds`` (required) |
|
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1808 --------------------------------------------------------------------- |
|
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1809 |
|
7375
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1810 Roundup hashes passwords using PBKDF2 with SHA1. In this release, you |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
1811 can `upgrade to PBKDF2-SHA512 from current PBKDF2-SHA1 (recommended)`_. If you |
|
7375
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1812 upgrade, you want to set the default rounds according to the |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1813 PBKDF2-SHA512 upgrading directions. Note that this algorithm is |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1814 expected to be the default in a future version of Roundup. |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1815 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1816 If you don't want to upgrade, we recommend that you increase the |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1817 default number of rounds from the original 10000. PBKDF2 has a |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1818 parameter that makes hashing a password more difficult to do. The |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1819 original 10000 value was set years ago. It has not been updated for |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1820 advancements in computing power. |
|
7166
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1821 |
|
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1822 This release of Roundup changes the value to 2000000 (2 |
|
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1823 million). This exceeds the current `recommended setting of |
|
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1824 1,300,000`_ for PBKDF2 when used with SHA1. |
|
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1825 |
|
7375
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1826 .. caution:: |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1827 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1828 If you were using the old 10000 value, **it will be automatically |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1829 upgraded** to 2 million by using ``roundup-admin``'s |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1830 ``updateconfig``. If you were not using the old 10000 default, you |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1831 should update it manually. |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1832 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1833 After the change users will still be able to log in using the older |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1834 10000 round hashed passwords. If ``migrate_passwords`` is set to |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1835 ``yes``, passwords will be automatically re-hashed using the new |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1836 higher value when the user logs in. If |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1837 ``password_pbkdf2_default_rounds`` is set to a lower value than was |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1838 used to hash a password, the password will not be rehashed so the |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1839 higher value will be kept. The lower value will be used only if the |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1840 password is changed using the web or command line. |
|
7166
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1841 |
|
7209
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1842 Increasing the number of rounds will slow down re-hashing. That's the |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1843 whole point. Sadly it will also slow down logins. Usually the hash |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1844 takes under 1 second, but if you are using a slow chip (e.g. an ARM V6 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1845 at 700 bogo mips) it can take 30 seconds to compute the 2000000 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1846 rounds. The slowdown is linear. So what takes .001 seconds at 10000 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1847 rounds will take: ``2000000/10000 * .001 = 200 * .001`` seconds or 0.2 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1848 seconds. |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1849 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1850 You can see how long it will take by using the new ``roundup-admin`` |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1851 ``perftest`` command. After you have finished migrating your database, |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1852 run:: |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1853 |
|
7375
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1854 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2 rounds=10000 |
|
7209
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1855 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1856 and then:: |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1857 |
|
7375
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1858 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2 rounds=2,000,000 |
|
7209
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1859 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1860 so see the difference. Output from this command looks like:: |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1861 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1862 Hash time: 0.203151849s scheme: PBKDF2 rounds: 10000 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1863 |
|
7375
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1864 If your testing reports a hash time above 0.5 seconds for 10000 |
|
7209
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1865 rounds, there may be another issue. See if executing:: |
|
7166
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1866 |
|
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1867 python3 -c 'from hashlib import pbkdf2_hmac' |
|
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1868 |
|
7209
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1869 produces an error. |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1870 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1871 If you get an ImportError, you are using Roundup's fallback PBKDF2 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1872 implementation. It is much slower than the library version. As a |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1873 result re-encrypting the password (and logging in, which requires |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1874 calculating the encrypted password) will be very slow. |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1875 |
|
c1227f883177
Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents:
7203
diff
changeset
|
1876 You should find out how to make the import succeed. You may need to |
|
7166
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1877 install an OS vendor package or some other library. |
|
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1878 |
|
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1879 .. _recommended setting of 1,300,000: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 |
|
1549c7e74ef8
issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
1880 |
|
8239
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
1881 .. _PBKDF2 upgrade: |
|
6bd11a73f2ed
issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
1882 |
|
7375
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1883 Upgrade to PBKDF2-SHA512 from current PBKDF2-SHA1 (recommended) |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1884 --------------------------------------------------------------- |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1885 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1886 We recommend that you upgrade to using PBKDF2-SHA512 for hashing your |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1887 passwords. This is a more secure method than the old PBKDF2 (with |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1888 SHA1). Because the algorithm is more secure, it uses a smaller value |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1889 for ``password_pbkdf2_default_rounds``. Setting |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1890 ``password_pbkdf2_default_rounds`` to ``250000`` exceeds the current |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1891 `recommended setting of 210,000`_ iterations for PBKDF2 when used with |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1892 SHA512. |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1893 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1894 You can see how long this takes to calculate on your hardware using |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1895 ``roundup-admin``'s perftest command. For example:: |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1896 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1897 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2S5 rounds=250,000 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1898 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1899 produces:: |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1900 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1901 Hash time: 0.161892945 seconds, scheme: PBKDF2S5, rounds: 250000 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1902 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1903 Any increase in the number of rounds will cause the password to |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1904 automatically be rehashed to the higher value the next time the user |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1905 logs in via the web interface. Changing the number of rounds to a |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1906 **lower** value will not trigger a rehash during login unless the |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1907 scheme is also being changed. The lower number will be used only when |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1908 the password is explicitly changed using the web interface or the |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1909 command line (``roundup-admin`` for example). |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1910 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1911 Change the default hashing scheme by adding the following lines to |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1912 |the interfaces.py file|_ in your tracker home:: |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1913 |
|
7711
0c855080794e
doc: fix PBKDF2 SHA512 implementation example.
John Rouillard <rouilj@ieee.org>
parents:
7694
diff
changeset
|
1914 from roundup.password import Password |
|
7375
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1915 ## Use PBDKF2S5 (PBKDF2-SHA512) for passwords. Re-hash old PBDFK2 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1916 # Force password with scheme PBKDF2 (SHA1) to get re-hashed |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1917 Password.deprecated_schemes.insert(0, Password.known_schemes[0]) |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1918 # choose PBKDF2S5 as the scheme to use for rehashing. |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1919 Password.default_scheme = Password.experimental_schemes[0] |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1920 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1921 You may need to create the ``interfaces.py`` file if it doesn't exist. |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1922 In the future, when the default hash is changed to PBKDF2S5, upgrade |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1923 directions will include instructions to remove these lines and |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1924 the file ``interfaces.py`` if it becomes empty. |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1925 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1926 You can verify that PBKDF2S5 is used by default by running:: |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1927 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1928 roundup-admin -i <tracker_home> perftest password rounds=250,000 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1929 |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
1930 and verify that the scheme is PBKDF2S5. |
|
7375
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1931 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1932 .. _the interfaces.py file: |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1933 reference.html#interfaces-py-hooking-into-the-core-of-roundup |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1934 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1935 .. |the interfaces.py file| replace:: the ``interfaces.py`` file |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1936 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1937 .. _recommended setting of 210,000: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 |
|
9bd7ed918121
issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents:
7354
diff
changeset
|
1938 |
|
7217
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1939 jQuery updated with updates to user.help.html (recommended) |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1940 ----------------------------------------------------------- |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1941 |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1942 The devel and responsive templates shipped with an old version of |
| 7275 | 1943 jQuery. According to automated tests, it may have a security issue. It |
|
7217
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1944 has been updated to the current version: 3.6.3. If your tracker is |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1945 based on one of these templates (see the ``TEMPLATE-INFO.txt`` file in |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1946 your tracker), remove the old ``html/jquery.js`` file from your |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1947 tracker and copy the new ``jquery-3.6.3.js`` file from the template |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1948 directory to your tracker's ``html`` directory. Also copy in the new |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1949 ``user.help.html`` file. It now references the new ``jquery-3.6.3.js`` |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1950 file. |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1951 |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
1952 |
|
6814
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1953 Session/OTK data storage using Redis (optional) |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1954 ----------------------------------------------- |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1955 |
|
6819
1319ab13f286
redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents:
6814
diff
changeset
|
1956 You can store your ephemeral data in a Redis database. This |
|
1319ab13f286
redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents:
6814
diff
changeset
|
1957 provides significantly better performance for ephemeral data |
|
1319ab13f286
redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents:
6814
diff
changeset
|
1958 than SQLite or dbm files. See the section `Using Redis for |
|
1319ab13f286
redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents:
6814
diff
changeset
|
1959 Session Databases`_ in the `administration guide`_ |
|
6814
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1960 |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1961 |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1962 .. _Using Redis for Session Databases: |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
1963 admin_guide.html#using-redis-for-session-databases |
|
6804
25d08e15e3b4
issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents:
6781
diff
changeset
|
1964 |
|
6930
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1965 New SQLite databases created with WAL mode journaling (optional) |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1966 ---------------------------------------------------------------- |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1967 |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1968 By default, SQLite databases use a rollback journal when |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1969 writing an update. The rollback journal stores a copy of the |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1970 data from before the update. One downside of this is that |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1971 all reads have to be suspended while a write is |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1972 occurring. SQLite has an alternate way of insuring ACID |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1973 compliance by using a WAL (write ahead log) journal. |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1974 |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1975 Version 2.3.0 of Roundup, creates new SQLite databases using |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1976 WAL journaling. With WAL, a writer does not block readers |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1977 and readers do not block writing an update. This keeps |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1978 Roundup accessible even under a heavy write load (e.g. when |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1979 bulk loading data or automated updates via REST). |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1980 |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1981 If you want to convert your existing SQLite db to WAL mode: |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1982 |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1983 1. check the current journal mode on your database |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1984 using:: |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1985 |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1986 sqlite3 <tracker_home>/db/db "pragma journal_mode;" |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1987 |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1988 2. If it returns ``delete``, change it to WAL mode using:: |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1989 |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1990 sqlite3 <tracker_home>/db/db "pragma journal_mode=WAL;" |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
1991 |
|
6930
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1992 3. verify by running the command in step 1 again and you |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1993 should get ``wal``. |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1994 |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1995 If you are using SQLite for session and otk databases, |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1996 perform the same steps replacing ``db`` with ``db-session`` |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1997 and ``db-otk``. |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1998 |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
1999 If you find WAL mode is not working for you, you can set the |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
2000 journal method to a rollback journal (``delete`` mode) by |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
2001 using step 2 and replacing ``wal`` with ``delete``. (Note: |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
2002 SQLite supports other journaling modes, but only ``wal`` and |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
2003 ``delete`` persist. Roundup doesn't set a journaling mode |
| 7396 | 2004 when it opens the database, so journaling mode options such |
| 2005 as ``truncate`` are not useful.) | |
|
6930
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
2006 |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
2007 For details on WAL mode see `<https://www.sqlite.org/wal.html>`_ |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
2008 and `<https://www.sqlite.org/pragma.html#pragma_journal_mode>`_. |
|
a96a239db0d9
Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents:
6819
diff
changeset
|
2009 |
|
7217
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
2010 Change in processing allowed_api_origins setting (info) |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
2011 ------------------------------------------------------- |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2012 |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2013 In this release you can use both ``*`` (as the first origin) and |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
2014 explicit origins in the ``allowed_api_origins`` setting in |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2015 ``config.ini``. (Before it was only one or the other.) |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2016 |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2017 You do not need to use ``*``. If you do, it allows any client |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2018 anonymous (unauthenticated) access to the Roundup tracker. This |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2019 is the same as browsing the tracker without logging in. If they |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2020 try to provide credentials, access to the data will be denied by |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2021 `CORS`_. |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2022 |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2023 If you include explicit origins (e.g. \https://example.com), |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2024 users from those origins will not be blocked if they use |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2025 credentials to log in. |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2026 |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2027 .. _CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7138
diff
changeset
|
2028 |
|
7217
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
2029 Change in processing of In-Reply_to email header (info) |
|
1f3418a3fd3e
Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents:
7209
diff
changeset
|
2030 ------------------------------------------------------- |
|
6941
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2031 |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2032 Messages received via email usually include a ``[issue23]`` |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2033 designator in the subject line. This indicates what issue is |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2034 being updated. If the designator is missing, Roundup tries |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2035 to find the correct issue by using the in-reply-to email |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2036 header. |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2037 |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2038 The former code appends the new message to the first issue |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2039 found with a message matching the in-reply-to |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2040 header. Usually a message is associated with only one |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2041 issue. However nothing in Roundup requires that. |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2042 |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2043 In this release, the in-reply-to matching is disabled if |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2044 there are multiple issues with the same message. In this |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2045 case, subject matching is used to try to find the matching |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2046 issue. |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2047 |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2048 If you don't have messages assigned to multiple issues you |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2049 will see no change. If you do have multi-linked messages |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2050 this will hopefully result in better message->issue |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2051 matching. |
|
bd2c3b2010c3
issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents:
6930
diff
changeset
|
2052 |
|
7400
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2053 Incremental/batch full test reindexing with roundup-admin (info) |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2054 ---------------------------------------------------------------- |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2055 |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2056 The ``reindex`` command in ``roundup-admin`` can reindex |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2057 a range of items. For example:: |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2058 |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2059 roundup-admin -i ... reindex issues:1-1000 |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2060 |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2061 will reindex only the first 1000 issues. This is useful since |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2062 reindexing can take a while and slow down the tracker. By running |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2063 it in batches you can control when the reindex runs rather than having |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2064 to wait for it to complete all the reindexing. See the man page or |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2065 `administration guide`_ for details. |
