Mercurial > p > roundup > code

diff doc/upgrading.txt @ 5958:5148e46dd314

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2550921 - prevent usernames with characters ',' and '<', '>' Can create login name with , in it. Confuses nosy list editing. Also can embed html tags. Updated userauditor.py to prevent this.
author John Rouillard <rouilj@ieee.org>
date Thu, 24 Oct 2019 21:53:46 -0400
parents d7e6bcde5cbe
children 9a980675105d
line wrap: on
line diff
--- a/doc/upgrading.txt	Thu Oct 24 20:47:46 2019 -0400
+++ b/doc/upgrading.txt	Thu Oct 24 21:53:46 2019 -0400
@@ -112,6 +112,19 @@
 
     if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]:
 
+Update userauditor.py to restrict usernames
+-------------------------------------------
+
+A username can be created with embedded commas and &lt; and &gt;
+characters. Even though the &lt; and &gt; are usually escaped when
+displayed, the embedded comma makes it difficult to edit lists of
+users as they are comma separated.
+
+If you have not modified your tracker's userauditor.py, you can just
+copy the userauditor.py from the classic template into your tracker's
+detectors directory. Otherwise merge the changes from the template
+userauditor.py. https://issues.roundup-tracker.org/issue2550921 may be
+helpful.
 
 Migrating from 1.5.1 to 1.6.0
 =============================
Roundup Issue Tracker: http://roundup-tracker.org/