Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 4322:1595ad33036d
more security update doc
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Tue, 12 Jan 2010 05:28:51 +0000 |
| parents | f11b38b91c99 |
| children | a3f88aa04735 |
comparison
equal
deleted
inserted
replaced
| 4321:f11b38b91c99 | 4322:1595ad33036d |
|---|---|
| 20 permission for individual properties. If you have modified your tracker | 20 permission for individual properties. If you have modified your tracker |
| 21 permissions from the default distribution, you should check that | 21 permissions from the default distribution, you should check that |
| 22 "Create" permissions exist for all properties you want users to be able | 22 "Create" permissions exist for all properties you want users to be able |
| 23 to create. | 23 to create. |
| 24 | 24 |
| 25 | |
| 25 Fixing some potential security holes | 26 Fixing some potential security holes |
| 26 ------------------------------------ | 27 ------------------------------------ |
| 28 | |
| 29 Enhanced checking was added to the user registration auditor. If you | |
| 30 run a public tracker you should update your tracker's | |
| 31 ``detectors/userauditor.py`` using the new code from | |
| 32 ``share/roundup/templates/classic/detectors/userauditor.py``. In most | |
| 33 cases you may just copy the file over, but if you've made changes to | |
| 34 the auditor in your tracker then you'll need to manually integrate | |
| 35 the new code. | |
| 27 | 36 |
| 28 Some HTML templates were found to have formatting security problems: | 37 Some HTML templates were found to have formatting security problems: |
| 29 | 38 |
| 30 ``html/page.html``:: | 39 ``html/page.html``:: |
| 31 | 40 |