|
d364ef1d66c2
doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents:
7396
diff
changeset
|
2066 |
| 6775 | 2067 .. index:: Upgrading; 2.1.0 to 2.2.0 |
|
6248
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2068 |
| 6698 | 2069 Migrating from 2.1.0 to 2.2.0 |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6456
diff
changeset
|
2070 ============================= |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6456
diff
changeset
|
2071 |
|
6688
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2072 Update your ``config.ini`` (required) |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2073 ------------------------------------- |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2074 |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2075 Upgrade tracker's config.ini file. Use:: |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2076 |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2077 roundup-admin -i /path/to/tracker updateconfig newconfig.ini |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2078 |
|
6814
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
2079 to generate a new ini file preserving all your settings. |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
2080 You can then merge any local comments from the tracker's |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
2081 ``config.ini`` to ``newconfig.ini`` and replace |
|
3f60a71b0812
Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents:
6806
diff
changeset
|
2082 ``config.ini`` with ``newconfig.ini``. |
|
6688
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2083 |
|
6590
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2084 Rdbms version change from 6 to 7 (required) |
|
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2085 ------------------------------------------- |
|
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2086 |
|
6599
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2087 This release includes two changes that require updates to the database |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2088 schema: |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2089 |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2090 1. The size of words included in the Roundup FTS indexers have been |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2091 increased from 25 to 50. This requires changes to the database |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2092 columns used by the native indexer. This also affect the whoosh |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2093 and xapian indexers. |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2094 2. Some databases that include native full-text search (native-fts |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2095 indexer) searching are now supported. |
|
6590
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2096 |
|
6780
f1af67bf8fae
doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents:
6775
diff
changeset
|
2097 You should run the ``roundup-admin -i <tracker_home> migrate`` command |
|
f1af67bf8fae
doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents:
6775
diff
changeset
|
2098 for all your trackers once you've installed the latest codebase. |
|
6590
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2099 |
|
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2100 Do this before you use the web, command-line or mail interface |
|
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2101 and before any users access the tracker. |
|
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2102 |
|
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2103 If successful, this command will respond with either "Tracker |
|
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2104 updated" (if you've not previously run it on an RDBMS backend) or |
|
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2105 "No migration action required" (if you have run it, or have used |
|
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2106 another interface to the tracker, or are using anydbm). |
|
39308a49fdc3
Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents:
6589
diff
changeset
|
2107 |
|
6780
f1af67bf8fae
doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents:
6775
diff
changeset
|
2108 See `below if you want to enable native-fts searching`_. |
|
f1af67bf8fae
doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents:
6775
diff
changeset
|
2109 |
|
f1af67bf8fae
doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents:
6775
diff
changeset
|
2110 .. _below if you want to enable native-fts searching: \ |
|
6599
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2111 #enhanced-full-text-search-optional |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2112 |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2113 The increase in indexed word length also affects whoosh and xapian |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2114 backends. You may want to run ``roundup-admin -i tracker_home |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2115 reindex`` if you want to index or search for longer words in your full |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2116 text searches. Re-indexing make take some time. |
|
39189dd94f2c
issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents:
6591
diff
changeset
|
2117 |
|
6688
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2118 Check new login_empty_passwords setting (required) |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2119 -------------------------------------------------- |
|
6684
9ca5cbffa0c4
Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents:
6626
diff
changeset
|
2120 |
|
9ca5cbffa0c4
Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents:
6626
diff
changeset
|
2121 In this version of Roundup, users with a blank password are not |
|
9ca5cbffa0c4
Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents:
6626
diff
changeset
|
2122 allowed to login. Blank passwords have been allowed since 2002, but |
|
9ca5cbffa0c4
Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents:
6626
diff
changeset
|
2123 2022 is a different time. If you have a use case that requires a user |
|
9ca5cbffa0c4
Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents:
6626
diff
changeset
|
2124 to login without a password, set the ``login_empty_passwords`` setting |
|
6688
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2125 in the ``web`` section of ``config.ini`` to ``yes``. In |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2126 general this should be left at its default value of ``no``. |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2127 |
|
7724
68c04cc8edf7
More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
7723
diff
changeset
|
2128 Verify that SQLite supports FTS5 (required) |
|
68c04cc8edf7
More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
7723
diff
changeset
|
2129 ------------------------------------------- |
|
68c04cc8edf7
More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
7723
diff
changeset
|
2130 |
|
68c04cc8edf7
More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
7723
diff
changeset
|
2131 If you use SQLite as your backend, it *must* support FTS5. See the |
|
68c04cc8edf7
More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
7723
diff
changeset
|
2132 `FTS5 testing steps`_ for how to verify this. |
|
68c04cc8edf7
More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
7723
diff
changeset
|
2133 |
|
68c04cc8edf7
More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
7723
diff
changeset
|
2134 .. _FTS5 testing steps: installation.html#fts5-testing |
|
68c04cc8edf7
More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
7723
diff
changeset
|
2135 |
|
6688
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2136 Check allowed_api_origins setting (optional) |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2137 -------------------------------------------- |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2138 |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2139 If you are using the REST or xmlrpc api's from an origin |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2140 that is different from your roundup tracker, you will need |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2141 to add your allowed origins to the allowed_api_origins in |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2142 your updated ``config.ini``. Upgrade your ``config.ini`` as |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2143 described above then read the documentation for the setting |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2144 in ``config.ini``. |
|
6684
9ca5cbffa0c4
Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents:
6626
diff
changeset
|
2145 |
|
6589
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2146 Check compression settings (optional) |
|
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2147 ------------------------------------- |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6456
diff
changeset
|
2148 |
|
6591
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
2149 Read the `administration guide`_ section on `Configuring Compression`_. |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6456
diff
changeset
|
2150 |
|
6688
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2151 Upgrade your tracker's config.ini as described |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2152 above. Compare the old and new files and configure new |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2153 compression settings as you want. Then replace |
|
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
2154 ``config.ini`` with the ``newconfig.ini`` file. |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6456
diff
changeset
|
2155 |
|
6589
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2156 Search added to user index page (optional) |
|
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2157 ------------------------------------------ |
|
6464
28461636e249
issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents:
6458
diff
changeset
|
2158 |
|
28461636e249
issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents:
6458
diff
changeset
|
2159 A search form and count of number of hits has been added to the |
|
28461636e249
issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents:
6458
diff
changeset
|
2160 ``user.index.html`` template page in the classic template. You may |
|
28461636e249
issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents:
6458
diff
changeset
|
2161 want to merge the search form and footer into your template. |
|
28461636e249
issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents:
6458
diff
changeset
|
2162 |
|
6589
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2163 Enhanced full-text search (optional) |
|
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2164 ------------------------------------ |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6586
diff
changeset
|
2165 |
|
6604
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2166 SQLite's `FTS5 full-text search engine`_ is available as is |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2167 `PostgreSQL's full text search`_. Both require a schema upgrade so you |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2168 should run:: |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2169 |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2170 roundup-admin -i tracker_home migrate |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2171 |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2172 to create FTS specific tables before restarting the roundup-web or |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2173 email interfaces. |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2174 |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2175 SQLite 3.9.0+ or PostgreSQL 11.0+ are required to use this feature. |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2176 When using SQLite, all full text search fields will allow searching |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2177 using the MATCH query format described at: |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2178 https://www.sqlite.org/fts5.html#full_text_query_syntax. When using |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2179 PostgreSQL either the websearch_to_tsquery or to_tsquery formats |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2180 described on |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2181 https://www.postgresql.org/docs/14/textsearch-controls.html#TEXTSEARCH-PARSING-QUERIES |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2182 can be used. The default is websearch. Prefixing the search with |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2183 ``ts:`` enables tsquery mode. |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2184 |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2185 A list of words behaves almost the same as the default text search |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
2186 (``native``). So the search string ``fts search`` will find all issues |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6586
diff
changeset
|
2187 that have both of those words (an AND search) in a text-field (like |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6586
diff
changeset
|
2188 title) or in a message (or file) attached to the issue. |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6586
diff
changeset
|
2189 |
|
6604
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2190 One thing to note is that native-fts searches do not ignore words |
|
6613
2eec7a500333
Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents:
6604
diff
changeset
|
2191 longer than 50 characters or less than 2 characters. Also SQLite does |
|
2eec7a500333
Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents:
6604
diff
changeset
|
2192 not filter out common words (i.e. there is no stopword list). So words |
|
6604
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2193 like "and", "or", "then", "with" ... are included in the FTS5 search. |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2194 |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2195 You must explicitly enable this search mechanism by changing the |
|
6613
2eec7a500333
Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents:
6604
diff
changeset
|
2196 ``indexer`` setting in ``config.ini`` to ``native-fts``. Native-fts |
|
2eec7a500333
Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents:
6604
diff
changeset
|
2197 must be explicitly chosen. This is different from Xapian or Whoosh |
|
2eec7a500333
Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents:
6604
diff
changeset
|
2198 indexers, which are chosen if they are installed in the Python |
|
2eec7a500333
Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents:
6604
diff
changeset
|
2199 environment. This prevents the existing native indexing from being |
|
2eec7a500333
Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents:
6604
diff
changeset
|
2200 discarded if ``indexer`` is not set. |
|
6591
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
2201 |
|
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
2202 Next re-index your data with ``roundup-admin -i tracker_home |
|
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
2203 reindex``. This can take a while depending on the size of the tracker. |
|
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
2204 |
|
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
2205 You may want to update your ``config.ini`` by following the directions |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6586
diff
changeset
|
2206 above to get the latest documentation. |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6586
diff
changeset
|
2207 |
|
6604
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
2208 See the `administration guide notes on native-fts`_ for further details. |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6586
diff
changeset
|
2209 |
|
6589
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2210 Adding error reporting templates (optional) |
|
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2211 ------------------------------------------- |
|
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2212 |
|
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2213 Currently some internal errors result in a bare html page with an |
|
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2214 error message. The usual chrome supplied by page.html is not shown. |
|
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2215 For example query language syntax errors for full text search methods |
|
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2216 will display a bare HTML error page. |
|
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2217 |
|
6591
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
2218 If you add an ``_generic.400.html`` template to the html directory, you |
|
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
2219 can display the error inside of the layout provided by the ``page.html`` |
|
6589
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2220 template. This can make fixing the error and navigation easier. You |
|
6591
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
2221 can use the ``_generic.404.html`` template to create a |
|
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
2222 ``_generic.400.html`` by modifying the title and body text. You can test |
|
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
2223 the 400 template by appending ``@template=400`` to the url for the |
|
6589
5ce396880899
Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2224 tracker. |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6456
diff
changeset
|
2225 |
|
6626
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2226 Change passwords using crypt module (optional) |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2227 ---------------------------------------------- |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2228 |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2229 The crypt module is being removed from the standard library. Any |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2230 stored password using crypt encoding will fail to verify once the |
|
7343
955a4efe9cbc
Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents:
7341
diff
changeset
|
2231 crypt module is removed (expected in Python 3.13 see `pep-0594 |
|
955a4efe9cbc
Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents:
7341
diff
changeset
|
2232 <https://peps.python.org/pep-0594/>`_). Automatic migration of |
|
955a4efe9cbc
Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents:
7341
diff
changeset
|
2233 passwords (if enabled in config.ini) re-encrypts old passwords using |
|
955a4efe9cbc
Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents:
7341
diff
changeset
|
2234 something other than crypt if a user logs in using the web interface. |
|
6626
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2235 |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2236 You can find users with passwords still encrypted using crypt by |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2237 running:: |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2238 |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2239 roundup-admin -i <tracker_home> table password,id,username |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2240 |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2241 Look for lines starting with ``{CRYPT}``. You can reset the user's |
|
8432
7f7749d86da8
doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents:
8431
diff
changeset
|
2242 password using [#history-pragma]_ :: |
|
6626
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2243 |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2244 roundup-admin -i <tracker_home> |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2245 roundup> set user16 password=somenewpassword |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2246 |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2247 changing ``16`` to the id in the second column of the table output. |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2248 The example uses interactive mode (indicated by the ``roundup>`` |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2249 prompt). This prevents the new password from showing up in the output |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2250 of ps or shell history. The new password will be encrypted using the |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2251 default encryption method (usually pbkdf2). |
|
120b0bb05b6e
issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents:
6613
diff
changeset
|
2252 |
|
8432
7f7749d86da8
doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents:
8431
diff
changeset
|
2253 .. [#history-pragma] If your version of roundup-admin provides history |
|
7f7749d86da8
doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents:
8431
diff
changeset
|
2254 support, you should add ``-P history_features=2`` to the command |
|
7f7749d86da8
doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents:
8431
diff
changeset
|
2255 line or run ``pragma history_features=2`` at the ``roundup>`` |
|
7f7749d86da8
doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents:
8431
diff
changeset
|
2256 prompt. This will prevent the command line (and password) from being |
|
7f7749d86da8
doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents:
8431
diff
changeset
|
2257 saved to your history file (usually ``.roundup_admin_history`` in |
|
7f7749d86da8
doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents:
8431
diff
changeset
|
2258 your user's home directory. You can use ``roundup-admin -i |
|
7f7749d86da8
doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents:
8431
diff
changeset
|
2259 <tracker_home> pragma list`` to see if pragmas are supported. |
|
7f7749d86da8
doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents:
8431
diff
changeset
|
2260 |
|
6747
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2261 Enable performance improvement for wsgi mode (optional) |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2262 ------------------------------------------------------- |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2263 |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2264 There is an experimental wsgi performance improvement mode that caches |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2265 the loaded roundup instance. This eliminates disk reads that are |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2266 incurred on each connection. In one report it improves speed by a |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2267 factor of 2 to 3 times. To enable this you should add a feature flag |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2268 to your Roundup wsgi wrapper (see the file |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2269 ``.../share/frontends/wsgi.py``) so it looks like:: |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2270 |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2271 feature_flags = { "cache_tracker": "" } |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2272 app = RequestDispatcher(tracker_home, feature_flags=feature_flags) |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2273 |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2274 to enable this mode. Note that this is experimental and was added |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2275 during the 2.2.0 beta period, so it is enabled using a feature flag. |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2276 If you use this and it works for you please followup with an email to |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2277 the roundup-users at lists.sourceforge.net mailing list so we can |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2278 enable it by default in a future release. |
|
d32d43e4a5ba
wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents:
6698
diff
changeset
|
2279 |
|
6753
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2280 |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2281 Hide submit button during readonly use of _generic.item.html (optional) |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2282 ----------------------------------------------------------------------- |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2283 |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2284 The submit button in _generic.item.html always shows up even when the |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2285 user doesn't have edit perms. Change the ``context/submit`` html to |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2286 read:: |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2287 |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2288 <td colspan=3 tal:content="structure context/submit" |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2289 tal:condition="context/is_edit_ok"> |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2290 |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2291 in your TAL based templates. The ``jinja2`` based templates are |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2292 missing this file, but if you implemented one you want to surround the |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2293 jinja2 code with:: |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2294 |
|
7343
955a4efe9cbc
Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents:
7341
diff
changeset
|
2295 {% if context.is_edit_ok() %} |
|
6753
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2296 <submit button code here> |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2297 {% endif %} |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2298 |
|
2bca9fcef70d
Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents:
6747
diff
changeset
|
2299 |
| 6775 | 2300 .. index:: Upgrading; 2.0.0 to 2.1.0 |
| 2301 | |
|
6456
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2302 Migrating from 2.0.0 to 2.1.0 |
|
