Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 5958:5148e46dd314
issue2550921 - prevent usernames with characters ',' and '<', '>'
Can create login name with , in it. Confuses nosy list editing. Also
can embed html tags. Updated userauditor.py to prevent this.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 24 Oct 2019 21:53:46 -0400 |
| parents | d7e6bcde5cbe |
| children | 9a980675105d |
comparison
equal
deleted
inserted
replaced
| 5957:f822a91b3778 | 5958:5148e46dd314 |
|---|---|
| 110 | 110 |
| 111 or:: | 111 or:: |
| 112 | 112 |
| 113 if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]: | 113 if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]: |
| 114 | 114 |
| 115 Update userauditor.py to restrict usernames | |
| 116 ------------------------------------------- | |
| 117 | |
| 118 A username can be created with embedded commas and < and > | |
| 119 characters. Even though the < and > are usually escaped when | |
| 120 displayed, the embedded comma makes it difficult to edit lists of | |
| 121 users as they are comma separated. | |
| 122 | |
| 123 If you have not modified your tracker's userauditor.py, you can just | |
| 124 copy the userauditor.py from the classic template into your tracker's | |
| 125 detectors directory. Otherwise merge the changes from the template | |
| 126 userauditor.py. https://issues.roundup-tracker.org/issue2550921 may be | |
| 127 helpful. | |
| 115 | 128 |
| 116 Migrating from 1.5.1 to 1.6.0 | 129 Migrating from 1.5.1 to 1.6.0 |
| 117 ============================= | 130 ============================= |
| 118 | 131 |
| 119 Update tracker config file | 132 Update tracker config file |