Mercurial Repository: p/roundup/code: CHANGES.txt comparison

comparison CHANGES.txt @ 8268:05d8806b25ad

fix: issue2551387 - TypeError: not indexable. Fix crash due to uninitialized list element on a (Mini)FieldStorage when unexpected input is posted via wsgi. This doesn't happen when running roundup-server. It might happen under other front ends. Moved the code that sets '.list = [] if .list == None' to the main flow. Added an exception hander that logs the value of self.form if self.form.list raises an AttributeError. This exception should never happen if I understand the code correctly (but I probably don't). Fixed a number of test cases that were broken because I was calling Client and passing '[]' rather than a cgi.formStorage object. Added test cases: create a FileStorage (self.form) with .list = None. check AttributeError exception and verify logging. Problem reported and debugged by Christof Meerwald.

author	John Rouillard <rouilj@ieee.org>
date	Sun, 12 Jan 2025 12:34:52 -0500
parents	35beff316883
children	341841a9edc5

comparison

equal deleted inserted replaced

-:7f0c7966d204
+:05d8806b25ad
 has been changed. Checking user authorization to use the REST
 interface is done before validating the Origin header. As a
 result, incorrectly formatted CORS preflight requests
 (e.g. missing Origin header) can now return HTTP status 403 as
 well as status 400. (John Rouillard)
+- issue2551387 - TypeError: not indexable. Fix crash due to
+uninitialized list element on a (Mini)FieldStorage when unexpected
+input is posted via wsgi. (Reported and debugged by Christof
+Meerwald; fix John Rouillard)
 Features:
 - issue2551287 - Enhance roundup_gettext.py to extract strings from
 detectors/extensions. If the polib module is available,

Mercurial > p > roundup > code

comparison CHANGES.txt @ 8268:05d8806b25ad