6248
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2303 ============================= |
|
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2304 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2305 Rdbms version change from 5 to 6 (required) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2306 ------------------------------------------- |
|
6434
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2307 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2308 To fix an issue with importing databases, the database has to be |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2309 upgraded for rdbms backends. |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2310 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2311 You should run the ``roundup-admin migrate`` command for your |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2312 tracker once you've installed the latest codebase. |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2313 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2314 Do this before you use the web, command-line or mail interface |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2315 and before any users access the tracker. |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2316 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2317 If successful, this command will respond with either "Tracker |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2318 updated" (if you've not previously run it on an RDBMS backend) or |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2319 "No migration action required" (if you have run it, or have used |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2320 another interface to the tracker, or are using anydbm). |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2321 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2322 This only changes the schema for the mysql backend. It has no |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2323 effect other than upgrading the revision on other rdbms backends. |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2324 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2325 On the mysql backend it creates the database index that makes |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2326 sure the key field for your class is unique. |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2327 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2328 If your update/migration fails, you will see an:: |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2329 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2330 IntegrityError: (1062, "Duplicate entry '0-NULL' for key '_user_key_retired_idx'") |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2331 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2332 it means you have two non-retired members of the class with the |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2333 same key field. E.G. two non-retired users with the same |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2334 username. |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2335 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2336 Debug this using roundup-admin using the list command. For |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2337 example dump the user class by the key field ``username``:: |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2338 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2339 $ roundup-admin -i <tracker_home> list user username |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2340 1: admin |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2341 2: anonymous |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2342 3: demo |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2343 4: agent |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2344 5: provisional |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2345 6: foo@example.com |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2346 7: dupe |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2347 8: dupe |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2348 ... |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2349 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2350 then search the usernames for duplicates. Once you have |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2351 identified the duplicate username (``dupe`` above), you should |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2352 retire the other active duplicates or change the username for the |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2353 duplicate. To retire ``7: dupe``, you run:: |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2354 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2355 roundup-admin -i <tracker_home> retire user7 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2356 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2357 (use ``restore user7`` if you retired the wrong item). If you |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2358 want to rename the entry use:: |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2359 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2360 roundup-admin -i <tracker_home> set user7 username=dupe1 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2361 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2362 Keep doing this until you have no more duplicates. Then run the |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2363 update/migrate again. |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2364 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2365 If you have duplicate non-retired entries in your database, |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2366 please email roundup-users at lists.sourceforge.net. We are |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2367 interested in how many issues this has caused. Duplicate creation |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2368 should occur only when two or more mysql processes run in |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2369 parallel and both of them creating an item with the same key. So |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2370 this should be a rare event. The internal duplicate prevention |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2371 checks should work in other cases. |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2372 |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2373 For the nerds: if you had a new installation that was created at |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2374 version 5, the uniqueness of a key was not enforced at the |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2375 database level. If you had a database that was at version 4 and |
|
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2376 then upgraded to version 5 you have the uniqueness enforcing |
|
6456
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2377 constraint. Running migrate updates to schema version 6 and installs |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2378 the unique index constraint if it is missing. |
|
6434
269f39e28d5c
issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents:
6418
diff
changeset
|
2379 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2380 Setuptools is now required to install (info) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2381 -------------------------------------------- |
|
6378
b57c3d50505b
issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents:
6333
diff
changeset
|
2382 |
|
b57c3d50505b
issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents:
6333
diff
changeset
|
2383 Roundup install now uses setuptools rather than distutils. You must |
|
b57c3d50505b
issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents:
6333
diff
changeset
|
2384 install setuptools. Use the version packgaged by your OS vendor. If |
|
b57c3d50505b
issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents:
6333
diff
changeset
|
2385 your OS vendor doesn't supply setuptools use ``pip install |
|
b57c3d50505b
issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents:
6333
diff
changeset
|
2386 setuptools``. (You may need pip3 rather than pip if using python3.) |
|
b57c3d50505b
issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents:
6333
diff
changeset
|
2387 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2388 Define Authentication Header (optional) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2389 --------------------------------------- |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2390 |
|
6456
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2391 The web server in front of roundup (apache, nginx) can perform user |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2392 authentication. It can pass the authenticated username to the backend |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2393 in a variable. By default roundup looks for the ``REMOTE_USER`` |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2394 variable. This can be changed by setting the parameter |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2395 ``http_auth_header`` in the ``[web]`` section of the tracker's |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2396 ``config.ini`` file to a different value. The value is case sensitive. |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2397 If the value is unset (the default) the REMOTE_USER variable is used. |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2398 |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2399 If you are running roundup using ``roundup-server`` behind a proxy |
|
6456
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2400 that authenticates the user you need to configure ``roundup-server`` |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2401 to pass the HTTP header with the authenticated username to the |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2402 tracker. By default ``roundup-server`` looks for the ``REMOTE_USER`` |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2403 header for the authenticated user. You can copy an arbitrary header |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2404 variable to the tracker using the ``-I`` option to roundup-server (or |
|
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2405 the equivalent option in the roundup-server config file). |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2406 |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2407 For example to use the ``uid_variable`` header, two configuration |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2408 changes are needed: First configure ``roundup-server`` to pass the |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2409 header to the tracker using:: |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2410 |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2411 roundup-server -I uid_variable .... |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2412 |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2413 note that the header is passed exactly as supplied by the upstream |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2414 server. It is **not** prefixed with ``HTTP_`` like other headers since |
|
6456
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2415 you are explicitly allowing the header. Multiple comma separated |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2416 headers can be passed to the ``-I`` option. These could be used in a |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2417 detector or other tracker extensions, but only one header can be used |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2418 by the tracker as an authentication header. |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2419 |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2420 To make the tracker honor the new variable changing the tracker |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2421 ``config.ini`` to read:: |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2422 |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2423 [web] |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2424 ... |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2425 http_auth_header = uid_variable |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2426 |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2427 At the time this is written, support is experimental. If you use it |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6434
diff
changeset
|
2428 you should notify the roundup maintainers using the roundup-users |
|
6456
cbc18a8bc61f
Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
2429 at lists.sourceforge.net mailing list. |
|
6378
b57c3d50505b
issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents:
6333
diff
changeset
|
2430 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2431 Classname Format Enforced (info) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2432 -------------------------------- |
|
6248
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2433 |
|
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2434 Check schema.py and look at all Class(), IssueClass(), FileClass() |
|
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2435 calls. The second argument is the classname. All classnames must: |
|
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2436 |
|
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2437 * start with an alphabetic character |
|
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2438 * consist of alphanumerics and '_' |
|
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2439 * not end with a digit |
|
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2440 |
|
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2441 this was not enforced before. Using non-standard classnames could lead |
|
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2442 to other issues. |
|
2f53d41ae71f
Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents:
6210
diff
changeset
|
2443 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2444 jQuery updated with updates to user.help.html (recommended) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2445 ----------------------------------------------------------- |
|
6290
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2446 |
|
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2447 The devel and responsive templates shipped with an old version of |
|
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2448 jQuery with some security issues. It has been updated to the current |
|
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2449 version: 3.5.1. If your tracker is based on one of these templates |
|
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2450 (see the ``TEMPLATE-INFO.txt`` file in your tracker), remove the old |
|
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2451 ``html/jquery.js`` file from your tracker and copy the new |
|
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2452 ``jquery-3.5.1.js`` file from the template directory to your tracker's |
|
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2453 ``html`` directory. Also copy in the new ``user.help.html`` file. It now |
|
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2454 references the new ``jquery-3.5.1.js`` file and also fixes a bug that |
|
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2455 prevented applying the change from the helper to the field on the main |
|
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2456 form. |
|
944e4dfcc9b7
issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents:
6265
diff
changeset
|
2457 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2458 Roundup-admin security stops on incorrect properties (info) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2459 ----------------------------------------------------------- |
|
6393
51a1a9b0f567
- issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents:
6378
diff
changeset
|
2460 |
|
51a1a9b0f567
- issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents:
6378
diff
changeset
|
2461 The ``roundup-admin ... security`` command used to continue |
|
51a1a9b0f567
- issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents:
6378
diff
changeset
|
2462 running through the rest of the security roles after reporting a |
|
51a1a9b0f567
- issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents:
6378
diff
changeset
|
2463 property error. Now it stops after reporting the incorrect property. |
|
51a1a9b0f567
- issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents:
6378
diff
changeset
|
2464 |
|
51a1a9b0f567
- issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents:
6378
diff
changeset
|
2465 If run non-interactively, it exits with status 1. It can now be |
|
51a1a9b0f567
- issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents:
6378
diff
changeset
|
2466 used in a startup script to detect permission errors. |
|
51a1a9b0f567
- issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents:
6378
diff
changeset
|
2467 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2468 Futureproof devel and responsive timezone selection extension (recommended) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2469 --------------------------------------------------------------------------- |
|
6418
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2470 |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2471 The devel and responsive (derived from devel) templates use a select |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2472 control to list all available timezones when pytz is used. It |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2473 sanitizes the data using cgi.escape. Cgi.escape is deprecated and |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2474 removed in newer pythons. Change your ``extensions/timezone.py`` |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2475 file by applying the following patch manually:: |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2476 |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2477 |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2478 -import cgi |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2479 +try: |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2480 + from html import escape |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2481 +except ImportError: |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2482 + from cgi import escape |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2483 |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2484 try: |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
2485 import pytz |
|
6418
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2486 @@ -25,7 +28,7 @@ |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
2487 s = ' ' |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
2488 if zone == value: |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
2489 s = 'selected=selected ' |
|
6418
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2490 - z = cgi.escape(zone) |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2491 + z = escape(zone) |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2492 |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2493 See https://issues.roundup-tracker.org/issue2551136 for more details. |
|
559b3d8e03d7
issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents:
6393
diff
changeset
|
2494 |
|
6168
de9d602c8ce6
more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents:
6128
diff
changeset
|
2495 .. index:: Upgrading; 1.6.x to 2.0.0 |
|
de9d602c8ce6
more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents:
6128
diff
changeset
|
2496 |
|
5941
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2497 Migrating from 1.6.X to 2.0.0 |
|
5501
dd242cd7a182
mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5332
diff
changeset
|
2498 ============================= |
|
dd242cd7a182
mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5332
diff
changeset
|
2499 |
|
6174
5522c950a2e4
Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents:
6170
diff
changeset
|
2500 .. index:: roundup-admin; updateconfig subcommand |
|
5522c950a2e4
Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents:
6170
diff
changeset
|
2501 |
|
6210
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2502 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2503 Python 2 MYSQL users MUST READ (required) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2504 ----------------------------------------- |
|
6210
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2505 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2506 To fix issues with encoding of data and text searching, roundup now |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2507 explicitly sets the database connection character set. Roundup prior |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2508 to 2.0 used the default character set which was not always utf-8. All |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2509 roundup data is manipulated in utf-8. This mismatch causes issues with |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2510 searches and result in corrupted data in the database if it was not |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2511 properly represented across the charset conversions. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2512 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2513 This issue exists when running roundup under python 2. Note that there |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2514 are more changes required for running roundup 2.0 if you choose to use |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2515 python3. See `Python 3 support`_. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2516 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2517 In an upgraded ``config.ini`` (see next section) the ``[rdbms]`` |
|
6333
bd84f43e1d13
Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents:
6290
diff
changeset
|
2518 section has a key ``mysql_charset`` set by default to ``utf8mb4``. |
|
bd84f43e1d13
Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents:
6290
diff
changeset
|
2519 |
|
bd84f43e1d13
Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents:
6290
diff
changeset
|
2520 It should be possible to change ``utf8mb4`` to any mysql charset. So |
|
bd84f43e1d13
Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents:
6290
diff
changeset
|
2521 if you know what charset is enabled (e.g. via a setting in ~roundup/.my.cnf, |
|
6210
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2522 or the default charset for the database) you can set it in |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2523 ``config.ini`` and not need to covert the database. However the |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2524 underlying issues with misconverted data and bad searches will still |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2525 exist if they did before. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2526 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2527 None of the roundup developers run mysql, so the exact steps to take |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2528 during the upgrade were tested with test and not production databases. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2529 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2530 **Before doing anything else:** |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2531 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2532 Backup the mysql database using mysql dump or other mysql |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2533 supported tool. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2534 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2535 Backup roundup using your current backup tool and take the roundup |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2536 instance offline. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2537 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2538 Then the following steps (similar to the conversion in needed for |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2539 Python 3) should work: |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2540 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2541 1. Export the tracker database |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2542 using your **current** 1.6 instance:: |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2543 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2544 roundup-admin -i <trackerdir> exporttables <export_dir> |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2545 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2546 replacing tracker_dir and export_dir as appropriate. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2547 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2548 2. Import the exported database using the **new** 2.0 roundup:: |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2549 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2550 roundup-admin -i <trackerdir> importtables <export_dir> |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2551 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2552 replacing tracker_dir and export_dir as appropriate. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2553 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2554 The imported data should overwrite the original data. Note it is |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2555 critically important that the ``exporttables`` be done with the *old |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2556 tracker* and the ``importtables`` be done with the *new tracker*. An |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2557 import/export cycle between roundup 1.6.0 and roundup 2.0 has been |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2558 done successfully. So the export format for 1.6 and 2.0 should be |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2559 compatible. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2560 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2561 Note that ``importtables`` is new in roundup-2.0, so you will not be |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2562 able to import the result of ``exporttables`` using any 1.x version of |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2563 roundup. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2564 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2565 Following the same sequence as above using ``export`` and ``import`` |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2566 should also work, but it will export all the files and messages. This |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2567 will take longer but may be worth trying if the ``exporttables`` and |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2568 ``importtables`` method fails for some reason. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2569 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2570 Another way that should be faster, but is untested is to use mysql |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2571 dump to dump the database. |
