Mercurial > p > roundup > code

view website/issues/detectors/newissuecopy.py @ 4851:24b8011cd2dc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix XSS in issue2550817 Note that the code that triggers that particular bug is no longer in roundup core. But the change to the templates we suggest is a *lot* safer as it always escapes the error and ok messages now. If you are upgrading: you *MUST* read doc/upgrading.txt and do the necessary changes to your templates, the escaping now happens in the template and not in the roundup code. So if you don't make the necessary changes *you are vulnerable*.
author Ralf Schlatterbeck <rsc@runtux.com>
date Fri, 20 Dec 2013 18:24:10 +0100
parents b622e150c0ba
children 198b6e810c67
line wrap: on
line source

from roundup import roundupdb

def newissuecopy(db, cl, nodeid, oldvalues):
    ''' Copy a message about new issues to a team address.
    '''
    # so use all the messages in the create
    change_note = cl.generateCreateNote(nodeid)

    # send a copy to the nosy list
    for msgid in cl.get(nodeid, 'messages'):
        try:
            # note: last arg must be a list
            cl.send_message(nodeid, msgid, change_note,
                ['r1chardj0n3s@gmail.com', 
                    'roundup-devel@lists.sourceforge.net'])
        except roundupdb.MessageSendError, message:
            raise roundupdb.DetectorError, message

def init(db):
    db.issue.react('create', newissuecopy)
Roundup Issue Tracker: http://roundup-tracker.org/