Mercurial > p > roundup > code

view website/issues/detectors/messagesummary.py @ 4851:24b8011cd2dc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix XSS in issue2550817 Note that the code that triggers that particular bug is no longer in roundup core. But the change to the templates we suggest is a *lot* safer as it always escapes the error and ok messages now. If you are upgrading: you *MUST* read doc/upgrading.txt and do the necessary changes to your templates, the escaping now happens in the template and not in the roundup code. So if you don't make the necessary changes *you are vulnerable*.
author Ralf Schlatterbeck <rsc@runtux.com>
date Fri, 20 Dec 2013 18:24:10 +0100
parents 6e3e4f24c753
children 0942fe89e82e
line wrap: on
line source

from roundup.mailgw import parseContent

def summarygenerator(db, cl, nodeid, newvalues):
    ''' If the message doesn't have a summary, make one for it.
    '''
    if newvalues.has_key('summary') or not newvalues.has_key('content'):
        return

    summary, content = parseContent(newvalues['content'], config=db.config)
    newvalues['summary'] = summary


def init(db):
    # fire before changes are made
    db.msg.audit('create', summarygenerator)

# vim: set filetype=python ts=4 sw=4 et si
#SHA: 538f90cb7f4eb63f77eca252b87afbe037d29c48
Roundup Issue Tracker: http://roundup-tracker.org/