|
8111
394f72021dad
docs: replace redirecting url's with target
John Rouillard <rouilj@ieee.org>
parents:
8081
diff
changeset
|
2572 https://makandracards.com/makandra/595-dumping-importing-mysql-utf-8-safe-way |
| 7793 | 2573 recommends: |
|
6210
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2574 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2575 Note that when your MySQL server is not set to UTF-8 you need to do |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2576 mysqldump --default-character-set=latin1 (!) to get a correctly |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2577 encoded dump. In that case you will also need to remove the SET |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2578 NAMES='latin1' comment at the top of the dump, so the target machine |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2579 won't change its UTF-8 charset when sourcing. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2580 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2581 Then import the dump. Removing ``SET NAMES`` should allow the import |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2582 to use UTF-8. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2583 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2584 Please report success or issues with this conversion to the |
|
7961
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
2585 roundup-users at lists.sourceforge.net mailing list. |
|
6210
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2586 |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2587 As people report successful or unsuccessful conversions, we will update |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2588 the errata page at: https://wiki.roundup-tracker.org/ReleaseErrata. |
|
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2589 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2590 Upgrade tracker's config.ini file (recommended) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2591 ----------------------------------------------- |
|
6210
13f5cbbcd4e6
Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents:
6190
diff
changeset
|
2592 |
|
5973
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2593 Once you have installed the new roundup, use:: |
|
5726
e199d0ae4a25
issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents:
5543
diff
changeset
|
2594 |
|
5944
d7e6bcde5cbe
Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents:
5941
diff
changeset
|
2595 roundup-admin -i /path/to/tracker updateconfig newconfig.ini |
|
5726
e199d0ae4a25
issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents:
5543
diff
changeset
|
2596 |
|
e199d0ae4a25
issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents:
5543
diff
changeset
|
2597 to generate a new ini file preserving all your settings. You can then |
|
e199d0ae4a25
issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents:
5543
diff
changeset
|
2598 merge any local comments from the tracker's ``config.ini`` into |
|
5944
d7e6bcde5cbe
Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents:
5941
diff
changeset
|
2599 ``newconfig.ini``. Compare the old and new files and configure any new |
|
d7e6bcde5cbe
Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents:
5941
diff
changeset
|
2600 settings as you want. Then replace ``config.ini`` with the |
|
d7e6bcde5cbe
Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents:
5941
diff
changeset
|
2601 ``newconfig.ini`` file. |
|
5941
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2602 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2603 .. _Python 3 support: |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2604 |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2605 Python 3 support (info) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2606 ----------------------- |
|
5941
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2607 |
|
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2608 Many of the ``.html`` and ``.py`` files from Roundup that are copied |
|
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2609 into tracker directories have changed for Python 3 support. If you |
|
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2610 wish to move an existing tracker to Python 3, you need to merge in |
|
5973
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2611 those changes. Also you need to make sure that locally created python |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2612 code in the tracker is correct for Python 3. |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2613 |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2614 If your tracker uses the ``anydbm`` or ``mysql`` backends, you also |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2615 need to export the tracker contents using ``roundup-admin export`` |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2616 running under Python 2, and them import them using ``roundup-admin |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2617 import`` running under Python 3. This is detailed in the documention |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2618 for migrating to a different backend. If using the ``sqlite`` backend, |
|
5941
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2619 you do not need to export and import, but need to delete the |
|
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2620 ``db/otks`` and ``db/sessions`` files when changing Python version. |
|
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2621 If using the ``postgresql`` backend, you do not need to export and |
|
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2622 import and no other special database-related steps are needed. |
|
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2623 |
|
5967
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2624 If you use the whoosh indexer, you will need to reindex. It looks like |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2625 a database created with Python 2 leads to Unicode decode errors when |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2626 accessed by Python 3. Reindexing can take a while (see details below |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2627 look for "reindexing"). |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2628 |
|
5944
d7e6bcde5cbe
Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents:
5941
diff
changeset
|
2629 Octal values in config.ini change from the Python 2 representation |
|
5941
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2630 with a leading ``0`` (``022``). They now use a leading ``0o`` |
|
29d428927362
prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
2631 (``0o22``). Note that the ``0o`` format is properly handled under |
|
5944
d7e6bcde5cbe
Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents:
5941
diff
changeset
|
2632 python 2. You can use the ``newconfig.ini`` generated using ``python3 |
|
d7e6bcde5cbe
Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents:
5941
diff
changeset
|
2633 roundup-admin -i ... updateconfig newconfig.ini`` if you want to go |
|
d7e6bcde5cbe
Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents:
5941
diff
changeset
|
2634 back to using python 2. (Note going back to Python 2 will require |
|
d7e6bcde5cbe
Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents:
5941
diff
changeset
|
2635 the same steps as moving from 2 to 3 except using Python 3 to perform |
|
d7e6bcde5cbe
Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents:
5941
diff
changeset
|
2636 the export.) |
|
5726
e199d0ae4a25
issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents:
5543
diff
changeset
|
2637 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2638 Rate Limit New User Registration (info) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2639 --------------------------------------- |
|
5973
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2640 |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2641 The new user registration form can be abused by bots to allow |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2642 automated registration for spamming. This can be limited by using the |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2643 new ``config.ini`` ``[web]`` option called |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2644 ``registration_delay``. The default is 4 and is the number of seconds |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2645 between the time the form was generated and the time the form is |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2646 processed. |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2647 |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2648 If you do not modify the ``user.register.html`` template in your |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2649 tracker's html directory, you *must* set this to 0. Otherwise you will |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2650 see the error: |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2651 |
| 7793 | 2652 .. code-block:: text |
| 2653 | |
|
5973
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2654 Form is corrupted, missing: opaqueregister. |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2655 |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2656 If set to 0, the rate limit check is disabled. |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2657 |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2658 If you want to use this, you can change your ``user.register.html`` |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2659 file to include:: |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2660 |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2661 <input type="hidden" name="opaqueregister" tal:attributes="value python: utils.timestamp()"> |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2662 |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2663 The hidden input field can be placed right after the form declaration |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2664 that starts with:: |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2665 |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2666 <form method="POST" onSubmit="return submit_once()" |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2667 |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2668 If you have applied Erik Forsberg's tracker level patch to implement |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2669 (see: https://hg.python.org/tracker/python-dev/rev/83477f735132), you |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2670 can back the code out of the tracker. You must change the name of the |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2671 field in the html template to ``opaqueregistration`` from ``opaque`` |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2672 in order to use the core code. |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2673 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2674 PGP mail processing (required) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2675 ------------------------------ |
|
5501
dd242cd7a182
mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5332
diff
changeset
|
2676 |
|
dd242cd7a182
mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5332
diff
changeset
|
2677 Roundup now uses the ``gpg`` module instead of ``pyme`` to process PGP |
|
dd242cd7a182
mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5332
diff
changeset
|
2678 mail. If you have PGP processing enabled, make sure the ``gpg`` |
|
dd242cd7a182
mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5332
diff
changeset
|
2679 module is installed. |
|
dd242cd7a182
mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5332
diff
changeset
|
2680 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2681 MySQL client module (recommended) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2682 --------------------------------- |
|
5510
e2978ed3b550
update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5501
diff
changeset
|
2683 |
|
e2978ed3b550
update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5501
diff
changeset
|
2684 Although the ``MySQLdb`` module from |
|
e2978ed3b550
update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5501
diff
changeset
|
2685 https://pypi.org/project/MySQL-python/ is still supported, it is |
|
e2978ed3b550
update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5501
diff
changeset
|
2686 recommended to switch to the updated module from |
|
e2978ed3b550
update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5501
diff
changeset
|
2687 https://pypi.org/project/mysqlclient/. |
|
e2978ed3b550
update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5501
diff
changeset
|
2688 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2689 XMLRPC Access Role (info/required) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2690 ---------------------------------- |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2691 |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2692 A new permission has been added to control access to the XMLRPC |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2693 endpoint. If the user doesn't have the new "Xmlrpc Access" permission, |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2694 they will not be able to log in using the /xmlrpc end point. To add |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2695 this new permission to the "User" role you should change your |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2696 tracker's schema.py and add:: |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2697 |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2698 db.security.addPermissionToRole('User', 'Xmlrpc Access') |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2699 |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2700 This is usually included near where other permissions like "Web Access" |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2701 or "Email Access" are assigned. |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5756
diff
changeset
|
2702 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2703 New values for db.tx_Source (info) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2704 ---------------------------------- |
|
5881
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2705 |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2706 The database attribute tx_Source reports "xmlrpc" and "rest" when the |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2707 /xmlrpc and /rest web endpoints are used. Check all code (extensions, |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2708 detectors, lib) in trackers looking for tx_Source. If you have code |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2709 like:: |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2710 |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2711 if db.tx_Source == "web": |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2712 |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2713 or:: |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2714 |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2715 if db.tx_Source in ['web', 'email-sig-openpgp', 'cli' ]: |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2716 |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2717 you may need to change these to include matches to "rest" and |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2718 "xmlrpc". For example:: |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2719 |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2720 if db.tx_Source in [ "web", "rest", "xmlrpc" ] |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2721 |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2722 or:: |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2723 |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2724 if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]: |
|
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2725 |
|
6190
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2726 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2727 CSV export changes (info) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2728 ------------------------- |
|
6190
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2729 |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2730 The original Roundup CSV export function for indexes reported id |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2731 numbers for links. The wiki had a version that resolved the id's to |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2732 names, so it would report ``open`` rather than ``2`` or |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2733 ``user2;user3`` rather than ``[2,3]``. |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2734 |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2735 Many people added the enhanced version to their extensions directory. |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2736 |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2737 The enhanced version was made the default in roundup 2.0. If you want |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2738 to use the old version (that returns id's), you can replace references |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2739 to ``export_csv`` with ``export_csv_id`` in templates. |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2740 |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2741 Both core csv export functions have been changed to force quoting of |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2742 all exported fields. To incorporate this change in any CSV export |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2743 extension you may have added, change references in your code from:: |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2744 |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2745 writer = csv.writer(wfile) |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2746 |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2747 to:: |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2748 |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2749 writer = csv.writer(wfile, quoting=csv.QUOTE_NONNUMERIC) |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2750 |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2751 this forces all (non-numeric) fields to be quoted and empty quotes to |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2752 be added for missing parameters. |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2753 |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2754 This turns exported values that may look like formulas into strings so |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2755 some versions of Excel won't try to interpret them as a formula. |
|
15fd91fd3c4c
Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents:
6174
diff
changeset
|
2756 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2757 Update userauditor.py to restrict usernames (recommended) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2758 --------------------------------------------------------- |
|
5958
5148e46dd314
issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents:
5944
diff
changeset
|
2759 |
|
5973
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2760 A username can be created with embedded commas and < and > |
|
fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
5971
diff
changeset
|
2761 characters. Even though the < and > are usually escaped when |
|
5958
5148e46dd314
issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents:
5944
diff
changeset
|
2762 displayed, the embedded comma makes it difficult to edit lists of |
|
5148e46dd314
issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents:
5944
diff
changeset
|
2763 users as they are comma separated. |
|
5148e46dd314
issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents:
5944
diff
changeset
|
2764 |
|
5148e46dd314
issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents:
5944
diff
changeset
|
2765 If you have not modified your tracker's userauditor.py, you can just |
|
5148e46dd314
issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents:
5944
diff
changeset
|
2766 copy the userauditor.py from the classic template into your tracker's |
|
5148e46dd314
issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents:
5944
diff
changeset
|
2767 detectors directory. Otherwise merge the changes from the template |
|
5148e46dd314
issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents:
5944
diff
changeset
|
2768 userauditor.py. https://issues.roundup-tracker.org/issue2550921 may be |
|
5148e46dd314
issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents:
5944
diff
changeset
|
2769 helpful. |
|
5881
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
2770 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2771 Consider reindexing if you use European languages (recommended) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2772 --------------------------------------------------------------- |
|
5967
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2773 |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2774 A couple of bugs dealing with incorrect indexing of European languages |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2775 (Russian and German were reported) have been fixed. Note reindexing |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2776 all your data may take a long time. See: |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2777 https://issues.roundup-tracker.org/issue1195739 and |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2778 https://issues.roundup-tracker.org/issue1344046 for a description of |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2779 the problem. If you determine that this a problem for your tracker, |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2780 you can use:: |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2781 |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2782 roundup-admin -i /path/to/tracker reindex |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2783 |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2784 to rewrite your full text indexes. The tracker used for reindex timing |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2785 had 140MB of file/message data and 2500 issues with a slow 5400RPM |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2786 SATA drive. Using native indexing with sqlite took about 45 |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2787 minutes. Using whoosh took about 2 hours. Using xapian took about 6 |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2788 hours. All examples were with Python 2. Anecdotal evidence shows |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2789 Python 3 is faster, but YMMV. |
|
9a980675105d
Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents:
5958
diff
changeset
|
2790 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2791 Merge improvements in statusauditor.py (optional) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2792 ------------------------------------------------- |
|
5971
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2793 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2794 By default the detector statusauditor.py will change the status from |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2795 "unread" to "chatting" when a second message is added to an issue. |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2796 The distributed classic and jinja templates implement this feature in |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2797 their copies of ``detectors/statusauditor.py``. |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2798 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2799 This can be a problem. Consider a person sending email to create an |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2800 issue. Then the person sends a followup message to add some additional |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2801 information to the issue. The followup message will trigger the status |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2802 change from "unread" to "chatting". This is misleading since the |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2803 person is "chatting" with themselves. |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2804 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2805 Statusauditor.py has been enhanced to prevent the status from changing |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2806 to "chatting" until a second user (person) adds a message. If you |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2807 want this functionality, you need to merge the distributed |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2808 statusauditor.py with your tracker's statusauditor.py. If you have not |
|
7499
a072331c843b
Change customizing to customising in all variants.
