Mercurial > p > roundup > code
view doc/debugging.txt @ 5257:928512faf565
- issue2550864: Potential information leakage via journal/history
Original code didn't fully implement the security checks.
Users with only Edit access on a property were not able to view the
journal entry for the property. This patch fixes that.
Also had additional info leakage: the target object of a link or
multilink must be viewable or editable in order for the journal entry
to be shown. Otherwise the existance of the target is exposed via the
journal while it is blocked from searches, direct access etc.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 27 Aug 2017 00:19:48 -0400 |
| parents | b6f1aaba4827 |
| children | a635a60ffb84 |
line wrap: on
line source
Debugging Aids -------------- Try turning on logging of DEBUG level messages. This may be done a number of ways, depending on what it is you're testing: 1. If you're testing the database unit tests, then set the environment variable ``LOGGING_LEVEL=DEBUG``. This may be done like so: LOGGING_LEVEL=DEBUG python run_tests.py This variable replaces the older HYPERDBDEBUG environment var. 2. If you're testing a particular tracker, then set the logging level in your tracker's ``config.ini``. SENDMAILDEBUG ============= Set to a filename and roundup will write each email message that it sends to that file instead to the internet. This environment variable is independent of the python -O flag.