Mercurial > p > roundup > code
diff roundup/cgi/client.py @ 4367:fa5587802af9
Handle multiple @action values from broken trackers
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Sat, 20 Mar 2010 04:29:45 +0000 |
| parents | 74476eaac38a |
| children | 3fd24c10c2bb |
line wrap: on
line diff
--- a/roundup/cgi/client.py Mon Mar 08 15:12:42 2010 +0000 +++ b/roundup/cgi/client.py Sat Mar 20 04:29:45 2010 +0000 @@ -733,12 +733,17 @@ """ # allow Anonymous to use the "login" and "register" actions (noting # that "register" has its own "Register" permission check) + if ':action' in self.form: - action = self.form[':action'].value.lower() + action = self.form[':action'] elif '@action' in self.form: - action = self.form['@action'].value.lower() + action = self.form['@action'] else: - action = None + action = '' + if isinstance(action, list): + raise SeriousError('broken form: multiple @action values submitted') + else: + action = action.value.lower() if action in ('login', 'register'): return @@ -1115,12 +1120,17 @@ present their messages to the user. """ if ':action' in self.form: - action = self.form[':action'].value.lower() + action = self.form[':action'] elif '@action' in self.form: - action = self.form['@action'].value.lower() + action = self.form['@action'] else: return None + if isinstance(action, list): + raise SeriousError('broken form: multiple @action values submitted') + else: + action = action.value.lower() + try: action_klass = self.get_action_class(action)