John Rouillard <rouilj@ieee.org>
parents:
7452
diff
changeset
|
2809 customised your tracker's statusauditor.py, copy the one from the |
|
5971
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2810 distibuted template. In addition to the python file, you also must |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2811 copy/merge the distributed ``detectors/config.ini`` into your |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2812 tracker's detectors directory. Most people can copy |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2813 ``detectors/config.ini`` from the distributed templates as they won't |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2814 have a ``detectors/config.ini`` file. (Note this is |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2815 ``detectors/config.ini`` do not confuse it with the main |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2816 ``config.ini`` file at the root of the tracker home.) |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2817 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2818 This enhancement is disabled by default. Enable it by changing the |
| 7277 | 2819 value in ``detectors/config.ini`` from:: |
|
5971
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2820 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2821 chatting_requires_two_users = False |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2822 |
| 7277 | 2823 to:: |
|
5971
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2824 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2825 chatting_requires_two_users = True |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2826 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2827 (the values ``no`` and ``yes`` can also be used). Restart the tracker |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2828 to enable the change. |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2829 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2830 If you don't do this quite right you will see one of two error |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2831 messages in the web interface when you try to update an issue with a |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2832 message:: |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2833 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2834 Edit Error: Unsupported configuration option: Option |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2835 STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS not found in |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2836 detectors/config.ini. |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2837 Contact tracker admin to fix. |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2838 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2839 This happens if detectors/config.ini is not found or is missing the |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2840 ``chatting_requires_two_users`` option in the ``statusauditor`` |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2841 section. |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2842 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2843 If you have an incorrect value (say you use ``T`` rather than |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2844 ``True``) you see a different error:: |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2845 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2846 Edit Error: Invalid value for |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2847 DETECTOR::STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS: 'T' |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2848 Allowed values: yes, no |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2849 |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2850 to fix this set the value to ``yes`` (True) or ``no`` (False). |
|
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2851 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2852 Responsive template changes (optional) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2853 -------------------------------------- |
|
5990
0face8e45224
issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents:
5973
diff
changeset
|
2854 |
|
0face8e45224
issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents:
5973
diff
changeset
|
2855 There have been some changes to the responsive template. You can |
|
5991
b0940ad50f43
issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents:
5990
diff
changeset
|
2856 diff/merge these changes into your responsive template based tracker. |
|
b0940ad50f43
issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents:
5990
diff
changeset
|
2857 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2858 Jinja template changes (required) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2859 --------------------------------- |
|
5991
b0940ad50f43
issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents:
5990
diff
changeset
|
2860 |
|
6055
5260c15d153f
updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5994
diff
changeset
|
2861 Auto escaping has been enabled in the jinja template engine, this |
|
5260c15d153f
updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5994
diff
changeset
|
2862 means it is no longer necessary to manually escape dynamic strings |
| 7277 | 2863 with ``|e``, but strings that should not be escaped need to be marked |
| 2864 with ``|safe`` (e.g. ``{{ context.history()|u|safe }}``). Also, the i18n | |
|
6055
5260c15d153f
updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5994
diff
changeset
|
2865 extension has been enabled and the template has been updated to use |
| 7277 | 2866 the extension for translatable text instead of explicit ``i18n.gettext`` |
| 2867 calls:: | |
|
6055
5260c15d153f
updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5994
diff
changeset
|
2868 |
|
5260c15d153f
updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5994
diff
changeset
|
2869 {% trans %}List of issues{% endtrans %} |
|
5260c15d153f
updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5994
diff
changeset
|
2870 |
| 7277 | 2871 instead of:: |
|
6055
5260c15d153f
updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5994
diff
changeset
|
2872 |
|
5260c15d153f
updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5994
diff
changeset
|
2873 {{ i18n.gettext('List of issues')|u }} |
|
5260c15d153f
updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5994
diff
changeset
|
2874 |
|
5991
b0940ad50f43
issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents:
5990
diff
changeset
|
2875 The jinja template has been upgraded to use bootstrap 4.1.3 (from |
|
b0940ad50f43
issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents:
5990
diff
changeset
|
2876 2.2.2). You can diff/merge changes into your jinja template based |
|
b0940ad50f43
issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents:
5990
diff
changeset
|
2877 tracker. |
|
5971
e5acd1843517
- issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents:
5967
diff
changeset
|
2878 |
|
5994
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2879 Also search _generic.index.html, navigation.html and file.index.html |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2880 in the html directory of your tracker. Look for:: |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2881 |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2882 <input type="hidden" name="@action" |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2883 |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2884 where the value is a jinja expression that calls i18n.gettext. Set the |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2885 value to the argument of the gettext call. E.G. replace:: |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2886 |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2887 <input type="hidden" name="@action" value="{{ i18n.gettext('editCSV')|u }}"> |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2888 |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2889 with:: |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2890 |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2891 <input type="hidden" name="@action" value="editCSV"> |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2892 |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2893 The action keywords should not be translated. |
|
0e04fcdd1ff2
issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents:
5991
diff
changeset
|
2894 |
|
6168
de9d602c8ce6
more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents:
6128
diff
changeset
|
2895 .. index:: Upgrading; 1.5.1 to 1.6.0 |
|
de9d602c8ce6
more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents:
6128
diff
changeset
|
2896 |
|
5041
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
2897 Migrating from 1.5.1 to 1.6.0 |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
2898 ============================= |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
2899 |
|
5304
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2900 Update tracker config file |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2901 -------------------------- |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2902 |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2903 After installing the new version of roundup, you should |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2904 update the ``config.ini`` file for your tracker. To do this: |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2905 |
| 7277 | 2906 1. backup your existing ``config.ini`` file |
| 2907 2. using the newly installed code, run:: | |
| 2908 | |
| 2909 roundup-admin -i /path/to/tracker updateconfig config.ini.new | |
| 2910 | |
| 2911 to create the file config.ini.new. Replace | |
| 2912 ``/path/to/tracker`` with the path to your tracker. | |
| 2913 3. replace your tracker's config.ini with config.ini.new | |
|
5304
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2914 |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2915 Using updateconfig keeps all the settings from your |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2916 tracker's config.ini file and adds settings for all the new |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2917 options. |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2918 |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2919 If you have added comments to your original config.ini file, |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2920 merge the added comments into the config.ini.new file. Then |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2921 replace your tracker's config.ini with config.ini.new. |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2922 |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2923 Read the new config.ini and configure it to enable new |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2924 features. Details on using these features can be found in |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2925 this section. |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
2926 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2927 Make sure that user can view labelprop on classes (required) |
|
5267
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2928 ------------------------------------------------------------ |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2929 |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
2930 If you have View permissions that use ``properties=...``, make sure |
|
7505
62409b4a3a52
Link labelprop to setlabelprop in reference
John Rouillard <rouilj@ieee.org>
parents:
7499
diff
changeset
|
2931 that the `labelprop <reference.html#setlabelprop-property>`_ for the |
|
62409b4a3a52
Link labelprop to setlabelprop in reference
John Rouillard <rouilj@ieee.org>
parents:
7499
diff
changeset
|
2932 class is listed in the properties list. |
|
5267
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2933 |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2934 The first one of these that exists must must be in the list: |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2935 |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2936 1. the property set by a call to setlabelprop for the class |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2937 2. the key of the class (as set by setkey()) |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2938 3. the "name" property (if it exists) |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2939 4. the "title" property (if it exists) |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2940 |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2941 if none of those apply, you must allow |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2942 |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2943 * the "id" property |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2944 |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2945 E.G. If your class does a setlabelprop("foo") you must include "foo" |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2946 in the properties list even if the class has name or title properties. |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2947 |
|
7506
38de0d748284
Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents:
7505
diff
changeset
|
2948 See: `reference.html setlabelprop |
|
38de0d748284
Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents:
7505
diff
changeset
|
2949 <reference.html#setlabelprop-property>`_ for further details on the |
|
38de0d748284
Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents:
7505
diff
changeset
|
2950 labelprop. |
|
5267
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2951 |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2952 If you don't do this, you will find that multilinks (and possibly |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2953 links) may not be displayed properly. E.G. templates that iterate over |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2954 a mutlilink field (with tal:repeat for example) may not show any |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2955 content. |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2956 |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2957 See: https://sourceforge.net/p/roundup/mailman/message/35763294/ |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2958 for the initial discussion of the issue. |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
2959 |
|
7343
955a4efe9cbc
Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents:
7341
diff
changeset
|
2960 .. _cross site request forgery detection added: |
|
955a4efe9cbc
Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents:
7341
diff
changeset
|
2961 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2962 Cross Site Request Forgery Detection Added (recommended) |
|
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
2963 -------------------------------------------------------- |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2964 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2965 Roundup 1.6. supports a number of defenses against CSRF. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2966 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2967 Http header verification against the tracker's ``web`` |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2968 setting in the ``[tracker]`` section of config.ini for the |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2969 following headers: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2970 |
|
7344
4be6434014ee
Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents:
7343
diff
changeset
|
2971 1. Analyze the ``Referer`` HTTP header to make sure it |
|
4be6434014ee
Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents:
7343
diff
changeset
|
2972 includes the web setting. |
|
4be6434014ee
Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents:
7343
diff
changeset
|
2973 2. Analyze the ``Origin`` HTTP header to make sure the |
|
4be6434014ee
Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents:
7343
diff
changeset
|
2974 schema://host matches the web setting. |
|
4be6434014ee
Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents:
7343
diff
changeset
|
2975 3. Analyze the ``X-Forwarded-Host`` header set by a proxy |
|
4be6434014ee
Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents:
7343
diff
changeset
|
2976 running in front of roundup to make sure it agrees with |
|
4be6434014ee
Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents:
7343
diff
changeset
|
2977 the host part of the web setting. |
|
4be6434014ee
Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents:
7343
diff
changeset
|
2978 4. Analyze the ``Host`` header to make sure it agrees with |
|
4be6434014ee
Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents:
7343
diff
changeset
|
2979 the host part of the web setting. This is not done if |
|
4be6434014ee
Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents:
7343
diff
changeset
|
2980 ``X-Forwarded-Host`` is set. |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2981 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2982 By default roundup 1.6 does not require any specific header |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2983 to be present. However at least one of the headers above |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2984 *must* pass validation checks (usually ``Host`` or |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2985 ``Referer``) or the submission is rejected with an error. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2986 If any header fails validation, the submission is |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2987 rejected. (Note the user's form keeps all the data they |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2988 entered if it was rejected.) |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2989 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2990 Also the admin can include unique csrf tokens for all forms |
|
5271
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
2991 submitted using the POST method. (Delete and put methods are also |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
2992 included, but not currently used by roundup.) The csrf |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2993 token (nonce) is tied to the user's session. When the user |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2994 submits the form and nonce, the nonce is checked to make |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2995 sure it was issued to the user and the same session. If this |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2996 is not true the post is rejected and the user is notified. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
2997 |
|
5271
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
2998 The standard context/submit templating item creates CSRF tokens by |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
2999 default. If you have forms using the POST method that are not using |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3000 the standard submit routine, you should add the following field to all |
| 7277 | 3001 forms:: |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3002 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3003 <input name="@csrf" type="hidden" |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3004 tal:attributes="value python:utils.anti_csrf_nonce()"> |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3005 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3006 A unique random token is generated by every call to |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3007 utils.anti_csrf_nonce() and is put in a database to be |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3008 retreived if the token is used. Token lifetimes are 2 weeks |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3009 by default but can be configured in config.ini. Roundup will |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3010 automatically prune old tokens. Calling anti_csrf_nonce with |
| 7277 | 3011 an integer lifetime, for example:: |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3012 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3013 <input name="@csrf" type="hidden" |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3014 tal:attributes="value python:utils.anti_csrf_nonce(lifetime=10)"> |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3015 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3016 sets the lifetime of that nonce to 10 minutes. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3017 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3018 If you want to change the default settings, you have to |
|
5304
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
3019 update the web section in your tracker's config.ini file. Follow the |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
3020 section above to generate an updated config.ini file. Then |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
3021 look for settings that start with csrf. The updated config.ini |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3022 file includes detailed descriptions of the settings. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3023 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3024 In general one of four values can be set for these |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3025 settings. The default is ``yes``, which validates the header |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3026 or nonce and blocks access if the validation fails. If the |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3027 field/header is missing it allows access. Setting these |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3028 fields to ``required`` blocks access if the header/nonce is |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3029 missing. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3030 |
|
5275
fee207407dee
Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents:
5274
diff
changeset
|
3031 It is recommended that you change your templates so every form |
|
fee207407dee
Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents:
5274
diff
changeset
|
3032 that is not submitted via GET has an @csrf field. Then change |
|
fee207407dee
Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents:
5274
diff
changeset
|
3033 the csrf_enforce_token setting to 'required'. |
|
fee207407dee
Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents:
5274
diff
changeset
|
3034 |
|
5295
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3035 Errors and Troubleshooting - @csrf in url |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3036 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5196
diff
changeset
|
3037 |
|
5271
