Mercurial > p > roundup > code

view website/issues/detectors/newissuecopy.py @ 8356:63390dcfcfe9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug: fix template use of structure with untrusted data Looks like an xSS bug with an early version of the template that was fixed in the code but never in the deployed tracker. It has been a while since this particular construct has been in the classic template which is the base for the tracker. This has been fixed on the deployed tracker as well. reported by 4bug of ChaMd5 Security Team H1 Group
author John Rouillard <rouilj@ieee.org>
date Tue, 08 Jul 2025 10:23:09 -0400
parents 35ea9b1efc14
children
line wrap: on
line source

from roundup import roundupdb

def newissuecopy(db, cl, nodeid, oldvalues):
    ''' Copy a message about new issues to a team address.
    '''
    # so use all the messages in the create
    change_note = cl.generateCreateNote(nodeid)

    # send a copy to the nosy list
    for msgid in cl.get(nodeid, 'messages'):
        try:
            # note: last arg must be a list
            cl.send_message(nodeid, msgid, change_note,
                ['roundup-devel@lists.sourceforge.net'])
        except roundupdb.MessageSendError as message:
            raise roundupdb.DetectorError(message)

def init(db):
    db.issue.react('create', newissuecopy)
#SHA: 6ed003c947e1f9df148f8f4500b7c2e68a45229b
Roundup Issue Tracker: http://roundup-tracker.org/