Mercurial > p > roundup > code
view doc/glossary.txt @ 5161:12190efa30d4
I realized that the __came_from and __redirect_to url parameters I
added to handle issues with the LoginAction and NewItemAction could
be used for XSS or other purposes.
So I check them using a new clean_url(url) function. This tries to
validate that the url is under the tracker's base url and that the
components of the url are properly url encoded. If it thinks something
is wrong with the url, it will raise a ValueError. I decided to not
attempt to fix the url's if there is an issue, better to bring it to the
tracker admin's attention.
Changed the code paths in NewItemAction and LoginAction that deal with
the form parameters to use the clean_url function on the form input
first.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 23 Jul 2016 14:00:49 -0400 |
| parents | 25fcb87a8301 |
| children | 6834bb5473da |
line wrap: on
line source
================ Roundup Glossary ================ class a definition of the properties and behaviour of a set of items db (or hyperdb) a collection of items designator a combined class + itemid reference to any item in the hyperdb itemid a numeric reference to a particular item of one class item a collection of data that forms one entry in the hyperdb. property one element of data that makes up an item. In Roundup, the set of item properties may be changed as needed - even after the tracker has been initialised and used in production. schema the definition of all the classes that make up an tracker tracker the schema and hyperdb that forms one issue tracker tracker home the physical location on disk of a tracker ----------------- Back to `Table of Contents`_ .. _`Table of Contents`: index.html