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3038 If you see the @csrf nonce in the URL, you have added the value to a |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3039 form that uses the GET method. You should remove the @csrf token from |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3040 these forms as it is not needed. |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3041 |
|
5295
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3042 Errors and Troubleshooting - AttributeError list object no attribute value |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3043 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
5271
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3044 If you get an error: |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3045 |
| 7793 | 3046 .. code-block:: text |
| 3047 | |
|
5271
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3048 AttributeError: 'list' object has no attribute 'value' |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3049 |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3050 in handle_csrf, you have more than one @csrf token for the form. This |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3051 usually occurs because the form uses the standard context/submit |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3052 element but you also added an explicit @csrf statement. Simply remove |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3053 the @csrf element for that form. |
|
bee4008a2840
Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents:
5270
diff
changeset
|
3054 |
|
5298
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3055 Errors and Troubleshooting - xmlrpc Required Header Missing |
|
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3056 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 6768 | 3057 When performing and xmlrpc call, if you see something like:: |
|
5298
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3058 |
|
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3059 xmlrpclib.Fault: <Fault 1: "<class |
|
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3060 'roundup.exceptions.UsageError'>:Required Header Missing"> |
|
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3061 |
|
7507
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3062 change your xmlrpc client to add appropriate headers to |
|
5298
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3063 the request including the: |
|
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3064 |
|
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3065 X-Requested-With: |
|
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3066 |
|
7507
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3067 header as well as any other required csrf headers (e.g. referer, |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3068 origin) configured in config.ini. See the `advanced python client |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3069 <xmlrpc.html#advanced-python-client-adding-anti-csrf-headers>`_ at |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3070 the end of the xmlrpc guide. |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3071 |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3072 Alternatively change the setting of |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3073 csrf_enforce_header_x-requested-with in config.ini to ``no``. So it |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3074 looks like:: |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3075 |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3076 csrf_enforce_header_x-requested-with = no |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3077 |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3078 This is not recommended as it reduces csrf protection. |
|
f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents:
7506
diff
changeset
|
3079 |
|
5298
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3080 |
|
5212
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3081 Support for SameSite cookie option for session cookie |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3082 ----------------------------------------------------- |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3083 |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3084 Support for serving the session cookie using the SameSite cookie option |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3085 has been added. By default it is set to lax to provide a better user |
|
6688
f1f2d59dab8b
Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents:
6684
diff
changeset
|
3086 experience. But this can be changed to strict or the option can be |
|
5212
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3087 removed entirely. |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3088 |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3089 Using the process for merging config.ini changes described in |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3090 `Cross Site Request Forgery Detection Added`_ you can add the |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3091 ``samesite_cookie_setting`` to the ``[web]`` section of the config |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3092 file. |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5201
diff
changeset
|
3093 |
|
5147
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3094 Fix for path traversal changes template resolution |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3095 -------------------------------------------------- |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3096 |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3097 The templates in the tracker's html subdirectory must not be |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3098 symbolic links that lead outside of the html directory. |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3099 |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3100 If you don't use symbolic links for templates in your html |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3101 subdirectory you don't have to make any changes. Otherwise you need to |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3102 replace the symbolic links with hard links to the files or replace the |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3103 symbolic links with the files. |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3104 |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3105 This is a side effect of fixing a path traversal security issue. The |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3106 security issue required a directory with a specific unusual name. This |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3107 made it difficult to exploit. However allowing the use of |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3108 subdirectories to organize the templates required that it be fixed. |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3109 |
|
d16ba6e6624b
upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents:
5122
diff
changeset
|
3110 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
3111 Database back end specified in config.ini (required) |
|
5267
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
3112 ---------------------------------------------------- |
|
5068
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3113 |
|
5041
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3114 The ``db/backend_name`` file is no longer used to configure the database |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3115 backend being used for a tracker. The backend is now configured in the |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3116 ``config.ini`` file using the ``backend`` option located in the ``[rdbms]`` |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3117 section. For example if ``db/backend_name`` file contains ``sqlite``, a new |
|
5096
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3118 entry in the tracker's ``config.ini`` will need to be created:: |
|
5041
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3119 |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3120 [rdbms] |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3121 |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3122 ... |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3123 |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3124 # Database backend. |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3125 # Default: |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3126 backend = sqlite |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3127 |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3128 Once the ``config.ini`` file has been updated with the new ``backend`` option, |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3129 you can safely delete the ``db/backend_name`` file. |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3130 |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3131 Note: the ``backend_name`` file may be located in a directory other than |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3132 ``db/`` if you have configured the ``database`` option in the ``[main]`` |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3133 section of the ``config.ini`` file to be something other than ``db``. |
|
5251e97b1de0
Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents:
5025
diff
changeset
|
3134 |
|
5304
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
3135 Note 2: if you are using the anydbm back end, you still set |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
3136 it using the backend option in the rdbms section of the |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
3137 config.ini file. |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
3138 |
|
5096
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3139 New config file option 'indexer' added |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3140 -------------------------------------- |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3141 |
|
5304
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
3142 This release added support for the Whoosh indexer, so a new |
|
ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents:
5298
diff
changeset
|
3143 config file option has been |
|
5096
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3144 added. You can force Roundup to use a particular text indexer by |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3145 setting this value in the [main] section of the tracker's |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3146 ``config.ini`` file (usually placed right before indexer_stopwords):: |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3147 |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3148 [main] |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3149 |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3150 ... |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3151 |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3152 # Force Roundup to use a particular text indexer. |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3153 # If no indexer is supplied, the first available indexer |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3154 # will be used in the following order: |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3155 # Possible values: xapian, whoosh, native (internal). |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3156 indexer = |
|
e74c3611b138
- issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents:
5078
diff
changeset
|
3157 |
|
5295
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3158 Errors and Troubleshooting - Full text searching not working |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3159 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3160 |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3161 If after the upgrade full text searching is not working try changing |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3162 the indexer value. If this is failing most likely you need to set |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3163 '''indexer = native''' to use the rdbms or db text indexing systems. |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3164 |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3165 Alternatively you can do a |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3166 '''roundup-admin -i /path/to/tracker reindex''' |
|
5752
4c0cdfe4f678
Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents:
5735
diff
changeset
|
3167 to generate a new index using roundup's preferred indexer from the |
|
4c0cdfe4f678
Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents:
5735
diff
changeset
|
3168 list above. |
|
4c0cdfe4f678
Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents:
5735
diff
changeset
|
3169 |
|
4c0cdfe4f678
Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents:
5735
diff
changeset
|
3170 Xapian error with flint when reindexing |
|
4c0cdfe4f678
Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents:
5735
diff
changeset
|
3171 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
4c0cdfe4f678
Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents:
5735
diff
changeset
|
3172 If you reindex and are using xapian, you may get the error that |
|
4c0cdfe4f678
Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents:
5735
diff
changeset
|
3173 "flint" is not supported (looks like flint was removed after xapian |
|
4c0cdfe4f678
Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents:
5735
diff
changeset
|
3174 1.2.x). To fix this, you can delete the full text search database |
|
4c0cdfe4f678
Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents:
5735
diff
changeset
|
3175 located in the tracker home directory in the file '''db/text-index''' |
|
4c0cdfe4f678
Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents:
5735
diff
changeset
|
3176 and then perform a reindex. |
|
5295
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3177 |
|
5108
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3178 Stemming improved in Xapian Indexer |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3179 ----------------------------------- |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3180 |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3181 Stemming allows a search for "silent" also match silently. The Porter |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3182 stemmer in Xapian works with lowercase English text. In this release we |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3183 lowercase the documents as they are put into the indexer. |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3184 |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3185 This means capitalization is not preserved, but produces more hits by |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3186 using the stemmer. |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3187 |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3188 You will need to do a roundup-admin reindex if you are using the |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3189 Xapian full text indexer on your tracker. |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3190 |
|
67fad01d2009
issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents:
5098
diff
changeset
|
3191 |
|
5098
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3192 New config file option 'replyto_address' added |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3193 ---------------------------------------------- |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3194 |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3195 A new config file option has been added to let you control the |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3196 Reply-To header on nosy messages. |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3197 |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3198 Edit your tracker's ``config.ini`` and place the following after |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3199 the email entry in the tracker section:: |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3200 |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3201 [tracker] |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3202 ... |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3203 |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3204 # Controls the reply-to header address used when sending |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3205 # nosy messages. |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3206 # If the value is unset (default) the roundup tracker's |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3207 # email address (above) is used. |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3208 # If set to "AUTHOR" then the primary email address of the |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3209 # author of the change will be used as the reply-to |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3210 # address. This allows email exchanges to occur outside of |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3211 # the view of roundup and exposes the address of the person |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3212 # who updated the issue, but it could be useful in some |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3213 # unusual circumstances. |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3214 # If set to some other value, the value is used as the reply-to |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3215 # address. It must be a valid RFC2822 address or people will not be |
|
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3216 # able to reply. |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3217 # Default: |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3218 replyto_address = |
|
5098
99e289359798
issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents:
5096
diff
changeset
|
3219 |
|
7341
7321c0e6c53e
Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents:
7321
diff
changeset
|
3220 Login from a search or after logout works better (required) |
|
5270
84a844f50d1f
Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents:
5267
diff
changeset
|
3221 ----------------------------------------------------------- |
|
5121
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3222 |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3223 The login form has been improved to work with some back end code |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3224 changes. Now when a user logs in they stay on the same page where they |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3225 started the login. To make this work, you must change the tal that is |
|
5161
12190efa30d4
I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents:
5158
diff
changeset
|
3226 used to set the ``__came_from`` form variable. Note that the url |
|
12190efa30d4
I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents:
5158
diff
changeset
|
3227 assigned to __came_from must be url encoded/quoted and be under the |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3228 tracker's base url. If the base_url uses http, you can set the url to |
|
5161
12190efa30d4
I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents:
5158
diff
changeset
|
3229 https. |
|
5121
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3230 |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3231 Replace the existing code in the tracker's html/page.html page that |
| 7277 | 3232 looks similar to (look for name="__came_from"): |
| 3233 | |
| 3234 .. code:: | |
| 3235 :class: big-code | |
| 3236 | |
| 3237 <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}"> | |
| 3238 | |
| 3239 with the following: | |
| 3240 | |
| 3241 .. code:: html | |
| 3242 :class: big-code | |
|
5121
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3243 |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3244 <input type="hidden" name="__came_from" |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3245 tal:condition="exists:request/env/QUERY_STRING" |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3246 tal:attributes="value string:${request/base}${request/env/PATH_INFO}?${request/env/QUERY_STRING}"> |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3247 <input type="hidden" name="__came_from" |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3248 tal:condition="not:exists:request/env/QUERY_STRING" |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3249 tal:attributes="value string:${request/base}${request/env/PATH_INFO}"> |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3250 |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3251 Now search backwards for the nearest form statement before the code |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3252 that sets __came_from. If it looks like:: |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3253 |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3254 <form method="post" action="#"> |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3255 |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3256 replace it with:: |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3257 |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3258 <form method="post" tal:attributes="action request/base"> |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3259 |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3260 or with:: |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3261 |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3262 <form method="post" tal:attributes="action string:${request/env/PATH_INFO}"> |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3263 |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3264 the important part is that the action field **must not** include any query |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3265 parameters ('#' includes query params). |
|
894aa07be6cb
issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents:
5120
diff
changeset
|
3266 |
|
5295
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3267 Errors and Troubleshooting - Unrecognized scheme in ... |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3268 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
5275
fee207407dee
Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents:
5274
diff
changeset
|
3269 |
|
5270
84a844f50d1f
Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents:
5267
diff
changeset
|
3270 One symptom of failing to do this is getting an error: |
|
84a844f50d1f
Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents:
5267
diff
changeset
|
3271 |
|
84a844f50d1f
Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents:
5267
diff
changeset
|
3272 Unrecognized scheme in .... |
|
84a844f50d1f
Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents:
5267
diff
changeset
|
3273 |
|
84a844f50d1f
Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents:
5267
diff
changeset
|
