Mercurial > p > roundup > code
view roundup/dist/command/build_doc.py @ 4851:24b8011cd2dc
Fix XSS in issue2550817
Note that the code that triggers that particular bug is no longer in
roundup core. But the change to the templates we suggest is a *lot*
safer as it always escapes the error and ok messages now.
If you are upgrading: you *MUST* read doc/upgrading.txt and do the
necessary changes to your templates, the escaping now happens in the
template and not in the roundup code. So if you don't make the necessary
changes *you are vulnerable*.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Fri, 20 Dec 2013 18:24:10 +0100 |
| parents | 7b575e1f7368 |
| children | 7612b86bec69 |
line wrap: on
line source
# # Copyright (C) 2009 Stefan Seefeld # All rights reserved. # For license terms see the file COPYING.txt. # import os, sys from stat import * import os.path from shutil import * import glob from distutils.command import build from distutils.spawn import spawn, find_executable from distutils.dep_util import newer, newer_group from distutils.dir_util import copy_tree, remove_tree, mkpath from distutils.file_util import copy_file from distutils import sysconfig class build_doc(build.build): """Defines the specific procedure to build roundup's documentation.""" description = "build documentation" def run(self): """Run this command, i.e. do the actual document generation.""" sphinx = find_executable('sphinx-build') if sphinx: sphinx = [sphinx] else: try: # try to find version installed with Python tools # tested with Sphinx 1.1.3 import sphinx as sp except ImportError: pass else: sphinx = [sys.executable, sp.__file__] if not sphinx: self.warn("could not find sphinx-build in PATH") self.warn("cannot build documentation") return doc_dir = os.path.join('share', 'doc', 'roundup', 'html') temp_dir = os.path.join(self.build_temp, 'doc') cmd = sphinx + ['-d', temp_dir, 'doc', doc_dir] spawn(cmd)