3274 where the .... changes depending on the url path. You can see this |
|
84a844f50d1f
Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents:
5267
diff
changeset
|
3275 when logging in from any screen other than the main index. |
|
84a844f50d1f
Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents:
5267
diff
changeset
|
3276 |
|
5158
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3277 Option to make adding multiple keywords more convenient |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3278 ------------------------------------------------------- |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3279 |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3280 In the classic tracker, after adding a new keyword you are redirected |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3281 to the page for the new keyword so you can change the keyword's |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3282 name. This is usually not desirable as you usually correctly set the |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3283 keyword's name when creating the keyword. The new classic tracker has |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3284 a new checkbox (checked by default) that keeps you on the same page so |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3285 you can add a new keywords one after the other. |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3286 |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3287 To add this to your own tracker, add the following code (prefixed with |
| 7277 | 3288 a +) after the entry box for the new keyword in html/keyword.item.html: |
| 3289 | |
| 3290 .. code:: | |
|
7344
4be6434014ee
Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents:
7343
diff
changeset
|
3291 :class: big-code |
|
5158
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3292 |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3293 <tr> |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3294 <th i18n:translate="">Keyword</th> |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3295 <td tal:content="structure context/name/field">name</td> |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3296 + <td tal:condition="not:context/id"> |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3297 + <tal:comment tal:replace="nothing"> |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3298 + If we get here and do not have an id, we are creating a new |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3299 + keyword. It would be nice to provide some mechanism to |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3300 + determine the preferred state of the "Continue adding keywords" |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3301 + checkbox. By default it is enabled. |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3302 + </tal:comment> |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3303 + <input type="checkbox" id="continue_new_keyword" |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3304 + name="__redirect_to" |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3305 + tal:attributes="value |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3306 + string:${request/base}${request/env/PATH_INFO}?@template=item; |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3307 + checked python:True" /> |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3308 + <label for="continue_new_keyword" i18n:translate="">Continue adding keywords.</label> |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3309 + </td> |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3310 </tr> |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3311 |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3312 Note remove the leading '+' when adding this to the templates. |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3313 |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3314 The key component here is support for the '__redirect_to' query |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3315 property. It is a url which can be used when creating any new item |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3316 (issue, user, keyword ....). It controls the next page displayed after |
|
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3317 creating the item. If '__redirect_to' is not set, then you end up on |
|
5161
12190efa30d4
I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents:
5158
diff
changeset
|
3318 the page for the newly created item. The url value assigned to |
|
5270
84a844f50d1f
Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents:
5267
diff
changeset
|
3319 __redirect_to must start with the tracker's base url and must be properly |
|
5161
12190efa30d4
I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents:
5158
diff
changeset
|
3320 url encoded. |
|
5158
63294ed25e84
issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents:
5156
diff
changeset
|
3321 |
|
5179
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3322 Helper popups trigger change events on the original page |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3323 -------------------------------------------------------- |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3324 |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3325 The helper popups used to set dates (from a calendar), change lists of |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3326 users or lists of issues did not notify the browser that the fields |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3327 had been changed. This release adds code to trigger the change event. |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3328 |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3329 To add the change event to the calendar popup, you don't need to do |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3330 any changes to the tracker. It is all done in the roundup python code |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3331 in templating.py. |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3332 |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3333 To add the change event when updating users using the help-submit |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3334 template, copy |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3335 share/roundup/templates/devel/html/_generic.help-submit.html and |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3336 replace your tracker's html/_generic.help-submit.html. If you have |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3337 done local changes to this file, change your file to include the code |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3338 that defines the onclick event for the input field with |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3339 id="btn_apply". |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3340 |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3341 To add the change event when updating lists of issues copy |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3342 share/roundup/templates/devel/html/help_controls.js to your tracer's |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3343 html directory. If you have made local changes to the javascript file, |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3344 merge the two if/else blocks labeled:: |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3345 |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3346 /* trigger change event on the field we changed */ |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3347 |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3348 into your help_controls.js |
|
e8b3d3a14563
- issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents:
5161
diff
changeset
|
3349 |
|
5068
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3350 html/_generic.404.html in trackers use page template |
|
5078
487dc55e3c5e
issue2550907 Fix errors when creating documentation. Work done by
John Rouillard <rouilj@ieee.org>
parents:
5068
diff
changeset
|
3351 ---------------------------------------------------- |
|
5068
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3352 |
|
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3353 The original generic 404 error pages for many trackers did not use the |
|
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3354 standard page layout. This change replaces the html/_generic.404.html |
|
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3355 page with one that uses the page template. |
|
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3356 |
|
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3357 If your deployed tracker is based on: classic, minimal, responsive or |
|
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3358 devel templates and has not changed the html/_generic.404.html file, |
|
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3359 you can copy in the new file to get this additional functionality. |
|
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3360 |
|
5154
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3361 Organize templates into subdirectories |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3362 -------------------------------------- |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3363 |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3364 The @template parameter to the web interface allows the use of |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3365 subdirectories. So a setting of @template=view/view for an issue would |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3366 use the template in the tracker's html/view/issue.view.html. Similarly |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3367 for a caller class, you could put all the templates under the |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3368 html/caller directory with names like: html/caller/caller.item.html, |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3369 html/caller/caller.index.html etc. You may want to symbolically link the |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3370 html/_generic* templates into your subdirectory so that missing |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3371 templates (e.g. a missing caller.edit.html template) can be satisfied |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3372 by the _generic.edit.html template. |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5147
diff
changeset
|
3373 |
|
5156
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3374 Properly quote query dispname (displayed name) in page.html |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3375 ----------------------------------------------------------- |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3376 |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3377 A new method has been added to HTMLStringProperty called url_quote. |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3378 The default templates have been updated to use this in the "Your |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3379 Query" section of the trackers html/page.html file. You will want to |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3380 change your template. Lines starting with - are the original line and |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3381 you want to change it to match the line starting with the + (remove |
| 7277 | 3382 the + from the line): |
| 3383 | |
| 3384 .. code:: | |
| 3385 :class: big-code | |
|
5156
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3386 |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3387 <tal:block tal:repeat="qs request/user/queries"> |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3388 - <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}" |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3389 + <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}" |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3390 tal:content="qs/name">link</a><br> |
|
5156
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3391 </tal:block> |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3392 |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3393 Find the tal:repeat line that loops over all queries. Then |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3394 change the value assigned to @dispname in the href attribute from |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3395 ${qs/name} to ${qs/name/url_quote}. Note that you should *not* change |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3396 the value for tal:content. |
|
882fa4d9bead
issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
3397 |
|
5267
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
3398 Allow "Show Unassigned" issues link to work for Anonymous user |
|
64ae2108df60
Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
3399 -------------------------------------------------------------- |
|
5113
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5108
diff
changeset
|
3400 |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5108
diff
changeset
|
3401 In this release the anonymous user is allowed to search the user |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5108
diff
changeset
|
3402 class. The following was added to the schema for all templates that |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5108
diff
changeset
|
3403 provide the search option:: |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5108
diff
changeset
|
3404 |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5108
diff
changeset
|
3405 p = db.security.addPermission(name='Search', klass='user') |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5108
diff
changeset
|
3406 db.security.addPermissionToRole ('Anonymous', p) |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5108
diff
changeset
|
3407 |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5108
diff
changeset
|
3408 If you are running a tracker that **does not** allow read access for |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5108
diff
changeset
|
3409 anonymous, you should remove this entry as it can be used to perform |
|
cf112b90fa8d
issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents:
5108
diff
changeset
|
3410 a username guessing attack against a roundup install. |
|
5068
5b2ce5723abb
Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents:
5041
diff
changeset
|
3411 |
|
5295
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3412 Errors and Troubleshooting - Unassigned issues for anonymous |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3413 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
5276
a034f8d09a21
add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents:
5275
diff
changeset
|
3414 |
|
a034f8d09a21
add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents:
5275
diff
changeset
|
3415 If you notice that the "Unassigned Issues" search on page.html |
|
a034f8d09a21
add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents:
5275
diff
changeset
|
3416 is displaying assigned issues for users with the Anonymous role, |
|
a034f8d09a21
add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents:
5275
diff
changeset
|
3417 you need to allow search permissions for the user class. |
|
a034f8d09a21
add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents:
5275
diff
changeset
|
3418 |
|
5120
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3419 Improvements in Classic Tracker query.edit.html template |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3420 -------------------------------------------------------- |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3421 |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3422 There is a new query editing template included in the distribution at: |
|
5122
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3423 |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3424 ``share/roundup/templates/classic/html/query.edit.html`` |
|
5120
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3425 |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3426 This template fixes: |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3427 |
|
5122
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3428 * public query could not be removed from "Your Queries" once it was added. |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3429 Trying to do so would cause a permissions error. |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3430 * private yes/no dropdown always showed "yes" regardless of |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3431 underlying state |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3432 * query Delete button did not work. |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3433 * same query being displayed multiple times |
|
5120
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3434 |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3435 It also adds: |
|
5122
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3436 * the table layout displays queries created by the user first, |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3437 then available public queries. |
|
5120
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3438 * public query owners are shown |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3439 * better support for deleted queries. When a query is deleted, it is |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3440 still available for those who added it to their query list. If you |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3441 are the query owner, you can restore (undelete) the query. If you |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3442 are not the owner you can remove it from your query list. |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3443 (If a query is deleted and nobody had it in their query list, it |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3444 will not show up in the "Active retired queries" section. You will |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3445 have to use the class editor or roundup_admin command line to |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3446 restore it.) |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3447 * notifies the user that delete/restore requires javascript. It |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3448 always did, but that requirement wasn't displayed. |
|
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3449 |
|
5122
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3450 To use the new template, you must add Restore permission on queries to |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3451 allow the user to restore queries (see below). |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3452 |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3453 If you have not modified the query.edit.html template in your tracker, |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3454 you should be able to copy the new version from the location above. |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3455 Otherwise you will have to merge the changes into your modified template. |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3456 |
|
5272
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3457 Add the query Restore permission for the User role to your tracker's |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3458 schema.py file. Place it right after the query retire permission for |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3459 the user role. After the change it should look like:: |
|
5122
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3460 |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3461 p = db.security.addPermission(name='Retire', klass='query', check=edit_query, |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3462 description="User is allowed to retire their queries") |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3463 db.security.addPermissionToRole('User', p) |
|
5272
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3464 p = db.security.addPermission(name='Restore', klass='query', |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3465 check=edit_query, |
|
5122
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3466 description="User is allowed to restore their queries") |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3467 db.security.addPermissionToRole('User', p) |
|
1c90f15a177f
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5121
diff
changeset
|
3468 |
|
5272
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3469 where the last four lines are the ones you need to add. |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3470 |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3471 Usually you can add this to your User role. If all users have the User |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3472 role in common then all logged in users should be ok. If you have |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3473 users who do not include the User role (e.g. they may only have a |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3474 Provisional role), you should add the search permission to that role |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3475 (e.g. Provisional) as well if you allow them to edit their list of |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3476 queries. |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3477 |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3478 Also see the `new search permissions for query in 1.4.17`_ section |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3479 discussing search permission requirements for editing queries. The |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3480 fixes in this release require the ability to search the creator of all |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3481 queries to work correctly. |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3482 |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3483 If the test script for the `new search permissions for query in |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3484 1.4.17`_ doesn't report that a role has the ability to search queries |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3485 or at least search the creator property for queries, add the following |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3486 permissions to your schema.py:: |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3487 |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3488 s = db.security.addPermission(name='Search', klass='query', |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3489 properties=['creator'], |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3490 description="User is allowed to Search queries for creator") |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3491 db.security.addPermissionToRole('User', s) |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3492 |
|
5295
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3493 Errors and Troubleshooting - Public queries listed twice when editing |
|
b2998cb86bae
Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents:
5276
diff
changeset
|
3494 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
5275
fee207407dee
Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents:
5274
diff
changeset
|
3495 |
|
5272
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3496 If you do not do this, public queries will be listed twice in the edit |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3497 interface. Once in the "Queries I created" section and again in the |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3498 "Queries others created" section of the query edit page |
|
c6fbd4803eae
If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents:
5271
diff
changeset
|
3499 (``http..../query?@template=edit``). |
|
5120
722394a48d7b
issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents:
5113
diff
changeset
|
3500 |
|
5274
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3501 Fix security issues in query.item.html template |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3502 ----------------------------------------------- |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3503 The default query.item.html template allows anybody to view all |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3504 queries. |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3505 |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3506 This has been updated in the classic, devel and responsive templates |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3507 to only allow people to view queries they creates or queries that are |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3508 publicly viewable. |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3509 |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3510 If you haven't modified you query.item.html template, simply copy the |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3511 query.item.html template from one of the above default templates to |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3512 your tracker's html directory. |
|
07da34337f70
html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents:
5272
diff
changeset
|
3513 |
|
8236
2d0bd038fc5e
doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents:
8218
diff
changeset
|
3514 Enhancement to check command for Permissions (optional) |
|
2d0bd038fc5e
doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents:
8218
diff
changeset
|
3515 ------------------------------------------------------- |
|
5186
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3516 A new form of check function is permitted in permission definitions. |
|
8236
2d0bd038fc5e
doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents:
8218
diff
changeset
|
3517 An example check function is ``own_record(db, userid, itemid)`` in the |
|
2d0bd038fc5e
doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents:
8218
diff
changeset
|
3518 file schema.py. The three argument form is still supported and will |
|
2d0bd038fc5e
doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents:
8218
diff
changeset
|
3519 work the same as it always has (although it may be depricated in the |
|
2d0bd038fc5e
doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents:
8218
diff
changeset
|
3520 future). |
|
5186
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3521 |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3522 If the check function is defined as:: |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3523 |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3524 check(db, userid, itemid, **ctx) |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3525 |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3526 the ctx variable will have the context to use when determining access |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3527 rights:: |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3528 |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3529 ctx['property'] the name of the property being checked or None if |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3530 it's a class check. |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3531 |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3532 ctx['classname'] the name of the class that is being checked |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3533 (issue, query ....). |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3534 |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3535 ctx['permission'] the name of the permission (e.g. View, Edit...). |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3536 |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3537 This should make defining complex permissions much easier. Consider:: |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3538 |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3539 def issue_private_access(db, userid, itemid, **ctx): |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3540 if not db.issue.get(itemid, 'private'): |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3541 # allow access to everything if not private |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3542 return True |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3543 |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3544 # It is a private issue hide nosy list |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3545 # Note that the nosy property *must* be listed |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3546 # in permissions argument to the addPermission |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3547 # definition otherwise this check command |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3548 # is not run. |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3549 if ctx['property'] == 'nosy': |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3550 return False # deny access to this property |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3551 |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3552 # allow access for editing, viewing etc. of the class |
|
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3553 return True |
|
5186
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3554 |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3555 |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3556 e = db.security.addPermission(name='Edit', klass='issue', |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3557 check=issue_private_access, |
|
7801
af898d1d66dc
doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents:
7797
diff
changeset
|
3558 properties=['nosy'], |
|
5186
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3559 description="Edit issue checks") |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3560 |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3561 It is suggested that you change your checks to use the ``**ctx`` |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3562 parameter. This is expected to be the preferred form in the future. |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3563 You do not need to use the ``ctx`` parameter in the function if you do |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3564 not need it. |
|
36630a062fb5
Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents:
5179
diff
changeset
|
3565 |
|
8236
2d0bd038fc5e
doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents:
8218
diff
changeset
|
3566 If the new four argument form is required in the future, there will be |
|
2d0bd038fc5e
doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents:
8218
diff
changeset
|
3567 required (not optional) directions on upgrading your schema. |
|
2d0bd038fc5e
doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents:
8218
diff
changeset
|
3568 |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3569 Changes to property permissions |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3570 ------------------------------- |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3571 |
| 7793 | 3572 If you create a permission:: |
|
5196
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3573 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3574 db.security.addPermission(name='View', klass='user', |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3575 properties=['theme'], check=own_record, |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3576 description="User is allowed to view their own theme") |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3577 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3578 that combines checks and properties, the permission also matches a |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3579 permission check for the View permission on the user class. So this |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3580 also allows the user to see their user record. It is unexpected that |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3581 checking for access without a property would match this permission. |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3582 |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3583 This release adds support for making a permission like above only be |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3584 used during property permission tests. See ``customizing.txt`` and |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3585 search for props_only and set_props_only_default in the section |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3586 'Adding a new Permission' |
|
e0732fd6a6c7
Implement props_only feature for permissions.
rouilj@uland
parents:
5194
diff
changeset
|
3587 |
| 5192 | 3588 Improve query editing |
| 3589 --------------------- | |
| 3590 | |
|
5194
3124be3cc197
Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents:
5192
diff
changeset
|
3591 If a user creates a query with the same name as one of their existing |
|
3124be3cc197
Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents:
5192
diff
changeset
|
3592 queries, the query editing interface will now report an error. By |
|
3124be3cc197
Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents:
5192
diff
changeset
|
3593 default the query editing page (issue.search.html) displays the index |
|
3124be3cc197
Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents:
5192
diff
changeset
|
3594 page when the search is triggered. This is usually correct since the |
|
3124be3cc197
Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents:
5192
diff
changeset
|
3595 user expects to see the results of the query. But now that |
|
3124be3cc197
Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents:
5192
diff
changeset
|
3596 the code properly checks for duplicate search names, the user should |
|
3124be3cc197
Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents:
5192
diff
changeset
|
3597 stay on the search page if there is an error. To add this to your |
|
5270
84a844f50d1f
Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents:
5267
diff
changeset
|
3598 existing issue.search.html page, add the following line after the |
| 7793 | 3599 hidden field ``@old-queryname``:: |
| 5192 | 3600 |
| 3601 <input type="hidden" name="@template" value="index|search"/> | |
| 3602 | |
| 3603 With this addition, the index template is displayed if there is no | |
| 3604 error, and the user stays on the search template if there is an error. | |
| 3605 | |
|
5323
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3606 New -L (loghttpvialogger) option to roundup-server |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3607 -------------------------------------------------- |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3608 |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3609 Http request logs from roundup-server are sent to stderr or |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3610 can be recorded in a log file (if -l or the logfile options |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3611 is used). However there is no way to rotate the logfile |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3612 without shutting down and restarting the roundup-server. |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3613 |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3614 If the -L flag is used, the python logging module is used |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3615 for logging the http requests. The name for the log |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3616 (qualname) is 'roundup.http'. You can direct these messages |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3617 to a rotating log file by putting the following:: |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3618 |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3619 [loggers] |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3620 keys=roundup.http |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3621 |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3622 [logger_roundup.http] |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3623 level=INFO |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3624 handlers=rotate_weblog |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3625 qualname=roundup.http |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3626 propagate=0 |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3627 |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3628 [handlers] |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3629 keys=rotate_weblog |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3630 |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3631 [handler_rotate_weblog] |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3632 class=logging.handlers.RotatingFileHandler |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3633 args=('httpd.log','a', 512000, 2) |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3634 formatter=plain |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3635 |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3636 [formatters] |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3637 keys=plain |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3638 |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3639 [formatter_plain] |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3640 format=%(message)s |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3641 |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3642 into a file (e.g. logging.ini). Then reference this file in |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3643 the 'config' value of the [logging] section in the trackers |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3644 config.ini file. |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3645 |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3646 Note the log configuration above is an example and can be |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3647 merged into a more full featured logging config file for |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3648 your tracker if you wish. It will create a new file in the |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3649 current working directory called 'httpd.log' and will rotate |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3650 the log file at 500K and keep two old copies of the file. |
|
762222535a0b
Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents:
5304
diff
changeset
|
3651 |
| 6170 | 3652 .. index:: Upgrading; 1.5.0 to 1.5.1 |
| 3653 | |
|
4851
24b8011cd2dc
Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4678
diff
changeset
|
3654 Migrating from 1.5.0 to 1.5.1 |
|
24b8011cd2dc
Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4678
diff
changeset
|
3655 ============================= |
|
24b8011cd2dc
Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4678
diff
changeset
|
3656 |
|
5025
cf22972fe080
Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents:
4902
diff
changeset
|
3657 User data visibility |
|
cf22972fe080
Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents:
4902
diff
changeset
|
3658 -------------------- |
|
cf22972fe080
Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents:
4902
diff
changeset
|
3659 |
|
4902
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3660 For security reasons you should change the permissions on the user |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3661 class. We previously shipped a configuration that allowed users to see |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3662 too many of other users details, including hashed passwords under |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3663 certain circumstances. In schema.py in your tracker, replace the line:: |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3664 |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3665 db.security.addPermissionToRole('User', 'View', 'user') |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3666 |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3667 with:: |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3668 |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3669 p = db.security.addPermission(name='View', klass='user', |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3670 properties=('id', 'organisation', 'phone', 'realname', |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3671 'timezone', 'username')) |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3672 db.security.addPermissionToRole('User', p) |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3673 |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3674 Note that this removes visibility of user emails, if you want emails to |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3675 be visible you can add 'address' and 'alternate_addresses' to the list |
|
a403c29ffaf9
Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4901
diff
changeset
|
3676 above. |
|
5025
cf22972fe080
Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents:
4902
diff
changeset
|
3677 |
|
cf22972fe080
Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents:
4902
diff
changeset
|
3678 XSS protection for custom actions |
|
cf22972fe080
Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents:
4902
diff
changeset
|
3679 --------------------------------- |
|
cf22972fe080
Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents:
4902
diff
changeset
|
3680 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3681 If you have defined your own cgi actions in your tracker instance |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3682 (e.g. in a custom ``extensions/spambayes.py`` file) you need to modify |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3683 all cases where client.error_message or client.ok_message are modified |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3684 directly. Instead of:: |
|
4851
24b8011cd2dc
Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4678
diff
changeset
|
3685 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3686 self.client.ok_message.append(...) |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3687 |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3688 you need to call:: |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3689 |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3690 self.client.add_ok_message(...) |
|
4851
24b8011cd2dc
Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4678
diff
changeset
|
3691 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3692 and the same for:: |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3693 |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3694 self.client.error_message.append(...) |
|
4851
24b8011cd2dc
Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4678
diff
changeset
|
3695 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3696 vs.:: |
|
4851
24b8011cd2dc
Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4678
diff
changeset
|
3697 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3698 self.client.add_error_message(...) |
|
4851
24b8011cd2dc
Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4678
diff
changeset
|
3699 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3700 The new calls escape the passed string by default and avoid XSS security |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3701 issues. |
|
4851
24b8011cd2dc
Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4678
diff
changeset
|
3702 |
|
7321
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
3703 |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
3704 Migrating from older versions |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
3705 ============================= |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
3706 |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
3707 See the `historical migration <upgrading-history.html>`_ document. |
|
e21c7fe0b57a
Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents:
7296
diff
changeset
|
3708 |
|
7091
849e9b2d6926
Rename security.py to security-history.py; change reference
John Rouillard <rouilj@ieee.org>
parents:
7064
diff
changeset
|
3709 .. _`security documentation`: security-history.html |
|
7961
32ead43b8299
docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents:
7959
diff
changeset
|
3710 .. _`Roundup postgresql documentation`: postgresql.html |
| 2409 | 3711 .. _`administration guide`: admin_guide.html |
|
5298
6efa6d44c27a
Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents:
5295
diff
changeset
|
3712 .. _`xmlrpc guide`: xmlrpc.html |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6586
diff
changeset
|
3713 .. _FTS5 full-text search engine: https://www.sqlite.org/fts5.html |
|
6604
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
3714 .. _PostgreSQL's full text search: https://www.postgresql.org/docs/current/textsearch.html |
|
0d99ae7c8de6
Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents:
6599
diff
changeset
|
3715 .. _`administration guide notes on native-fts`: admin_guide.html#configuring-native-fts-full-text-search |
|
6591
feab8c878d08
Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents:
6590
diff
changeset
|
3716 .. _Configuring Compression: admin_guide.html#configuring-compression |
|
7971
fe0348bbe45b
issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents:
7964
diff
changeset
|
3717 .. _classhelper documentation: admin_guide.html#classhelper-web-component |
| 6781 | 3718 .. _Software Upgrade: admin_guide.html#software-upgrade |
|
7281
194093011cb7
Move upgrade directions for version < 1.5.0 to history document
John Rouillard <rouilj@ieee.org>
parents:
7277
diff
changeset
|
3719 .. _new search permissions for query in 1.4.17: |
|
194093011cb7
Move upgrade directions for version < 1.5.0 to history document
John Rouillard <rouilj@ieee.org>
parents:
7277
diff
changeset
|
3720 upgrading-history.html#new-search-permissions-for-query-in-1-4-17 |